-
Notifications
You must be signed in to change notification settings - Fork 13
/
ipibackup.service
53 lines (48 loc) · 1.53 KB
/
ipibackup.service
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
[Unit]
Description=iPhone backup
Requires=usbmuxd.service
After=usbmuxd.service
# Useful but sometimes a bit dangerous
#FailureAction=reboot
[Service]
Type=oneshot
# Sometimes usbmux is not completely ready so force a delay. I know it's ugly
ExecStartPre=/bin/sleep 1
# Give some feedback about what happens
ExecStartPre=/bin/sh -c "(echo -n start:; date -R) > /home/pi/iphone/status"
# Needs the raspi-gpio package
ExecStartPre=+-/usr/bin/raspi-gpio set 18 op
ExecStartPre=+-/usr/bin/raspi-gpio set 18 dh
# Make sure the destination folder exists
ExecStartPre=/bin/mkdir -p /home/pi/iphone
# Run the backup itself
ExecStart=/usr/bin/idevicebackup2 backup /home/pi/iphone
# Feedback again
ExecStartPost=/bin/sh -c "(echo -n success:; date -R) >> /home/pi/iphone/status"
ExecStartPost=+-/usr/bin/raspi-gpio set 18 dl
# Unfortunately never called if backup fails
ExecStopPost=/bin/sh -c "(echo -n stop:; date -R) >> /home/pi/iphone/status"
# Hardening
PrivateTmp=true
PrivateNetwork=true
# PrivateDevices=true works with systemd >= 239
# https://github.com/systemd/systemd/issues/8842
# fixed by https://github.com/systemd/systemd/pull/8866
PrivateDevices=true
ProtectSystem=strict
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
ProtectHome=read-only
NoNewPrivileges=true
MemoryDenyWriteExecute=true
SystemCallArchitectures=native
RestrictNamespaces=true
RestrictAddressFamilies=AF_UNIX
RestrictRealtime=true
LockPersonality=true
SystemCallFilter=~@mount
User=pi
ReadWritePaths=/home/pi/iphone
[Install]
WantedBy=usbmuxd.service