Configuring automatic USB backups with an encrypted $HOME

Backups are important, yet I’m lazy and forgetful. To remedy this, I wanted the USB backups I do periodically to be as easy as possible: when I plug in a drive with a backup partition, the backup script replication should kick in.

It turns out this is ridiculously easy to do with systemd (which Ubuntu uses), but it’s slightly less straightforward when you have an encrypted home directory.

First, using GParted I labeled the backup partitions on my various USB drives to be called backup. This makes things easier, as regardless of which drive is plugged in, it will always be mounted in the same location (I only connect one backup drive at a time).

Then, add a systemd user unit in ~/.config/systemd/user/auto-usb-backup.service with:

  
  
    [Unit]
Description=Autobackup to USB drive
Requires=media-david-backup.mount
After=media-david-backup.mount

[Service]
ExecStart=/home/david/Documents/computer/backup/scripts/usb_backup.sh

[Install]
WantedBy=media-david-backup.mount
  
  

The systemd name for the mount is the mountpoint with / replaced by -, but it can be confirmed by looking at the output of systemctl list-units –type=mount .

Reload the daemon: systemctl –user daemon-reload so it’s aware of the new unit.

Enable the new unit: systemctl –user enable auto-usb-backup.service

The unit can be executed at any time by running systemctl –user start auto-usb-backup.service

Finally, remove and add the drive: the script in the systemd user unit defined above should get executed. You can double-c heck this (and debug) using journalctl –user-unit auto-usb-backup -r -b (note that on some systems the –user-unit option may be -u instead).

Note: it appears the script gets triggered before the drive is done mounting, so the backup script called by the systemd unit should have a wait loop to sleep until the folders its looking for are available.

Other helpful resources:

• https://vic.demuzere.be/articles/using-systemd-user-units/
• https://borgbackup.readthedocs.io/en/stable/deployment/automated-local.html

Particularities for encrypted $HOME

The above is all you need for a “typical system”. However, the systemd user unit will stop working after a reboot if you have an encrypted home directory. This is because systemd configures the units to run when starting up at boot. However, at that time the encrypted home directory hasn’t be decrypted and mounted yet, so the user units (and requirements/dependencies) can’t be loaded by systemd and the unit will no longer be working/active. Therefore, the user units need to be started on each login by adding the following to the bottom of ~/.profile:

  
  
    
    systemctl --user enable auto-usb-backup.service
  
    
  

Note that on a “normal” system, the above doesn’t need to be run every login: once is enough for systemd to take care of the rest. But with an encrypted home folder, the user unit must be restarted every time the user logs in.

Would you like to see more Elixir content like this? Sign up to my mailing list so I can gauge how much interest there is in this type of content.