[Unit]
Description=Server-wide backup (pg_dumpall + restic to NAS + B2)
Documentation=file:///srv/scrum4me/ops-dashboard/docs/runbooks/server-backup.md
After=network-online.target docker.service
Wants=network-online.target
# NAS-mount moet beschikbaar zijn voordat restic naar de NAS-repo schrijft;
# triggert de cifs automount voor /mnt/nas/backups als die nog niet actief is.
RequiresMountsFor=/mnt/nas/backups

[Service]
Type=oneshot
EnvironmentFile=/etc/restic-backup.env
ExecStart=/srv/backups/scripts/server-backup.sh
TimeoutStartSec=4h
RuntimeMaxSec=6h
Nice=10
IOSchedulingClass=best-effort
IOSchedulingPriority=7
# Sandboxing — backup needs root for /etc + docker exec, but limit the rest.
# /mnt/nas/backups MOET in ReadWritePaths anders kan restic niet naar de
# NAS-repo schrijven door ProtectSystem=strict.
ProtectSystem=strict
ReadWritePaths=/var/backups /srv/backups /run /tmp /mnt/nas/backups
ProtectHome=read-only
NoNewPrivileges=yes
PrivateTmp=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
StandardOutput=journal
StandardError=journal
SyslogIdentifier=server-backup

# Exit code semantics from server-backup.sh:
#   0  = success (all phases ok)
#   75 = partial_failure (some non-critical phase failed/degraded)
#   1  = failed (a critical dump phase failed or both restic repos failed)
SuccessExitStatus=75