Configuring automatic USB backups with an encrypted $HOME

Backups are important, yet I’m lazy and forgetful. To remedy this, I wanted the USB backups I do periodically to be as easy as possible: when I plug in a drive with a `backup` partition, the backup script replication should kick in.

It turns out this is ridiculously easy to do with systemd (which Ubuntu uses), but it’s slightly less straightforward when you have an encrypted home directory.

First, using GParted I labeled the backup partitions on my various USB drives to be called `backup`. This makes things easier, as regardless of which drive is plugged in, it will always be mounted in the same location (I only connect one backup drive at a time).

Then, add a systemd user unit in ~/.config/systemd/user/auto-usb-backup.service with:

Description=Autobackup to USB drive



The systemd name for the mount is the mountpoint with / replaced by -, but it can be confirmed by looking at the output of `systemctl list-units –type=mount`.

Reload the daemon: `systemctl –user daemon-reload` so it’s aware of the new unit.

Enable the new unit: `systemctl –user enable auto-usb-backup.service`

The unit can be executed at any time by running `systemctl –user start auto-usb-backup.service`

Finally, remove and add the drive: the script in the systemd user unit defined above should get executed. You can double-c heck this (and debug) using `journalctl –user-unit auto-usb-backup -r -b` (note that on some systems the `–user-unit` option may be `-u` instead).

Note: it appears the script gets triggered before the drive is done mounting, so the backup script called by the systemd unit should have a wait loop to sleep until the folders its looking for are available.

Other helpful resources:

Particularities for encrypted $HOME

The above is all you need for a “typical system”. However, the systemd user unit will stop working after a reboot if you have an encrypted home directory. This is because systemd configures the units to run when starting up at boot. However, at that time the encrypted home directory hasn’t be decrypted and mounted yet, so the user units (and requirements/dependencies) can’t be loaded by systemd and the unit will no longer be working/active. Therefore, the user units need to be started on each login by adding the following to the bottom of ~/.profile:

systemctl --user enable auto-usb-backup.service

Note that on a “normal” system, the above doesn’t need to be run every login: once is enough for systemd to take care of the rest. But with an encrypted home folder, the user unit must be restarted every time the user logs in.

This entry was posted in System administration. Bookmark the permalink.