Automatic backups with restic and systemd services
feldspaten.org
Restic is a mature, effective and secure backup solution that covers a wide range of use cases. I use it heavily for all of my backups. The program itself is peak open source: it’s free (as in BSD-2-Clause license), runs on any modern OS, runs on systems low on resources and it can be learned in 30 minutes by reading the well-written documentation. It provides almost everything you need. Except for one thing, which we’re looking at today: Fully automated backups using a systemd service and timer.

I’m having trouble automating the restic backup using systemd.

I followed the linked guide, which seems pretty straightforward. Backup works fine when I run it manually, but when I try to run systemctl status restic-backup.service I get the following error: Fatal: parsing repository location failed: s3: bucket name not found

I have triple-checked the file paths, and also added PassEnvironment=AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY RESTIC_REPOSITORY RESTIC_PASSWORD_FILE B2_ACCOUNT_ID B2_ACCOUNT_KEY to the restic-backup.service file, which I saw used elsewhere. This is my first time using systemd, so I’m not sure if I am overlooking an obvious step or what.

OS: Xubuntu

restic: installed locally following these steps

backup: Backblaze B2 bucket with s3

  • InnerScientist@lemmy.worldEnglish
    2·
    3 days ago

    The problem seems to be that when you run restic with systemctl start, it passen on your user environment including the information of where your rclone.conf lies. When the systemd service runs on its own it doesn’t have this. You need to either tell restic the path to your rclone config or set the home environment such that the systemd service checks the right location.

    • gedaliyah@lemmy.worldOPEnglish
      1·
      2 days ago

      my Files look like this:

      # /etc/systemd/system/restic-backup.service

[Unit]
Description=Generate a restic backup snapshot
After=network.target

[Service]
Type=oneshot
WorkingDirectory=/
EnvironmentFile=/etc/restic-env
PassEnvironment=AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY RESTIC_REPOSITORY RESTIC_PASSWORD_FILE
Environment=XDG_CACHE_HOME=/var/cache
ExecStart=/usr/bin/restic backup -r s3:https://s3.us-west-004.backblazeb2.com/XXXBUCKETNAMEXXX /home/XXXX /etc /media/XXXX/Storage --tag auto
ExecStart=/usr/bin/restic forget --prune --keep-hourly 6 --keep-daily 7 --keep-weekly 4 --keep-monthly 6 --tag auto
ExecStart=/usr/bin/restic check --read-data

Nice=19
IOSchedulingClass=best-effort 
IOSchedulingPriority=7
TimeoutSec=3600
Restart=no

[Install]
WantedBy=multi-user.target

      # /etc/restic-env

export AWS_ACCESS_KEY_ID=004XXXXXXXXXXXXXX
export AWS_SECRET_ACCESS_KEY=K00XXXXXXXXXXXXXXXXXXXXXXXX
export RESTIC_REPOSITORY=s3:s3.us-west-004.backblazeb2.com
export RESTIC_PASSWORD_FILE=/etc/restic-password

DEBUG_LOG=restic.log

      I’m running the systemd commands from a root terminal and the permissions on restic-env and restic-password are 700

  • 𝕽𝖚𝖆𝖎𝖉𝖍𝖗𝖎𝖌𝖍@midwest.socialEnglish
    5·
    4 days ago

    My recommendation is to put all of the variables in an environment file, and use systemd’s EnvironmentFile (in [Service] to point to it.

    One of my backup service files (I back up to disks and cloud) looks like this:

    [Unit]
Description=Backup to MyUsbDrive
Requires=media-MyUsbDrive.mount
After=media-MyUsbDrive.mount

[Service]
EnvironmentFile=/etc/backup/environment
Type=simple
ExecStart=/usr/bin/restic backup --tag=prefailure-2 --files-from ${FILES} --exclude-file ${EXCLUDES} --one-file-system

[Install]
WantedBy=multi-user.timer

    FILES is a file containing files and directories to be backed up, and is defined in the environment file; so is EXCLUDES, but you could simply point restic at the directory you want to back up instead.

    My environment file looks essentially like

    RESTIC_REPOSITORY=/mnt/MyUsbDrive/backup
RESTIC_PASSWORD=blahblahblah
KEEP_DAILY=7
KEEP_MONTHLY=3
KEEP_YEARLY=2
EXCLUDES=/etc/backup/excludes
FILES=/etc/backup/files

    If you’re having trouble, start by looking at how you’re passing in the password, and whether it’s quoted properly. It’s been a couple of years since I had this issue, but at one point I know I had spaces in a passphrase and had quoted the variable, and the quotes were getting passed in verbatim.

    My VPS backups are more complex and get their passwords from a keystore, but for my desktop I keep it simple.

    • dgdft@lemmy.worldEnglish
      4·
      4 days ago

      Seconding this answer. The error message and description scream envvar issue.

      This is my first time using systemd, so I’m not sure if I am overlooking an obvious step or what.

      @gedaliyah@lemmy.world Did you run a systemctl daemon-reload after making the PassEnvironment change to your service file?

      • gedaliyah@lemmy.worldOPEnglish
        1·
        2 days ago

        Yes, I’ve been running the two commands one after the other. I’m assuming that daemon-reload reloads the files into memory or whatever?

  • nickiam2@aussie.zoneEnglish
    4·
    4 days ago

    Are you using B2 or S3? Setting both might be causing it to get confused. The bucket name needs to be appended to the end of the S3 or B2 URL like “s3:b2.backblaze.com/<bucket_name>” inside the RESTIC_REPOSITORY variable

    • gedaliyah@lemmy.worldOPEnglish
      2·
      2 days ago

      I was using s3, and I added the b2 variables in a “throw everything at the wall and see what sticks” process. not a good idea, but I do try to fix things on my own before posting things here. Occasionally I can figure it out lol. I’ve removed the b2 variables.

      It occurs to me that I have restic set up as an app in backblaze according to this, so I’m not sure how it knows which bucket to use. appending the bucket name to the url does not change the outcome.

      Now I am also getting: Fatal: unable to open config file: Stat: 401

  • UnfortunateShort@lemmy.worldEnglish
    1·
    4 days ago

    Have you tried setting up rclone for cloud access and then using restic with -r “rclone:my_aws:path/to/backup”?