[Unit]
Description=Rotate log files
Documentation=man:logrotate(8) man:logrotate.conf(5)
ConditionACPower=true

[Service]
Type=oneshot
ExecStart=/usr/bin/logrotate %h/.config/logrotate.conf -s %S/logrotate.status -v
Nice=19
IOSchedulingClass=best-effort
IOSchedulingPriority=7

# hardening options
#  details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
#  no ProtectHome for userdir logs
#  no PrivateNetwork for mail deliviery
#  no NoNewPrivileges for third party rotate scripts
# LockPersonality=true
# MemoryDenyWriteExecute=true
# PrivateDevices=true
# PrivateTmp=true
# ProtectControlGroups=true
# ProtectKernelLogs=true
# ProtectKernelModules=true
# ProtectKernelTunables=true
# ProtectSystem=full
# RestrictNamespaces=true
# RestrictRealtime=true