[Unit]
Description=recurring system backup using borg
After=network.target

[Service]
Type=simple
ExecStart=/usr/bin/borg create -C lz4 -v --stats --one-file-system ::'{hostname}-{now:%%Y-%%m-%%d_%%H-%%M}' / \
    --exclude-caches			\
    --exclude /var/cache/		\
    --exclude /var/lib/mysql/		\
    --exclude /var/lib/php/sessions/	\
    --exclude /var/lib/postfix/		\
    --exclude /var/lib/postgresql/	\
    --exclude /opt/backups/

ConfigurationDirectory=borg/%i
CacheDirectory=borg/%i

StandardInput=file:/etc/borg/%i/borg_passphrase

EnvironmentFile=/etc/borg/%i/config.env
Environment="BORG_RSH=ssh -i /etc/borg/%i/ssh_key" BORG_PASSPHRASE_FD=0 BORG_BASE_DIR=/tmp/ BORG_CONFIG_DIR=/etc/borg/%i BORG_CACHE_DIR=/var/cache/borg/%i

PrivateTmp=yes
ReadOnlyDirectories=/
WorkingDirectory=/tmp

ConfigurationDirectoryMode=550
CacheDirectoryMode=550