Automating Restic backups (feldspaten.org)
from gedaliyah@lemmy.world to selfhosted@lemmy.world on 03 Aug 14:31
https://lemmy.world/post/33912328

I’m having trouble automating the restic backup using systemd.

I followed the linked guide, which seems pretty straightforward. Backup works fine when I run it manually, but when I try to run systemctl status restic-backup.service I get the following error: Fatal: parsing repository location failed: s3: bucket name not found

I have triple-checked the file paths, and also added PassEnvironment=AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY RESTIC_REPOSITORY RESTIC_PASSWORD_FILE B2_ACCOUNT_ID B2_ACCOUNT_KEY to the restic-backup.service file, which I saw used elsewhere. This is my first time using systemd, so I’m not sure if I am overlooking an obvious step or what.

OS: Xubuntu

restic: installed locally following these steps

backup: Backblaze B2 bucket with s3

#selfhosted

threaded - newest

sxan@midwest.social on 03 Aug 15:24 next collapse

My recommendation is to put all of the variables in an environment file, and use systemd’s EnvironmentFile (in [Service] to point to it.

One of my backup service files (I back up to disks and cloud) looks like this:

[Unit]
Description=Backup to MyUsbDrive
Requires=media-MyUsbDrive.mount
After=media-MyUsbDrive.mount

[Service]
EnvironmentFile=/etc/backup/environment
Type=simple
ExecStart=/usr/bin/restic backup --tag=prefailure-2 --files-from ${FILES} --exclude-file ${EXCLUDES} --one-file-system

[Install]
WantedBy=multi-user.timer

FILES is a file containing files and directories to be backed up, and is defined in the environment file; so is EXCLUDES, but you could simply point restic at the directory you want to back up instead.

My environment file looks essentially like

RESTIC_REPOSITORY=/mnt/MyUsbDrive/backup
RESTIC_PASSWORD=blahblahblah
KEEP_DAILY=7
KEEP_MONTHLY=3
KEEP_YEARLY=2
EXCLUDES=/etc/backup/excludes
FILES=/etc/backup/files

If you’re having trouble, start by looking at how you’re passing in the password, and whether it’s quoted properly. It’s been a couple of years since I had this issue, but at one point I know I had spaces in a passphrase and had quoted the variable, and the quotes were getting passed in verbatim.

My VPS backups are more complex and get their passwords from a keystore, but for my desktop I keep it simple.

dgdft@lemmy.world on 03 Aug 16:56 collapse

Seconding this answer. The error message and description scream envvar issue.

This is my first time using systemd, so I’m not sure if I am overlooking an obvious step or what.

@gedaliyah@lemmy.world Did you run a systemctl daemon-reload after making the PassEnvironment change to your service file?

gedaliyah@lemmy.world on 05 Aug 15:32 collapse

Yes, I’ve been running the two commands one after the other. I’m assuming that daemon-reload reloads the files into memory or whatever?

darcmage@lemmy.dbzer0.com on 03 Aug 15:49 next collapse

fedoramagazine.org/automate-backups-with-restic-a…

That’s the guide I followed to automate my backups.

gedaliyah@lemmy.world on 05 Aug 15:51 collapse

I don’t understand EnvironmentFile=%h/.config/restic-backup.conf - what is the %h/ part?

darcmage@lemmy.dbzer0.com on 05 Aug 16:22 collapse

You would use your home directory in place of %h

[deleted] on 03 Aug 16:17 next collapse

.

bookmeat@lemmynsfw.com on 03 Aug 16:25 next collapse

I used this. If you get stuck, try it out. Or check the code for ideas.

autonomoususer@lemmy.world on 03 Aug 17:00 next collapse

Don’t do that. Use resticprofile.

nickiam2@aussie.zone on 03 Aug 17:41 next collapse

Are you using B2 or S3? Setting both might be causing it to get confused. The bucket name needs to be appended to the end of the S3 or B2 URL like “s3:b2.backblaze.com/<bucket_name>” inside the RESTIC_REPOSITORY variable

gedaliyah@lemmy.world on 05 Aug 15:24 collapse

I was using s3, and I added the b2 variables in a “throw everything at the wall and see what sticks” process. not a good idea, but I do try to fix things on my own before posting things here. Occasionally I can figure it out lol. I’ve removed the b2 variables.

It occurs to me that I have restic set up as an app in backblaze according to this, so I’m not sure how it knows which bucket to use. appending the bucket name to the url does not change the outcome.

Now I am also getting: Fatal: unable to open config file: Stat: 401

UnfortunateShort@lemmy.world on 03 Aug 23:16 next collapse

Have you tried setting up rclone for cloud access and then using restic with -r “rclone:my_aws:path/to/backup”?

gedaliyah@lemmy.world on 04 Aug 02:38 collapse

What would be the benefit?

InnerScientist@lemmy.world on 04 Aug 19:25 collapse

The problem seems to be that when you run restic with systemctl start, it passen on your user environment including the information of where your rclone.conf lies. When the systemd service runs on its own it doesn’t have this. You need to either tell restic the path to your rclone config or set the home environment such that the systemd service checks the right location.

gedaliyah@lemmy.world on 05 Aug 16:58 collapse

my Files look like this:

# /etc/systemd/system/restic-backup.service

[Unit]
Description=Generate a restic backup snapshot
After=network.target

[Service]
Type=oneshot
WorkingDirectory=/
EnvironmentFile=/etc/restic-env
PassEnvironment=AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY RESTIC_REPOSITORY RESTIC_PASSWORD_FILE
Environment=XDG_CACHE_HOME=/var/cache
ExecStart=/usr/bin/restic backup -r s3:https://s3.us-west-004.backblazeb2.com/XXXBUCKETNAMEXXX /home/XXXX /etc /media/XXXX/Storage --tag auto
ExecStart=/usr/bin/restic forget --prune --keep-hourly 6 --keep-daily 7 --keep-weekly 4 --keep-monthly 6 --tag auto
ExecStart=/usr/bin/restic check --read-data

Nice=19
IOSchedulingClass=best-effort 
IOSchedulingPriority=7
TimeoutSec=3600
Restart=no

[Install]
WantedBy=multi-user.target
# /etc/restic-env

export AWS_ACCESS_KEY_ID=004XXXXXXXXXXXXXX
export AWS_SECRET_ACCESS_KEY=K00XXXXXXXXXXXXXXXXXXXXXXXX
export RESTIC_REPOSITORY=s3:s3.us-west-004.backblazeb2.com
export RESTIC_PASSWORD_FILE=/etc/restic-password

DEBUG_LOG=restic.log

I’m running the systemd commands from a root terminal and the permissions on restic-env and restic-password are 700