On Thu, May 30, 2024 at 06:05:37PM +0100, Colin Watson wrote: > Are you in a position to trace any further? A copy of one of the > relevant systemd units might be helpful information.
Please see the attached ~/.config/systemd/user/borgmatic@.service
file, which is based off of
borgmatic: /usr/lib/systemd/system/borgmatic.service
The log messages from journalctl are:
May 30 14:50:34 koios borgmatic[246058]: INFO ssh://rsync.net/./home-koios:
Creating archive
May 30 14:50:34 koios borgmatic[246058]: INFO Remote: Bad owner or permissions
on /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf
May 30 14:50:34 koios borgmatic[246058]: INFO Connection closed by remote host.
Is borg working on the server?
May 30 14:50:34 koios borgmatic[246058]: CRITICAL ssh://rsync.net/./home-koios:
Error running actions for repository
May 30 14:50:34 koios borgmatic[246058]: CRITICAL Command 'borg create
--exclude-from /tmp/tmpwrlf80y_ --compression auto,lzma --one-file-system
--verbose --info ssh://rsync.net/./home-koios::{hostname}-{now} [snip]
May 30 14:50:34 koios borgmatic[246058]: CRITICAL
/home/rak/.config/borgmatic/home.yaml: An error occurred
May 30 14:50:34 koios borgmatic[246058]: CRITICAL
May 30 14:50:34 koios borgmatic[246058]: CRITICAL summary:
May 30 14:50:34 koios borgmatic[246058]: WARNING
/home/rak/.config/borgmatic/home.yaml: Configuration sections (like location:,
storage:, retention:, consistency:, and hooks:) are deprecated and support will
be removed from a future release. To prepare for this, move your options out of
sections to the global scope.
May 30 14:50:34 koios borgmatic[246058]: WARNING
/home/rak/.config/borgmatic/home.yaml: The repositories option now expects a
list of key/value pairs. Lists of strings for this option are deprecated and
support will be removed from a future release.
May 30 14:50:34 koios borgmatic[246058]: CRITICAL
/home/rak/.config/borgmatic/home.yaml: An error occurred
May 30 14:50:34 koios borgmatic[246058]: CRITICAL ssh://rsync.net/./home-koios:
Error running actions for repository
May 30 14:50:34 koios borgmatic[246058]: CRITICAL Remote: Bad owner or
permissions on /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf
May 30 14:50:34 koios borgmatic[246058]: CRITICAL Connection closed by remote
host. Is borg working on the server?
May 30 14:50:34 koios borgmatic[246058]: CRITICAL Command 'borg create
--exclude-from /tmp/tmpwrlf80y_ --compression auto,lzma --one-file-system
--verbose --info ssh://rsync.net/./home-koios::{hostname}-{now} [snip]
May 30 14:50:34 koios borgmatic[246058]: CRITICAL
May 30 14:50:34 koios borgmatic[246058]: CRITICAL Need some help?
https://torsion.org/borgmatic/#issues
They were generated by:
systemctl --user start borgmatic@home.service
A sanitized (but untested) version of my ~/.config/borgmatic/home.yaml,
referred to by borgmatic@.service, is also attached.
I am happy to test patches, etc, or provide additional debugging
information.
Best wishes,
Ryan
--
|)|/ Ryan Kavanagh | 4E46 9519 ED67 7734 268F
|\|\ https://rak.ac | BD95 8F7B F8FC 4A11 C97A
[Unit] Description=borgmatic backup Wants=network-online.target After=network-online.target # Prevent borgmatic from running unless the machine is plugged into power. Remove this line if you # want to allow borgmatic to run anytime. ConditionACPower=true ConditionFileNotEmpty=/home/rak/.config/borgmatic/%I.yaml Documentation=https://torsion.org/borgmatic/ [Service] Type=oneshot # Security settings for systemd running as root, optional but recommended to improve security. You # can disable individual settings if they cause problems for your use case. For more details, see # the systemd manual: https://www.freedesktop.org/software/systemd/man/systemd.exec.html LockPersonality=true # Certain borgmatic features like Healthchecks integration need MemoryDenyWriteExecute to be off. # But you can try setting it to "yes" for improved security if you don't use those features. MemoryDenyWriteExecute=no NoNewPrivileges=yes PrivateDevices=yes PrivateTmp=yes ProtectClock=yes ProtectControlGroups=yes ProtectHostname=yes ProtectKernelLogs=yes ProtectKernelModules=yes ProtectKernelTunables=yes RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK RestrictNamespaces=yes RestrictRealtime=yes RestrictSUIDSGID=yes SystemCallArchitectures=native SystemCallFilter=@system-service SystemCallErrorNumber=EPERM # To restrict write access further, change "ProtectSystem" to "strict" and # uncomment "ReadWritePaths", "TemporaryFileSystem", "BindPaths" and # "BindReadOnlyPaths". Then add any local repository paths to the list of # "ReadWritePaths". This leaves most of the filesystem read-only to borgmatic. ProtectSystem=full # ReadWritePaths=-/mnt/my_backup_drive # This will mount a tmpfs on top of /root and pass through needed paths # TemporaryFileSystem=/root:ro # BindPaths=-/root/.cache/borg -/root/.config/borg -/root/.borgmatic # BindReadOnlyPaths=-/root/.ssh # May interfere with running external programs within borgmatic hooks. CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW # Lower CPU and I/O priority. Nice=19 CPUSchedulingPolicy=batch IOSchedulingClass=best-effort IOSchedulingPriority=7 IOWeight=100 Restart=no # Prevent rate limiting of borgmatic log events. If you are using an older version of systemd that # doesn't support this (pre-240 or so), you may have to remove this option. LogRateLimitIntervalSec=0 # Delay start to prevent backups running during boot. Note that systemd-inhibit requires dbus and # dbus-user-session to be installed. ExecStartPre=sleep 1m ExecStart=systemd-inhibit --who="borgmatic" --what="sleep:shutdown" --why="Prevent interrupting scheduled backup" /usr/bin/borgmatic --verbosity -2 --syslog-verbosity 1 -c ${HOME}/.config/borgmatic/%I.yaml
home.yaml
Description: application/yaml
