I switched my server to Nixos and wanted to continue my backup setup with borg backup by setting it up in the configuration.nix
. This is the interesting section:
services.borgbackup.jobs.borgbackup = {
paths = "/home/computer/data/";
encryption = {
mode = "repokey-blake2";
passphrase = "mysecretpassword"; # I know it is world-readable
};
archiveBaseName = "${config.networking.hostName}--";
dateFormat = "+%Y-%m-%d_%H:%M";
environment.BORG_RSH = "ssh -p 69 -i /home/computer/.ssh/id_rsa";
environment.BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
repo = "ssh://computer@remoteip:69/home/computer/ssd/backup";
compression = "auto,lz4";
user = "computer";
startAt = "daily";
inhibitsSleep = true;
extraCreateArgs = "--verbose --filter AME --list --stats --show-rc --exclude-caches";
prune.keep = {
daily = 7;
weekly = 4;
monthly = 6;
};
extraPruneArgs = "--list --show-rc";
preHook = "${pkgs.curl}/bin/curl https://hc-ping.com/secreturl";
postHook = "
if [ $exitStatus -ne 0 ]; then
${pkgs.curl}/bin/curl https://hc-ping.com/differentsecreturl1 \
else
${pkgs.curl}/bin/curl https://hc-ping.com/differentsecreturl2 \
fi
";
failOnWarnings = true;
};
If I manually start the service via:
sudo systemctl start borgbackup-job-borgbackup.service
and then check the log with:
sudo journalctl -fu borgbackup-job-borgbackup.service
I can see that I get the following result:
Aug 27 17:06:22 computer systemd[1]: Started BorgBackup job borgbackup.
Aug 27 17:06:22 computer borgbackup-job-borgbackup-start[1957369]: Failed to inhibit: Access denied
Aug 27 17:06:22 computer systemd[1]: borgbackup-job-borgbackup.service: Main process exited, code=exited, status=1/FAILURE
Aug 27 17:06:22 computer systemd[1]: borgbackup-job-borgbackup.service: Failed with result 'exit-code'.
I can give a borg create
with no issues by giving the following command from the user computer
(but before I export the PASSPHRASE
and REPO_URL
in the command line, the same specified in the configuration.nix
above):
borg create \
--verbose \
--filter AME \
--list \
--stats \
--show-rc \
--compression lz4 \
--exclude-caches \
::'{hostname}--{now:%Y-%m-%d_%H:%M}' \
./
I also don’t get any issue by connecting via ssh to:
ssh -v -p 69 -i /home/computer/.ssh/id_rsa computer@remoteip
Thus, I don’t understand why I cannot get borgbackup running via Nixos options…