[Unit]
Description=Server-wide backup (pg_dumpall + restic to NAS + B2)
Documentation=file:///srv/ops/repos/ops-dashboard/docs/runbooks/server-backup.md
After=network-online.target docker.service
Wants=network-online.target

[Service]
Type=oneshot
EnvironmentFile=/etc/restic-backup.env
ExecStart=/srv/backups/scripts/server-backup.sh
TimeoutStartSec=4h
RuntimeMaxSec=6h
Nice=10
IOSchedulingClass=best-effort
IOSchedulingPriority=7
# Sandboxing — backup needs root for /etc + docker exec, but limit the rest.
ProtectSystem=strict
ReadWritePaths=/var/backups /srv/backups /run /tmp
ProtectHome=read-only
NoNewPrivileges=yes
PrivateTmp=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
StandardOutput=journal
StandardError=journal
SyslogIdentifier=server-backup

# Exit code semantics from server-backup.sh:
#   0  = success (all phases ok)
#   75 = partial_failure (some non-critical phase failed/degraded)
#   1  = failed (a critical dump phase failed or both restic repos failed)
SuccessExitStatus=75