2023-04-06 00:59:34 +02:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
SELF="$0"
|
|
|
|
NAME="$1"
|
|
|
|
shift
|
|
|
|
|
|
|
|
die() {
|
|
|
|
echo -e $1 | sed -e 's-^-! -' >&2
|
|
|
|
exit 1
|
|
|
|
}
|
|
|
|
usage() {
|
|
|
|
echo "usage: $SELF PROFILE_NAME [-h] <borg command> ..." >&2
|
|
|
|
exit 1
|
|
|
|
}
|
|
|
|
|
|
|
|
[ "x$NAME" == "x" ] && usage
|
|
|
|
[ -d /etc/borg/$NAME ] || die "Profile '$NAME' isn't initialized! See init.sh and README.md."
|
|
|
|
[ $# == 0 ] && usage
|
|
|
|
|
|
|
|
# do some sandboxinng
|
2024-02-17 18:49:53 +01:00
|
|
|
exec systemd-run --quiet --collect --unit=temp-borg-init-sandbox.service \
|
|
|
|
--pipe < /etc/borg/$NAME/borg_passphrase \
|
2023-04-06 00:59:34 +02:00
|
|
|
--working-directory=/tmp \
|
|
|
|
-p "ConfigurationDirectory=borg/$NAME" \
|
2024-02-20 22:14:56 +01:00
|
|
|
-p "ConfigurationDirectoryMode=750" \
|
2024-02-17 18:56:58 +01:00
|
|
|
-p "CacheDirectory=borg/$NAME" \
|
2024-02-20 22:14:56 +01:00
|
|
|
-p "CacheDirectoryMode=750" \
|
2023-04-06 00:59:34 +02:00
|
|
|
-p "PrivateTmp=yes" \
|
2024-02-20 22:14:56 +01:00
|
|
|
-p "ReadOnlyPaths=/" \
|
2024-02-17 18:56:08 +01:00
|
|
|
-p "ReadWritePaths=/root/.ssh/known_hosts" \
|
2023-04-06 00:59:34 +02:00
|
|
|
-p "EnvironmentFile=/etc/borg/$NAME/config.env" \
|
|
|
|
--setenv=BORG_PASSPHRASE_FD=0 \
|
|
|
|
--setenv=BORG_BASE_DIR=/tmp/ \
|
|
|
|
--setenv=BORG_CONFIG_DIR=/etc/borg/$NAME \
|
|
|
|
--setenv=BORG_CACHE_DIR=/var/cache/borg/$NAME \
|
2024-02-17 18:49:53 +01:00
|
|
|
/usr/bin/borg $@
|