35 lines
913 B
Bash
35 lines
913 B
Bash
|
#!/bin/bash
|
||
|
|
|
||
|
|
SELF="$0"
|
||
|
|
NAME="$1"
|
||
|
|
shift
|
||
|
|
|
||
|
|
die() {
|
||
|
|
echo -e $1 | sed -e 's-^-! -' >&2
|
||
|
|
exit 1
|
||
|
|
}
|
||
|
|
usage() {
|
||
|
|
echo "usage: $SELF PROFILE_NAME [-h] <borg command> ..." >&2
|
||
|
|
exit 1
|
||
|
|
}
|
||
|
|
|
||
|
|
[ "x$NAME" == "x" ] && usage
|
||
|
|
[ -d /etc/borg/$NAME ] || die "Profile '$NAME' isn't initialized! See init.sh and README.md."
|
||
|
|
[ $# == 0 ] && usage
|
||
|
|
|
||
|
|
# do some sandboxinng
|
||
|
|
exec systemd-run --quiet --pipe --collect --unit=temp-borg-init-sandbox.service \
|
||
|
|
--working-directory=/tmp \
|
||
|
|
-p "ConfigurationDirectory=borg/$NAME" \
|
||
|
|
-p "CacheDirectory=borg/$NAME" \
|
||
|
|
-p "ConfigurationDirectoryMode=550" \
|
||
|
|
-p "CacheDirectoryMode=550" \
|
||
|
|
-p "PrivateTmp=yes" \
|
||
|
|
-p "ReadOnlyDirectories=/" \
|
||
|
|
-p "EnvironmentFile=/etc/borg/$NAME/config.env" \
|
||
|
|
--setenv=BORG_PASSPHRASE_FD=0 \
|
||
|
|
--setenv=BORG_BASE_DIR=/tmp/ \
|
||
|
|
--setenv=BORG_CONFIG_DIR=/etc/borg/$NAME \
|
||
|
|
--setenv=BORG_CACHE_DIR=/var/cache/borg/$NAME \
|
||
|
|
/usr/bin/borg $@ < /etc/borg/$NAME/borg_passphrase
|