Can't figure out how to make the systemd timer/service work #505
Labels
No Label
bug
data loss
design finalized
good first issue
new feature area
question / support
security
waiting for response
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: borgmatic-collective/borgmatic#505
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
What I'm trying to do and why
Automate my backups so they run at 3am every day. I have two repos, an encrypted "main" one which has all my important files, and an unencrypted "keepass" one which has my keepassxc password database (i.e. it's already encrypted by itself so no need to have borg encrypt it again).
Steps to reproduce (if a bug)
In
~/.config/borgmatic.d/main.yaml
(I removed all the commented lines for readability):In
~/.config/borgmatic.d/keepass.yaml
:In
/etc/systemd/system/borgmatic.service
:In
/etc/systemd/system/borgmatic.timer
:Actual behavior (if a bug)
When I run
sudo systemctl start borgmatic.service
(to check that it actually runs), and then check the status withsystemctl status borgmatic.service
, I get this:I'm guessing because it's running as root and doesn't know which home directory to look in for config files? I don't really know how systemd works.
When I just run
borgmatic
by itself, it works properly.Environment
borgmatic version: 1.5.1
borgmatic installation method: apt
Borg version: borg 1.1.15
Python version: Python 3.8.10
operating system and version: Ubuntu 20.04.4 LTS
Yes, systemd runs services as the root user. So if you'd like borgmatic to find your configuration files automatically, you'll either need to put them in
/etc/borgmatic.d/
or/root/.config/borgmatic.d/
. Let me know if that works for you!Okay, in that case do I also need to change the
~
in the yaml files to/home/cameron
? And will there be no problems with the root user wrecking the permissions of the files it touches in the repos?If running as root, yes,
~
will refer to/root/
. So it will need to be changed to reference other home directories.As for permissions, Borg/borgmatic may use root-only permissions in the repository. So if you want to retain the ability to access the repository as a non-root user, I recommend not running backups as root. Instead, you may want to look into creating a systemd user service (or just running the existing service as a particular user) so that borgmatic runs as your non-root user. However, some of the security options from the sample configuration file may not work in that context.
Alternatively, you could stick with the root systemd service file and just switch to running borgmatic as root if you ever need to run it manually.
I tried it as you said, it still isn't working:
I will try to make a user service for systemd later. I think it should be mentioned on the docs that the example way will give repos owned by root, I wasn't expecting such a thing. I just want to keep my files and my backups in my home directory and not have to think about which user is running the backup program.
Fair point. Is that output from running borgmatic as a non-root user via systemd? If so, you could try removing the lock file as root (
/home/cameron/6tb/backups/main/lock.exclusive
) assuming there's not another Borg process running. But if you still get permissions errors after that, then the repository may already have root-only permissions. At that point, you could either trychown
ing recursively to fix the permissions on the repository ... or just deleting and recreating the repository if there's nothing in it yet.It's the output from running
sudo systemctl start borgmatic.service
so I guess it's being run as root(?).I'll just delete it and start over again, I only have a few days of backups in there so far so it doesn't matter.
One more thing: when I make a user version of the .service file, which lines should I delete? It isn't clear when the root-specific parts end.
I'm actually not sure; it's not something I've done before. I suspect that the section with security settings may not work.. just because a non-root user may not have permissions to set them. But you may have to find out by trial-and-error.
Okay, I got it working as a systemd user service. This is the
borgmatic.service
file I used:With this
borgmatic.timer
:With this folder structure:
And with these commands:
Awesome, I'm glad to hear you've got it working. And thank you for posting the follow-up here.