Backups on Arch Linux to a Synology NAS using Borg/Borgmatic

Sep 30, 2021 · 961 words · 5 minute read

Yesterday, I thought my SSD crashed. While I was able to get it working by simply removing it and plugging it back, it was a solid reminder that I don’t have a systematic backup solution which I trust. I had bought a Synology NAS (DiskStation 920+) a few months ago for exactly this purpose. I had been having fun with it, but procrastinated on actually setting up regular backups. Yesterday’s scare finally got me to figure this out.

I have a dual boot system with Arch Linux and Windows, although all of my work is on Arch. I don’t care much about backing up the Windows system, although I might decide to back it up later as well. Primarily, I want a system which does a daily backup of my home directory.

After exploring my options, I ended up with using Borg and Borgmatic. Here I wanted to share my set up for having daily backups using Borg to my Synology NAS from my laptop running Arch Linux.

Ingredients

I have the following setup

A laptop running Arch Linux. I want to automate backups for my /home/ directory.
A Synology NAS on my local network where the backups will be stored.

Setting up Borg on the Synology NAS

On the DiskStation, we can install the Borg package from the SynoCommunity repository. I already have ssh access set up on my NAS. So I logged into the NAS, and tested that borg is working.

[arch]$ ssh nas
[nas]$ borg -V
borg 1.1.17
[nas]$ which borg
/usr/local/bin/borg

where nas is an alias for my NAS which I have set up for my NAS in the ~/.ssh/config file. The output of which borg will be useful later.

Now I create a new shared folder on the NAS called backup using the File Station app, under Create > Create New Shared Folder. Once you create it, it can be accessed at /volume1/backup/. This is where we will keep all the backups.

Now we need to create a Borg repository and set up our regular backups on arch, which we do on Arch.

Setting up Borg and Borgmatic on Arch

First, let’s install borg and borgmatic on my laptop.

[arch] yay borg borgmatic

Now we can initalize a repository called arch in the backup remote folder:

[arch] borg init --remote-path=/usr/bin/local/borg --encryption=repokey nas:/volume1/backup/arch -v=1 --progress

Note that I had to explicitly specify the path to borg executable on the remote NAS with the --remote-path argument. (You can find this path by running the command which borg on the NAS.) Otherwise, it seemed like borg couldn’t find the remote executable for some reason. The -e=repokeyargument is to set up encryption, which is always a good idea. (You can read more about all the encryption modes in the Borg documentation.) The -v=1 option specifies the verbosity level, and --progress shows a progress bar.

Now, we would like to use the awesome Borgmatic for automating the backups. We just to set up one simple config file. Let’s get a sample one.

[arch] mkdir ~/.config/borgmatic.d/
[arch] generate-borgmatic-config ~/.config/borgmatic.d/config.yaml

This generates a configuration file. The only places where I had to edit the default configuration were:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22


location:
    source_directories:
        - /home/hersh/

    repositories:
      - nas:/volume1/backup/arch

    remote_path: /usr/local/bin/borg

    exclude_patterns:
        - '*.pyc'
        - /home/*/.cache

    exclude_if_present:
        - .nobackup

retention:
    keep_daily: 7
    
storage:
    encryption_passphrase: <your passphrase>
    

You can check if there are any errors by running validate-borgmatic-config. That’s it. Now you can make a backup by just running

[arch] borgmatic -v=1 --progress

Scheduling using systemd timers

Let’s automate this so that we get a daily backup. On Arch, we can do this by using systemd timers. We need to make two files in the ~/.config/systemd/ directory. Also refer to the borgmatic documentation.

In the ~/.config/systemd/user/borgmatic.timer file

1
2
3
4
5
6
7
8
9


[Unit]
Description=Run borgmatic backup

[Timer]
OnCalendar=*-*-* 23:00
Persistent=true

[Install]
WantedBy=timers.target

This runs the borgmatic service every night at 11 PM, which is setup by the file ~/.config/systemd/user/borgmatic.service with the following contents.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29


[Unit]
Description=borgmatic backup
Wants=network-online.target
After=network-online.target
ConditionACPower=true

[Service]
Type=oneshot

# Certain borgmatic features like Healthchecks integration need MemoryDenyWriteExecute to be off.
# But you can try setting it to "yes" for improved security if you don't use those features.
MemoryDenyWriteExecute=no

# Lower CPU and I/O priority.
Nice=19
CPUSchedulingPolicy=batch
IOSchedulingClass=best-effort
IOSchedulingPriority=7
IOWeight=100

Restart=no
# Prevent rate limiting of borgmatic log events. If you are using an older version of systemd that
# doesn't support this (pre-240 or so), you may have to remove this option.
LogRateLimitIntervalSec=0

# Delay start to prevent backups running during boot. Note that systemd-inhibit requires dbus and
# dbus-user-session to be installed.
ExecStartPre=sleep 1m
ExecStart=systemd-inhibit --who="borgmatic" --why="Prevent interrupting scheduled backup" /usr/bin/borgmatic --syslog-verbosity 1

Finally, we enable the systemd timers by

systemctl enable --user --now borgmatic.timer

That’s it. We now have automated backups which run daily at 11 PM.

Monitoring backups

Currently, I don’t have a sophisticated system for notifying me when something goes wrong. I have been simply checking the logs. To see the log from the last backup, I have been using

[arch] journalctl --user -u borgmatic.service

Some other useful commands are borgmatic list and borgmatic --info. Perhaps I will set up a notification system too, but this is working well for me and has significantly reduced my anxiety over losing data.