[Unit]
Description=backup of postgresql database %i
After=postgresql.target network.target remote-fs.target

[Service]
Type=exec
ExecStart=/bin/bash -c '/usr/bin/pg_dump -c %i | bzip2 -9 > /var/backups/postgres/%i.sql.bz2'
TimeoutStopSec=0
Restart=no

User=postgres
Group=postgres
UMask=117
WorkingDirectory=/var/backups/postgres
ReadOnlyDirectories=/
ReadWritePaths=/var/backups/postgres
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
NoNewPrivileges=true
CapabilityBoundingSet=
MemoryDenyWriteExecute=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectControlGroups=true
RestrictRealtime=true
RestrictNamespaces=true
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
ProtectSystem=full

[Install]
WantedBy=multi-user.target