From fd7a467d8430682ad665a3db0b6e60aeea4c721f Mon Sep 17 00:00:00 2001
From: Ryan Kavanagh <rak@rak.ac>
Date: Sun, 8 Sep 2024 12:16:31 -0400
Subject: swaybg randomize background hourly

---
 dot_config/systemd/user/tmpreaper@.service | 38 ++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 dot_config/systemd/user/tmpreaper@.service

(limited to 'dot_config/systemd/user/tmpreaper@.service')

diff --git a/dot_config/systemd/user/tmpreaper@.service b/dot_config/systemd/user/tmpreaper@.service
new file mode 100644
index 0000000..200dd69
--- /dev/null
+++ b/dot_config/systemd/user/tmpreaper@.service
@@ -0,0 +1,38 @@
+[Unit]
+Description=tmpreaper cleanup
+
+[Service]
+Type=oneshot
+LockPersonality=true
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+ProtectControlGroups=yes
+ProtectHostname=yes
+RestrictAddressFamilies=
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallErrorNumber=EPERM
+# To restrict write access further, change "ProtectSystem" to "strict" and uncomment
+# "ReadWritePaths", "ReadOnlyPaths", "ProtectHome", and "BindPaths". Then add any local repository
+# paths to the list of "ReadWritePaths" and local backup source paths to "ReadOnlyPaths". This
+# leaves most of the filesystem read-only to borgmatic.
+ProtectSystem=strict
+ReadWritePaths=%I
+
+# Lower CPU and I/O priority.
+Nice=19
+CPUSchedulingPolicy=batch
+IOSchedulingClass=best-effort
+IOSchedulingPriority=7
+IOWeight=100
+
+Restart=no
+LogRateLimitIntervalSec=0
+
+# Delay start to prevent backups running during boot. Note that systemd-inhibit requires dbus and
+# dbus-user-session to be installed.
+#ExecStartPre=sleep 1m
+ExecStart=/usr/sbin/tmpreaper --test --mtime-dir 60d %I
-- 
cgit v1.2.3