Restic restore: "command not found"

Help
1

I am trying to configure automatic backups with restic and the s3-compatible api. I am mostly following @arthur’s guide from a year ago, but with s3-compatible instead of b2 (as the backblaze docs and restic docs currently recommend). I managed to upload my first test backup repository, but am getting an error when I try to run the command to restore the backup:

> sudo restic-daily restore --target restore-backup latest
/run/agenix/restic/env: line 1: AWS_ACCESS_KEY_ID: command not found
/run/agenix/restic/env: line 2: AWS_SECRET_ACCESS_KEY: command not found
Fatal: unable to open repository at s3:s3.<location>.backblazeb2.com/
<bucket>: s3.getCredentials: no credentials found. Use `-o s3.unsafe-
anonymous-auth=true` for anonymous authentication

sudo restic-daily snapshots gives the same error.

I suspect this may have something to do with the wrapper added in this pull request: nixos/restic: add wrapper scripts that set parameters for backup #251062 specifically, this part where it’s trying to source the env file. Is it somehow trying to run the file as a script??

My env file looks like

AWS_ACCESS_KEY_ID = <secret>
AWS_SECRET_ACCESS_KEY = <secret>

At first I thought it might be because I’m using fish, but I took that line out of my user’s nix config options and it gives the same error with bash. Does anyone see what I’m missing here?

2

How are you using the env file?

3

The only way my code touches it is importing this file into my config:

{
  # configure agenix secrets
  age.secrets = {
    "restic/env".file = ./secrets/restic/env.age;
    "restic/repo".file = ./secrets/restic/repo.age;
    "restic/password".file = ./secrets/restic/password.age;
  };

  # configure restic backup services
  services.restic.backups = {
    daily = {
      initialize = true;

      environmentFile = config.age.secrets."restic/env".path;
      repositoryFile = config.age.secrets."restic/repo".path;
      passwordFile = config.age.secrets."restic/password".path;

      paths = [
        "/home/admin/backup-test"
      ];

      pruneOpts = [
        "--keep-daily 7"
        "--keep-weekly 5"
        "--keep-monthly 12"
      ];
    };
  };
}

And then it’s in an agenix secret in /etc/nixos/secrets that I think can be accessed via my system’s ssh key and my user “admin”'s ssh key. This is my first time using agenix or any kind of secrets manager. I have confirmed manually that it is decrypting into /run/agenix/secrets/restic (or some path like that; away from computer atm)

4

When you remove the spaces surrounding the equal sign, does your problem persist?

5

No, that was it! Successfully restored. Thank you :slight_smile:

6

You are talking about the spaces in the .env file, correct?
Just so that a future person knows in which file to look.

1 Like
7

Yes, I was talking about those.

1 Like