[Unit]
Description=recurring borg backup cleanup
After=network.target

[Service]
Type=simple
ExecStart=/usr/bin/borg prune \
	--keep-daily=31 \
	--keep-weekly=52 \
	--keep-yearly=42 \
	--keep-within 3d \
	--list
ConfigurationDirectory=borg/%i
CacheDirectory=borg/%i

StandardInput=file:/etc/borg/%i/borg_passphrase

EnvironmentFile=/etc/borg/%i/config.env
Environment="BORG_RSH=ssh -i /etc/borg/%i/ssh_key" BORG_PASSPHRASE_FD=0 BORG_BASE_DIR=/tmp/ BORG_CONFIG_DIR=/etc/borg/%i BORG_CACHE_DIR=/var/cache/borg/%i

PrivateTmp=yes
ReadOnlyDirectories=/
WorkingDirectory=/tmp

ConfigurationDirectoryMode=550
CacheDirectoryMode=550