il
2bb1f015e0
update note: - hotfix - backups haven't run since commit '9f236b6fa5' - the root service unit's %h always indicates root's home path - backup service is verified
50 lines
1.3 KiB
Django/Jinja
50 lines
1.3 KiB
Django/Jinja
[Unit]
|
|
Description=Kopia backup service
|
|
Wants=network-online.target
|
|
After=network-online.target
|
|
|
|
[Service]
|
|
User=kopia
|
|
Group=kopia
|
|
|
|
Type=oneshot
|
|
|
|
# logging
|
|
StandardOutput=journal
|
|
StandardError=journal
|
|
|
|
CapabilityBoundingSet=CAP_DAC_READ_SEARCH
|
|
AmbientCapabilities=CAP_DAC_READ_SEARCH
|
|
|
|
ProtectSystem=strict
|
|
ProtectHome=tmpfs
|
|
InaccessiblePaths=/boot /root
|
|
|
|
{% if node['name'] == 'infra' %}
|
|
BindReadOnlyPaths={{ node['home_path'] }}/containers/postgresql/backups
|
|
{% elif node['name'] == 'app' %}
|
|
BindReadOnlyPaths={{ node['home_path'] }}/data
|
|
{% endif %}
|
|
# In root namescope, %u always bring 0
|
|
BindPaths=/etc/kopia
|
|
BindPaths=/etc/secrets/{{ kopia_uid }}
|
|
BindPaths=/var/cache/kopia
|
|
EnvironmentFile=/etc/secrets/{{ kopia_uid }}/kopia.env
|
|
|
|
ExecStartPre=/usr/bin/kopia repository connect server \
|
|
--url=https://{{ services['kopia']['domain'] }}.{{ domain['internal'] }}:{{ services['kopia']['ports']['https'] }} \
|
|
--override-username={{ node['name'] }} \
|
|
--override-hostname={{ node['name'] }}.{{ domain['internal'] }}
|
|
|
|
{% if node['name'] == 'infra' %}
|
|
ExecStart=/usr/bin/kopia snapshot create \
|
|
{{ node['home_path'] }}/containers/postgresql/backups
|
|
{% elif node['name'] == 'app' %}
|
|
ExecStart=/usr/bin/kopia snapshot create \
|
|
{{ node['home_path'] }}/data
|
|
{% endif %}
|
|
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|