Can't figure out how to make the systemd timer/service work #505

New Issue

Closed

opened 2022-03-03 10:24:51 +00:00 by ckp95 · 10 comments

ckp95 commented 2022-03-03 10:24:51 +00:00

Copy Link

What I'm trying to do and why

Automate my backups so they run at 3am every day. I have two repos, an encrypted "main" one which has all my important files, and an unencrypted "keepass" one which has my keepassxc password database (i.e. it's already encrypted by itself so no need to have borg encrypt it again).

Steps to reproduce (if a bug)

In ~/.config/borgmatic.d/main.yaml (I removed all the commented lines for readability):

location:
    source_directories:
        - ~/6tb/me
        - ~/6tb/music
        - ~/6tb/camera-sync
    repositories:
        - ~/6tb/backups/main
storage:
    encryption_passphrase: "my-redacted-passphrase"
retention:
    keep_daily: 7
    keep_weekly: 4
    keep_monthly: 6
    keep_yearly: 100
hooks:
    before_backup:
            - echo "Starting a backup (Main)"
    before_check:
            - echo "Starting checks (Main)"
    after_backup:
            - echo "Finished a backup (Main)"
    after_check:
            - echo "Finished checks (Main)"
    on_error:
            - echo "Error during prune/create/check (Main)"

In ~/.config/borgmatic.d/keepass.yaml:

location:
    source_directories:
        - ~/6tb/me/docs/keepass
    repositories:
        - ~/6tb/backups/keepass
retention:
    keep_daily: 7
    keep_weekly: 4
    keep_monthly: 6
    keep_yearly: 100
hooks:
    before_backup:
            - echo "Starting a backup (Keepass)"
    before_check:
            - echo "Starting checks (Keepass)"
    after_backup:
            - echo "Finished a backup (Keepass)"
    after_check:
            - echo "Finished checks (Keepass)"
    on_error:
            - echo "Error during prune/create/check (Keepass)"

In /etc/systemd/system/borgmatic.service:

[Unit]
Description=borgmatic backup
Wants=network-online.target
After=network-online.target
# Prevent borgmatic from running unless the machine is plugged into power. Remove this line if you
# want to allow borgmatic to run anytime.
ConditionACPower=true

[Service]
Type=oneshot

# Security settings for systemd running as root, optional but recommended to improve security. You
# can disable individual settings if they cause problems for your use case. For more details, see
# the systemd manual: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
LockPersonality=true
# Certain borgmatic features like Healthchecks integration need MemoryDenyWriteExecute to be off.
# But you can try setting it to "yes" for improved security if you don't use those features.
MemoryDenyWriteExecute=no
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallErrorNumber=EPERM
# To restrict write access further, change "ProtectSystem" to "strict" and uncomment
# "ReadWritePaths", "ReadOnlyPaths", "ProtectHome", and "BindPaths". Then add any local repository
# paths to the list of "ReadWritePaths" and local backup source paths to "ReadOnlyPaths". This
# leaves most of the filesystem read-only to borgmatic.
ProtectSystem=full
# ReadWritePaths=-/mnt/my_backup_drive
# ReadOnlyPaths=-/var/lib/my_backup_source
# This will mount a tmpfs on top of /root and pass through needed paths
# ProtectHome=tmpfs
# BindPaths=-/root/.cache/borg -/root/.cache/borg -/root/.borgmatic

# May interfere with running external programs within borgmatic hooks.
CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW

# Lower CPU and I/O priority.
Nice=19
CPUSchedulingPolicy=batch
IOSchedulingClass=best-effort
IOSchedulingPriority=7
IOWeight=100

Restart=no
# Prevent rate limiting of borgmatic log events. If you are using an older version of systemd that
# doesn't support this (pre-240 or so), you may have to remove this option.
LogRateLimitIntervalSec=0

# Delay start to prevent backups running during boot. Note that systemd-inhibit requires dbus and
# dbus-user-session to be installed.
ExecStartPre=sleep 1m
ExecStart=systemd-inhibit --who="borgmatic" --why="Prevent interrupting scheduled backup" /usr/bin/borgmatic --verbosity -1 --syslog-verbosity 1

In /etc/systemd/system/borgmatic.timer:

[Unit]
Description=Run borgmatic backup

[Timer]
OnCalendar=*-*-* 03:00
Persistent=true

[Install]
WantedBy=timers.target

Actual behavior (if a bug)

When I run sudo systemctl start borgmatic.service (to check that it actually runs), and then check the status with systemctl status borgmatic.service, I get this:

cameron@cameron-homeserver:~$ systemctl status borgmatic.service
● borgmatic.service - borgmatic backup
     Loaded: loaded (/etc/systemd/system/borgmatic.service; static; vendor preset: enabled)
     Active: failed (Result: exit-code) since Thu 2022-03-03 10:19:16 GMT; 3s ago
TriggeredBy: ● borgmatic.timer
    Process: 7135 ExecStartPre=/usr/bin/sleep 1m (code=exited, status=0/SUCCESS)
    Process: 7136 ExecStart=/usr/bin/systemd-inhibit --who=borgmatic --why=Prevent interrupting scheduled backup /usr/bin/borgmatic --verbosity -1 --syslog-verbosity 1 (code=exited, status=1/FAILURE)
   Main PID: 7136 (code=exited, status=1/FAILURE)

Mar 03 10:19:16 cameron-homeserver borgmatic[7137]: CRITICAL /etc/borgmatic/config.yaml /etc/borgmatic.d $HOME/.config/borgmatic/config.yaml $HOME/.config/borgmatic.d: No configuration files found
Mar 03 10:19:16 cameron-homeserver borgmatic[7137]: CRITICAL
Mar 03 10:19:16 cameron-homeserver borgmatic[7137]: CRITICAL summary:
Mar 03 10:19:16 cameron-homeserver borgmatic[7137]: CRITICAL /etc/borgmatic/config.yaml /etc/borgmatic.d $HOME/.config/borgmatic/config.yaml $HOME/.config/borgmatic.d: No configuration files found
Mar 03 10:19:16 cameron-homeserver borgmatic[7137]: CRITICAL
Mar 03 10:19:16 cameron-homeserver borgmatic[7137]: CRITICAL Need some help? https://torsion.org/borgmatic/#issues
Mar 03 10:19:16 cameron-homeserver systemd-inhibit[7136]: /usr/bin/borgmatic failed with exit status 1.
Mar 03 10:19:16 cameron-homeserver systemd[1]: borgmatic.service: Main process exited, code=exited, status=1/FAILURE
Mar 03 10:19:16 cameron-homeserver systemd[1]: borgmatic.service: Failed with result 'exit-code'.
Mar 03 10:19:16 cameron-homeserver systemd[1]: Failed to start borgmatic backup.

I'm guessing because it's running as root and doesn't know which home directory to look in for config files? I don't really know how systemd works.

When I just run borgmatic by itself, it works properly.

Environment

borgmatic version: 1.5.1

borgmatic installation method: apt

Borg version: borg 1.1.15

Python version: Python 3.8.10

operating system and version: Ubuntu 20.04.4 LTS

#### What I'm trying to do and why Automate my backups so they run at 3am every day. I have two repos, an encrypted "main" one which has all my important files, and an unencrypted "keepass" one which has my keepassxc password database (i.e. it's already encrypted by itself so no need to have borg encrypt it again). #### Steps to reproduce (if a bug) In `~/.config/borgmatic.d/main.yaml` (I removed all the commented lines for readability): ``` location: source_directories: - ~/6tb/me - ~/6tb/music - ~/6tb/camera-sync repositories: - ~/6tb/backups/main storage: encryption_passphrase: "my-redacted-passphrase" retention: keep_daily: 7 keep_weekly: 4 keep_monthly: 6 keep_yearly: 100 hooks: before_backup: - echo "Starting a backup (Main)" before_check: - echo "Starting checks (Main)" after_backup: - echo "Finished a backup (Main)" after_check: - echo "Finished checks (Main)" on_error: - echo "Error during prune/create/check (Main)" ``` In `~/.config/borgmatic.d/keepass.yaml`: ``` location: source_directories: - ~/6tb/me/docs/keepass repositories: - ~/6tb/backups/keepass retention: keep_daily: 7 keep_weekly: 4 keep_monthly: 6 keep_yearly: 100 hooks: before_backup: - echo "Starting a backup (Keepass)" before_check: - echo "Starting checks (Keepass)" after_backup: - echo "Finished a backup (Keepass)" after_check: - echo "Finished checks (Keepass)" on_error: - echo "Error during prune/create/check (Keepass)" ``` In `/etc/systemd/system/borgmatic.service`: ``` [Unit] Description=borgmatic backup Wants=network-online.target After=network-online.target # Prevent borgmatic from running unless the machine is plugged into power. Remove this line if you # want to allow borgmatic to run anytime. ConditionACPower=true [Service] Type=oneshot # Security settings for systemd running as root, optional but recommended to improve security. You # can disable individual settings if they cause problems for your use case. For more details, see # the systemd manual: https://www.freedesktop.org/software/systemd/man/systemd.exec.html LockPersonality=true # Certain borgmatic features like Healthchecks integration need MemoryDenyWriteExecute to be off. # But you can try setting it to "yes" for improved security if you don't use those features. MemoryDenyWriteExecute=no NoNewPrivileges=yes PrivateDevices=yes PrivateTmp=yes ProtectClock=yes ProtectControlGroups=yes ProtectHostname=yes ProtectKernelLogs=yes ProtectKernelModules=yes ProtectKernelTunables=yes RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK RestrictNamespaces=yes RestrictRealtime=yes RestrictSUIDSGID=yes SystemCallArchitectures=native SystemCallFilter=@system-service SystemCallErrorNumber=EPERM # To restrict write access further, change "ProtectSystem" to "strict" and uncomment # "ReadWritePaths", "ReadOnlyPaths", "ProtectHome", and "BindPaths". Then add any local repository # paths to the list of "ReadWritePaths" and local backup source paths to "ReadOnlyPaths". This # leaves most of the filesystem read-only to borgmatic. ProtectSystem=full # ReadWritePaths=-/mnt/my_backup_drive # ReadOnlyPaths=-/var/lib/my_backup_source # This will mount a tmpfs on top of /root and pass through needed paths # ProtectHome=tmpfs # BindPaths=-/root/.cache/borg -/root/.cache/borg -/root/.borgmatic # May interfere with running external programs within borgmatic hooks. CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW # Lower CPU and I/O priority. Nice=19 CPUSchedulingPolicy=batch IOSchedulingClass=best-effort IOSchedulingPriority=7 IOWeight=100 Restart=no # Prevent rate limiting of borgmatic log events. If you are using an older version of systemd that # doesn't support this (pre-240 or so), you may have to remove this option. LogRateLimitIntervalSec=0 # Delay start to prevent backups running during boot. Note that systemd-inhibit requires dbus and # dbus-user-session to be installed. ExecStartPre=sleep 1m ExecStart=systemd-inhibit --who="borgmatic" --why="Prevent interrupting scheduled backup" /usr/bin/borgmatic --verbosity -1 --syslog-verbosity 1 ``` In `/etc/systemd/system/borgmatic.timer`: ``` [Unit] Description=Run borgmatic backup [Timer] OnCalendar=*-*-* 03:00 Persistent=true [Install] WantedBy=timers.target ``` #### Actual behavior (if a bug) When I run `sudo systemctl start borgmatic.service` (to check that it actually runs), and then check the status with `systemctl status borgmatic.service`, I get this: ``` cameron@cameron-homeserver:~$ systemctl status borgmatic.service ● borgmatic.service - borgmatic backup Loaded: loaded (/etc/systemd/system/borgmatic.service; static; vendor preset: enabled) Active: failed (Result: exit-code) since Thu 2022-03-03 10:19:16 GMT; 3s ago TriggeredBy: ● borgmatic.timer Process: 7135 ExecStartPre=/usr/bin/sleep 1m (code=exited, status=0/SUCCESS) Process: 7136 ExecStart=/usr/bin/systemd-inhibit --who=borgmatic --why=Prevent interrupting scheduled backup /usr/bin/borgmatic --verbosity -1 --syslog-verbosity 1 (code=exited, status=1/FAILURE) Main PID: 7136 (code=exited, status=1/FAILURE) Mar 03 10:19:16 cameron-homeserver borgmatic[7137]: CRITICAL /etc/borgmatic/config.yaml /etc/borgmatic.d $HOME/.config/borgmatic/config.yaml $HOME/.config/borgmatic.d: No configuration files found Mar 03 10:19:16 cameron-homeserver borgmatic[7137]: CRITICAL Mar 03 10:19:16 cameron-homeserver borgmatic[7137]: CRITICAL summary: Mar 03 10:19:16 cameron-homeserver borgmatic[7137]: CRITICAL /etc/borgmatic/config.yaml /etc/borgmatic.d $HOME/.config/borgmatic/config.yaml $HOME/.config/borgmatic.d: No configuration files found Mar 03 10:19:16 cameron-homeserver borgmatic[7137]: CRITICAL Mar 03 10:19:16 cameron-homeserver borgmatic[7137]: CRITICAL Need some help? https://torsion.org/borgmatic/#issues Mar 03 10:19:16 cameron-homeserver systemd-inhibit[7136]: /usr/bin/borgmatic failed with exit status 1. Mar 03 10:19:16 cameron-homeserver systemd[1]: borgmatic.service: Main process exited, code=exited, status=1/FAILURE Mar 03 10:19:16 cameron-homeserver systemd[1]: borgmatic.service: Failed with result 'exit-code'. Mar 03 10:19:16 cameron-homeserver systemd[1]: Failed to start borgmatic backup. ``` I'm guessing because it's running as root and doesn't know which home directory to look in for config files? I don't really know how systemd works. When I just run `borgmatic` by itself, it works properly. #### Environment **borgmatic version:** 1.5.1 **borgmatic installation method:** apt **Borg version:** borg 1.1.15 **Python version:** Python 3.8.10 **operating system and version:** Ubuntu 20.04.4 LTS

witten commented 2022-03-03 18:46:42 +00:00

Owner

Copy Link

Yes, systemd runs services as the root user. So if you'd like borgmatic to find your configuration files automatically, you'll either need to put them in /etc/borgmatic.d/ or /root/.config/borgmatic.d/. Let me know if that works for you!

Yes, systemd runs services as the root user. So if you'd like borgmatic to find your configuration files automatically, you'll either need to put them in `/etc/borgmatic.d/` or `/root/.config/borgmatic.d/`. Let me know if that works for you!

witten added the

question / support

label 2022-03-03 18:46:49 +00:00

ckp95 commented 2022-03-03 18:50:17 +00:00

Author

Copy Link

Okay, in that case do I also need to change the ~ in the yaml files to /home/cameron? And will there be no problems with the root user wrecking the permissions of the files it touches in the repos?

Okay, in that case do I also need to change the `~` in the yaml files to `/home/cameron`? And will there be no problems with the root user wrecking the permissions of the files it touches in the repos?

witten commented 2022-03-03 19:01:42 +00:00

Owner

Copy Link

If running as root, yes, ~ will refer to /root/. So it will need to be changed to reference other home directories.

As for permissions, Borg/borgmatic may use root-only permissions in the repository. So if you want to retain the ability to access the repository as a non-root user, I recommend not running backups as root. Instead, you may want to look into creating a systemd user service (or just running the existing service as a particular user) so that borgmatic runs as your non-root user. However, some of the security options from the sample configuration file may not work in that context.

Alternatively, you could stick with the root systemd service file and just switch to running borgmatic as root if you ever need to run it manually.

If running as root, yes, `~` will refer to `/root/`. So it will need to be changed to reference other home directories. As for permissions, Borg/borgmatic may use root-only permissions in the repository. So if you want to retain the ability to access the repository as a non-root user, I recommend _not_ running backups as root. Instead, you may want to look into creating a systemd [user service](https://www.unixsysadmin.com/systemd-user-services/) (or just running the existing service as a [particular user](https://gist.github.com/alexbuzzbee/54b9a7818b27908250a2dbee2b8dbc29)) so that borgmatic runs as your non-root user. However, some of the security options from the sample configuration file may not work in that context. Alternatively, you could stick with the root systemd service file and just switch to running borgmatic as root if you ever need to run it manually.

ckp95 commented 2022-03-03 19:08:24 +00:00

Author

Copy Link

I tried it as you said, it still isn't working:

● borgmatic.service - borgmatic backup
     Loaded: loaded (/etc/systemd/system/borgmatic.service; static; vendor preset: enabled)
     Active: failed (Result: exit-code) since Thu 2022-03-03 19:02:08 GMT; 1min 57s ago
TriggeredBy: ● borgmatic.timer
    Process: 9204 ExecStartPre=/usr/bin/sleep 1m (code=exited, status=0/SUCCESS)
    Process: 9215 ExecStart=/usr/bin/systemd-inhibit --who=borgmatic --why=Prevent interrupting scheduled backup /usr/bin/borgmatic --verbosity -1 --syslog-verbosity 1 (code=exited, status=1/FAILURE)
   Main PID: 9215 (code=exited, status=1/FAILURE)

Mar 03 19:02:08 cameron-homeserver borgmatic[9216]: CRITICAL /etc/borgmatic.d/main.yaml: Error running configuration file
Mar 03 19:02:08 cameron-homeserver borgmatic[9216]: CRITICAL /home/cameron/6tb/backups/main: Error running actions for repository
Mar 03 19:02:08 cameron-homeserver borgmatic[9216]: CRITICAL ...
                                                    Failed to create/acquire the lock /home/cameron/6tb/backups/main/lock.exclusive ([Errno 13] Permission denied: '/home/cameron/6tb/backups/main/lock.exclusive').
                                                    Traceback (most recent call last):
                                                      File "/usr/lib/python3/dist-packages/borg/archiver.py", line 4621, in main
                                                        exit_code = archiver.run(args)
                                                      File "/usr/lib/python3/dist-packages/borg/archiver.py", line 4553, in run
                                                        return set_ec(func(args))
                                                      File "/usr/lib/python3/dist-packages/borg/archiver.py", line 162, in wrapper
                                                        with repository:
                                                      File "/usr/lib/python3/dist-packages/borg/repository.py", line 190, in __enter__
                                                        self.open(self.path, bool(self.exclusive), lock_wait=self.lock_wait, lock=self.do_lock)
                                                      File "/usr/lib/python3/dist-packages/borg/repository.py", line 421, in open
                                                        self.lock = Lock(os.path.join(path, 'lock'), exclusive, timeout=lock_wait, kill_stale_locks=hostname_is_unique()).acquire()
                                                      File "/usr/lib/python3/dist-packages/borg/locking.py", line 350, in acquire
                                                        self._wait_for_readers_finishing(remove, sleep)
                                                      File "/usr/lib/python3/dist-packages/borg/locking.py", line 363, in _wait_for_readers_finishing
                                                        self._lock.acquire()
                                                      File "/usr/lib/python3/dist-packages/borg/locking.py", line 138, in acquire
                                                        raise LockFailed(self.path, str(err)) from None
                                                    borg.locking.LockFailed: Failed to create/acquire the lock /home/cameron/6tb/backups/main/lock.exclusive ([Errno 13] Permission denied: '/home/cameron/6tb/backups/main/lock.exclusive').
                                                    Platform: Linux cameron-homeserver 5.13.0-30-generic #33~20.04.1-Ubuntu SMP Mon Feb 7 14:25:10 UTC 2022 x86_64
                                                    Linux: Unknown Linux
                                                    Borg: 1.1.15  Python: CPython 3.8.10 msgpack: 0.5.6
                                                    PID: 9225  CWD: /
                                                    sys.argv: ['/usr/bin/borg', 'prune', '--keep-daily', '7', '--keep-weekly', '4', '--keep-monthly', '6', '--keep-yearly', '100', '--prefix', '{hostname}-', '--info', '/home/cameron/6tb/back>
                                                    SSH_ORIGINAL_COMMAND: None
Mar 03 19:02:08 cameron-homeserver borgmatic[9216]: CRITICAL Command 'borg prune --keep-daily 7 --keep-weekly 4 --keep-monthly 6 --keep-yearly 100 --prefix {hostname}- --info /home/cameron/6tb/backups/main' returned non-zero exit status 2.
Mar 03 19:02:08 cameron-homeserver borgmatic[9216]: CRITICAL
Mar 03 19:02:08 cameron-homeserver borgmatic[9216]: CRITICAL Need some help? https://torsion.org/borgmatic/#issues
Mar 03 19:02:08 cameron-homeserver systemd-inhibit[9215]: /usr/bin/borgmatic failed with exit status 1.
Mar 03 19:02:08 cameron-homeserver systemd[1]: borgmatic.service: Main process exited, code=exited, status=1/FAILURE
Mar 03 19:02:08 cameron-homeserver systemd[1]: borgmatic.service: Failed with result 'exit-code'.
Mar 03 19:02:08 cameron-homeserver systemd[1]: Failed to start borgmatic backup.

I will try to make a user service for systemd later. I think it should be mentioned on the docs that the example way will give repos owned by root, I wasn't expecting such a thing. I just want to keep my files and my backups in my home directory and not have to think about which user is running the backup program.

I tried it as you said, it still isn't working: ``` ● borgmatic.service - borgmatic backup Loaded: loaded (/etc/systemd/system/borgmatic.service; static; vendor preset: enabled) Active: failed (Result: exit-code) since Thu 2022-03-03 19:02:08 GMT; 1min 57s ago TriggeredBy: ● borgmatic.timer Process: 9204 ExecStartPre=/usr/bin/sleep 1m (code=exited, status=0/SUCCESS) Process: 9215 ExecStart=/usr/bin/systemd-inhibit --who=borgmatic --why=Prevent interrupting scheduled backup /usr/bin/borgmatic --verbosity -1 --syslog-verbosity 1 (code=exited, status=1/FAILURE) Main PID: 9215 (code=exited, status=1/FAILURE) Mar 03 19:02:08 cameron-homeserver borgmatic[9216]: CRITICAL /etc/borgmatic.d/main.yaml: Error running configuration file Mar 03 19:02:08 cameron-homeserver borgmatic[9216]: CRITICAL /home/cameron/6tb/backups/main: Error running actions for repository Mar 03 19:02:08 cameron-homeserver borgmatic[9216]: CRITICAL ... Failed to create/acquire the lock /home/cameron/6tb/backups/main/lock.exclusive ([Errno 13] Permission denied: '/home/cameron/6tb/backups/main/lock.exclusive'). Traceback (most recent call last): File "/usr/lib/python3/dist-packages/borg/archiver.py", line 4621, in main exit_code = archiver.run(args) File "/usr/lib/python3/dist-packages/borg/archiver.py", line 4553, in run return set_ec(func(args)) File "/usr/lib/python3/dist-packages/borg/archiver.py", line 162, in wrapper with repository: File "/usr/lib/python3/dist-packages/borg/repository.py", line 190, in __enter__ self.open(self.path, bool(self.exclusive), lock_wait=self.lock_wait, lock=self.do_lock) File "/usr/lib/python3/dist-packages/borg/repository.py", line 421, in open self.lock = Lock(os.path.join(path, 'lock'), exclusive, timeout=lock_wait, kill_stale_locks=hostname_is_unique()).acquire() File "/usr/lib/python3/dist-packages/borg/locking.py", line 350, in acquire self._wait_for_readers_finishing(remove, sleep) File "/usr/lib/python3/dist-packages/borg/locking.py", line 363, in _wait_for_readers_finishing self._lock.acquire() File "/usr/lib/python3/dist-packages/borg/locking.py", line 138, in acquire raise LockFailed(self.path, str(err)) from None borg.locking.LockFailed: Failed to create/acquire the lock /home/cameron/6tb/backups/main/lock.exclusive ([Errno 13] Permission denied: '/home/cameron/6tb/backups/main/lock.exclusive'). Platform: Linux cameron-homeserver 5.13.0-30-generic #33~20.04.1-Ubuntu SMP Mon Feb 7 14:25:10 UTC 2022 x86_64 Linux: Unknown Linux Borg: 1.1.15 Python: CPython 3.8.10 msgpack: 0.5.6 PID: 9225 CWD: / sys.argv: ['/usr/bin/borg', 'prune', '--keep-daily', '7', '--keep-weekly', '4', '--keep-monthly', '6', '--keep-yearly', '100', '--prefix', '{hostname}-', '--info', '/home/cameron/6tb/back> SSH_ORIGINAL_COMMAND: None Mar 03 19:02:08 cameron-homeserver borgmatic[9216]: CRITICAL Command 'borg prune --keep-daily 7 --keep-weekly 4 --keep-monthly 6 --keep-yearly 100 --prefix {hostname}- --info /home/cameron/6tb/backups/main' returned non-zero exit status 2. Mar 03 19:02:08 cameron-homeserver borgmatic[9216]: CRITICAL Mar 03 19:02:08 cameron-homeserver borgmatic[9216]: CRITICAL Need some help? https://torsion.org/borgmatic/#issues Mar 03 19:02:08 cameron-homeserver systemd-inhibit[9215]: /usr/bin/borgmatic failed with exit status 1. Mar 03 19:02:08 cameron-homeserver systemd[1]: borgmatic.service: Main process exited, code=exited, status=1/FAILURE Mar 03 19:02:08 cameron-homeserver systemd[1]: borgmatic.service: Failed with result 'exit-code'. Mar 03 19:02:08 cameron-homeserver systemd[1]: Failed to start borgmatic backup. ``` I will try to make a user service for systemd later. I think it should be mentioned on the docs that the example way will give repos owned by root, I wasn't expecting such a thing. I just want to keep my files and my backups in my home directory and not have to think about which user is running the backup program.

witten commented 2022-03-03 19:13:35 +00:00

Owner

Copy Link

Fair point. Is that output from running borgmatic as a non-root user via systemd? If so, you could try removing the lock file as root (/home/cameron/6tb/backups/main/lock.exclusive) assuming there's not another Borg process running. But if you still get permissions errors after that, then the repository may already have root-only permissions. At that point, you could either try chowning recursively to fix the permissions on the repository ... or just deleting and recreating the repository if there's nothing in it yet.

Fair point. Is that output from running borgmatic as a non-root user via systemd? If so, you could try removing the lock file as root (`/home/cameron/6tb/backups/main/lock.exclusive`) assuming there's not another Borg process running. But if you still get permissions errors after that, then the repository may already have root-only permissions. At that point, you could either try `chown`ing recursively to fix the permissions on the repository ... or just deleting and recreating the repository if there's nothing in it yet.

ckp95 commented 2022-03-03 19:15:01 +00:00

Author

Copy Link

It's the output from running sudo systemctl start borgmatic.service so I guess it's being run as root(?).

I'll just delete it and start over again, I only have a few days of backups in there so far so it doesn't matter.

It's the output from running `sudo systemctl start borgmatic.service` so I guess it's being run as root(?). I'll just delete it and start over again, I only have a few days of backups in there so far so it doesn't matter.

👍 1

ckp95 commented 2022-03-03 19:34:51 +00:00

Author

Copy Link

One more thing: when I make a user version of the .service file, which lines should I delete? It isn't clear when the root-specific parts end.

One more thing: when I make a user version of the .service file, which lines should I delete? It isn't clear when the root-specific parts end.

witten commented 2022-03-03 19:36:43 +00:00

Owner

Copy Link

I'm actually not sure; it's not something I've done before. I suspect that the section with security settings may not work.. just because a non-root user may not have permissions to set them. But you may have to find out by trial-and-error.

I'm actually not sure; it's not something I've done before. I _suspect_ that the section with security settings may not work.. just because a non-root user may not have permissions to set them. But you may have to find out by trial-and-error.

👍 1

ckp95 commented 2022-03-06 12:45:47 +00:00

Author

Copy Link

Okay, I got it working as a systemd user service. This is the borgmatic.service file I used:

[Unit]
Description=borgmatic backup
Wants=network-online.target
After=network-online.target
# Prevent borgmatic from running unless the machine is plugged into power. Remove this line if you
# want to allow borgmatic to run anytime.
ConditionACPower=true

[Service]
Type=oneshot

# Lower CPU and I/O priority.
Nice=19
CPUSchedulingPolicy=batch
IOSchedulingClass=best-effort
IOSchedulingPriority=7
IOWeight=100

Restart=no
# Prevent rate limiting of borgmatic log events. If you are using an older version of systemd that
# doesn't support this (pre-240 or so), you may have to remove this option.
LogRateLimitIntervalSec=0

# Delay start to prevent backups running during boot.
ExecStartPre=sleep 1m
ExecStart=/usr/bin/borgmatic --verbosity -1 --syslog-verbosity 1

With this borgmatic.timer:

[Unit]
Description=Run borgmatic backup

[Timer]
OnCalendar=*-*-* 03:00:00
Persistent=true

[Install]
WantedBy=timers.target

With this folder structure:

~/
├─ .config/
│  ├─ borgmatic.d/
│  │  ├─ keepass.yaml
│  │  ├─ main.yaml
│  ├─ systemd/
│  │  ├─ user/
│  │  │  ├─ borgmatic.service
│  │  │  ├─ borgmatic.timer

And with these commands:

systemctl --user daemon-reload
systemctl --user enable --now borgmatic.timer

Okay, I got it working as a systemd user service. This is the `borgmatic.service` file I used: ``` [Unit] Description=borgmatic backup Wants=network-online.target After=network-online.target # Prevent borgmatic from running unless the machine is plugged into power. Remove this line if you # want to allow borgmatic to run anytime. ConditionACPower=true [Service] Type=oneshot # Lower CPU and I/O priority. Nice=19 CPUSchedulingPolicy=batch IOSchedulingClass=best-effort IOSchedulingPriority=7 IOWeight=100 Restart=no # Prevent rate limiting of borgmatic log events. If you are using an older version of systemd that # doesn't support this (pre-240 or so), you may have to remove this option. LogRateLimitIntervalSec=0 # Delay start to prevent backups running during boot. ExecStartPre=sleep 1m ExecStart=/usr/bin/borgmatic --verbosity -1 --syslog-verbosity 1 ``` With this `borgmatic.timer`: ``` [Unit] Description=Run borgmatic backup [Timer] OnCalendar=*-*-* 03:00:00 Persistent=true [Install] WantedBy=timers.target ``` With this folder structure: ``` ~/ ├─ .config/ │ ├─ borgmatic.d/ │ │ ├─ keepass.yaml │ │ ├─ main.yaml │ ├─ systemd/ │ │ ├─ user/ │ │ │ ├─ borgmatic.service │ │ │ ├─ borgmatic.timer ``` And with these commands: ``` systemctl --user daemon-reload systemctl --user enable --now borgmatic.timer ```

witten commented 2022-03-06 17:10:08 +00:00

Owner

Copy Link

Awesome, I'm glad to hear you've got it working. And thank you for posting the follow-up here.

Awesome, I'm glad to hear you've got it working. And thank you for posting the follow-up here.

witten closed this issue 2022-03-06 17:10:08 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

spot-check

1.8.11

1.8.10

1.8.9

1.8.8

1.8.7

1.8.6

1.8.5

1.8.4

1.8.3

1.8.2

1.8.1

1.8.0

1.7.15

1.7.14

1.7.13

1.7.12

1.7.11

1.7.10

1.7.9

1.7.8

1.7.7

1.7.6

1.7.5

1.7.4

1.7.3

1.7.2

1.7.1

1.7.0

1.6.6

1.6.5

1.6.4

1.6.3

1.6.2

1.6.1

1.6.0

1.5.24

1.5.23

1.5.22

1.5.21

1.5.20

1.5.19

1.5.18

1.5.17

1.5.16

1.5.15

1.5.14

1.5.13

1.5.12

1.5.11

1.5.10

1.5.9

1.5.8

1.5.7

1.5.7.dev0

1.5.6

1.5.5

1.5.4

1.5.3

1.5.2

1.5.1

1.5.0

1.4.22

1.4.21

1.4.20

1.4.19

1.4.18

1.4.17

1.4.16

1.4.15

1.4.14

1.4.13

1.4.12

1.4.11

1.4.10

1.4.9

1.4.8

1.4.7

1.4.6

1.4.5

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.26

1.3.25

1.3.24

1.3.23

1.3.22

1.3.21

1.3.20

1.3.19

1.3.18

1.3.17

1.3.16

1.3.15

1.3.14

1.3.13

1.3.12

1.3.11

1.3.10

1.3.9

1.3.8

1.3.7

1.3.6

1.3.5

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

1.2.18

1.2.17

1.2.16

1.2.15

1.2.14

1.2.13

1.2.12

1.2.11

1.2.10

1.2.9

1.2.8

1.2.7

1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

1.2.0

1.1.15

1.1.14

1.1.13

1.1.12

1.1.11

1.1.10

1.1.9

1.1.7

1.1.6

1.1.5

1.1.4

1.1.3

1.1.2

1.1.1

1.1.0

1.0.3

1.0.2

1.0.1

1.0.0

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

0.0.7

0.0.6

0.0.5

0.0.4

0.0.3

0.0.2

Labels

Clear labels   

bug

  

data loss

  

design finalized

  

good first issue

  

new feature area

  

question / support

  

security

  

waiting for response

No Label

bug

data loss

design finalized

good first issue

new feature area

question / support

security

waiting for response

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: borgmatic-collective/borgmatic#505

No description provided.