diff --git a/Readme.md b/Readme.md
new file mode 100644
index 0000000..bc771ac
--- /dev/null
+++ b/Readme.md
@@ -0,0 +1,161 @@
+# Desktop notifications from borgmatic when it is run from systemd
+
+How to set up desktop notifications to an arbitrary user, while borgmatic is automatically run from a systemd timer. That implies a Linux machine, of course.
+
+This includes workarounds for current (borgmatic 1.5.13, borg 1.1.16) limitations of borg/borgmatic. They may or may not be necessary in the future. This HowTo was written on 2021-05-17, some downloaded files may have changed since then.
+
+--
+
+The following needs to be set up for the notifications:
+
+--
+
+### In the systemd timer
+The template from the borgmatic site (the`borgmatic.timer`) is fine, insert a string for `Description=…`, and set the `[Timer]` section if not already done. No special changes here.
+
+--
+
+
+### In the systemd service
+Again, the template from the borgmatic site (the `borgmatic.service`) is good, but needs an essential change:
+
+The line `CapabilityBoundingSet=…` must give the additional capabilities `AP_SETUID `and `CAP_SETGID`. This will allow borgmatic (and whatever is called from it!!) to impersonate a different user (other than root).
+
+*_This means a softening of security settings._ Make sure all permissions on borgmatic and scripts are set correctly!*
+
+--
+
+### In the borgmatic config
+
+#### Notifications directly from borgmatic
+A notification sent by borgmatic itself is set in its `config.yaml` for each hook, impersonating (`sudo -u`) the target user with their user name (`NAME`) and user id (`UID`). (This is what the additional capabilities in the `timer` were needed for.) `NAME` and `UID` can be looked up with `userdbctl`.
+
+(Note: If the display is not ":0", the web knows a way to find the right value. This is not covered here.)
+
+The `notify-send` command sets the urgency of the notifications, and sends a headline and a body text. The latter may include (very rudimentary) HTML formatting (to varying degrees, depending on the desktop). In the `config.yaml` it looks like this (replace `NAME` and `UID`):
+
+```
+hooks:
+ before_backup:
+ - sudo -u NAME DISPLAY=:0 DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/UID/bus notify-send --urgency=normal 'Headline' 'Body text goes here.'
+
+```
+(Note: The config file is in YAML, you cannot use the shell line continuation (" \\"). And use spaces, not tabs.)
+
+-
+
+#### Notifications from a script
+Borgmatic calls an executable script that can do more magic and send the notifications in the same way as explained above.
+
+```
+hooks:
+ on_error:
+ - /etc/borgmatic/notify-error.sh "{configuration_filename}" "{repository}" "{error}" "{output}"
+
+```
+
+(Note: The placeholders (`{configuration_filename}`, `{repository}`, `{error}`, and `{output}`) are not all supported under all hooks.)
+
+(Note: Some scripts from the web can send notifications to *all* users. Also not covered here.)
+
+The notification command in the script:
+
+```
+#!/usr/bin/bash
+
+sudo -u NAME DISPLAY=:0 \
+ DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/UID/bus \
+ notify-send --urgency=normal 'Headline' 'Body text goes here.'`
+
+```
+(Note: Line continuation and the use of variables make complexer notifications substantially easier to set up than in `config.yaml`.)
+
+---
+
+### Example for Overdue Backups Alert
+#### In the borgmatic config
+To know when the last complete backup was made, even if there is no connection to the repository, the date and time needs to be stored locally (here in a `last-successful-backup` file), after every successful backup (hook `after_backup`).
+
+This example uses date and time of the last *complete* backup. Borgmatic does not supply this in a placeholder, so it is identified with `borgmatic list --successful --last 1`, returning only date and time (`--format {time}`) and without control characters (`--no-color `), then the header line is skipped (`sed -n 2p`), and the timezone (that the borgmatic return lacks) is appended (`date +'%:z'`).
+
+It's a good idea to store this value together with the other files for that repository, so `/root/{repository}` would be nice. Unfortunately, `{repository}` is not resolved within borgmatic; the path must be manually copied from the top of the config file.
+
+If an error occurs during backup, a script (here, `notify-error.sh`) will read that date and time and do the subsequent processing.
+
+Example for a remote repository:
+
+```
+
+location:
+ repositories:
+ - BackupUser@BackupServer:/path/to/repository
+...
+hooks:
+ after_backup:
+ - echo "$(borgmatic list --successful --last 1 --format {time} --no-color | sed -n 2p) $(date +'%:z')" \
+ > "/root/BackupUser@BackupServer:/path/to/repository/last-successful-backup"
+...
+ on_error:
+ - /etc/borgmatic/notify-error.sh "{configuration_filename}" "{repository}" "{error}" "{output}"
+```
+Note: Inside the quotes of `echo …` we can use line continuation (" \") for better readability.
+
+#### The notification script
+For easy date and time calculations, this script makes use of `dateutils`. It will send slightly different notifications, depending on the age of the last successful backup:
+
+```
+#!/usr/bin/bash
+
+# Notifies user of overdue borgmatic backups.
+
+# Is called by borgmatic on errors during a prune, create, or check action as
+# /etc/borgmatic/notify.sh "{configuration_filename}" "{repository}" "{error}" "{output}"
+
+# Requires: dateutils
+
+
+# set user to be notified (find name and id with userdbctl)
+NOTIFYUSER=XXXXX
+NOTIFYUSERID=NNNN
+
+# read date of last successful backup, get current datetime
+LASTBACKUP=$(<"/root/BackupUser@BackupServer:/path/to/repository/last-successful-backup")
+NOW=$(date +'%F %H:%M %Z')
+
+# time calculations: backup age...
+# ...in full hours for branching by age
+BACKUPAGEHOURS=$(datediff -i "%a, %F %T %Z" -f "%rH" \
+ "$LASTBACKUP" now)
+# ...as string for notifications, with removal of zero values
+BACKUPAGESTRING=$(datediff -i "%a, %F %T %Z" -f "%rY years %rm months %rw weeks %rd days %rH hours %rM minutes" \
+ "$LASTBACKUP" now | sed -E 's/(0 years |0 months |0 weeks |0 days |0 hours)//g')
+
+# set message text
+NOTIFYTEXT="Backup attempted $NOW.
+Last full backup: $BACKUPAGESTRING ago.
+Error details (more info in systemd journal):
+⚫ Configuration file
+$1
+⚫ Repository
+$2
+⚫ Command output
+$4
+⚫ Error Message
+$3"
+
+
+# different actions depending on backup age
+if [ "$BACKUPAGEHOURS" -gt 72 ] # backup is older than 72 hours
+ then
+ sudo -u "$NOTIFYUSER" DISPLAY=:0 "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$NOTIFYUSERID/bus" \
+ notify-send --urgency=critical 'Borgmatic Backup SERIOUSLY OVERDUE!' "$NOTIFYTEXT"
+elif [ "$BACKUPAGEHOURS" -gt 24 ] # backup is older than 24 hours
+ then
+ sudo -u "$NOTIFYUSER" DISPLAY=:0 "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$NOTIFYUSERID/bus" \
+ notify-send --urgency=critical 'Borgmatic Backup Overdue' "$NOTIFYTEXT"
+else # backup age is 24 hours or less
+ sudo -u "$NOTIFYUSER" DISPLAY=:0 "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$NOTIFYUSERID/bus" \
+ notify-send --urgency=critical "Borgmatic Backup Failed" "$NOTIFYTEXT"
+fi
+
+```
diff --git a/borgmatic-notification.png b/borgmatic-notification.png
new file mode 100644
index 0000000..8900671
Binary files /dev/null and b/borgmatic-notification.png differ