backrest icon indicating copy to clipboard operation
backrest copied to clipboard
verified publisher icon garethgeorge

NixOS config for backrest

Open aquada opened this issue 9 months ago • 8 comments

This is more of a NixOS issue, but I thought I'd ask here. I'm having trouble getting the service to start, unknown file/folder backrest when starting the systemd service. Has anyone got a working Nix config that defines the backrest service that I could have a look at please?

aquada avatar Jun 23 '25 09:06 aquada

This works for me. I have rclone, restic and backrest in my global packages.

  # defaults to port 9898
  systemd.services.backrest = {
    description = "Launch backrest to take care of backups";
    wantedBy = ["multi-user.target"];
    requires = ["network-online.target"];
    script = "backrest";
    path = [pkgs.backrest pkgs.rclone];
    environment = {
      BACKREST_PORT = "0.0.0.0:9898";
    };
    serviceConfig = {
      Type = "simple";
      User = "stschiff";
      # AmbientCapabilities = "CAP_DAC_READ_SEARCH";
      # CapabilityBoundingSet = "CAP_DAC_READ_SEARCH";
      # ExecStart = "backrest";
      # It’s often a good idea to mark the service active after the command finishes.
      # RemainAfterExit = true;
    };
  };

chrisheib avatar Jun 25 '25 11:06 chrisheib

Perfect thank you @chrisheib works like a charm.

aquada avatar Jun 26 '25 09:06 aquada

Awesome! If I knew how it would probably be a good idea to include this in the package itself or a nixos config entry, as others might use this too.

chrisheib avatar Jun 26 '25 14:06 chrisheib

That would be first prize. The package is here Can you help at all @interdependence ? (maintainer of nixos package)

aquada avatar Jun 27 '25 18:06 aquada

Hi all, jumping on to this thread-- NixOS is an area of interest for me, I keep hearing about it. @interdependence if there's anything I can do to add official support for updates etc this is something I'm happy to discuss.

The releaser tool I use https://goreleaser.com/customization/nix/ does provide support for nix releases-- but looks like this would be a user repo as opposed to the official package you've published.

Side note: noticing some tests are skipped, best practice for backrest might be to focus on running the restic integration tests https://github.com/garethgeorge/backrest/tree/main/pkg/restic , they add value to run on each install as they'll assert that backrest is compatible with the version of restic it's getting from restic packages. The rest of the tests should be getting run by my release pipeline and wouldn't be expected to ever behave (particularly) differently on user systems-- beyond some flakes as you've observed.

Seeing that list did prompt me to spend a bit of time deflaking tests :) I've managed to improve a few of them, specially TestRunCommand should be much less flaky now.

garethgeorge avatar Jul 02 '25 23:07 garethgeorge

Hi,

I made a Backrest module for NixOS some time ago, but didn't bother creating a PR for this in nixpkgs.

However, I now took a few minutes to do it over here : https://github.com/NixOS/nixpkgs/pull/422093

Cheers,

M0ustach3 avatar Jul 03 '25 13:07 M0ustach3

Hey everyone,

I'm glad to hear that people are actually using the package! I don't actually use it myself at the moment and packaged it mainly to learn how Nixpkgs works. That being said I will have a look at the module PR.

Regarding the skipped tests in the package: I will have a closer look at them next time there is an version upgrade for Backrest. I didn't spend too much time debugging them, but usually these fail due to the sandboxed build environment.

interdependence avatar Jul 03 '25 18:07 interdependence

Building on the solution from @chrisheib I created this module for my NixOs config as backrest-service.nix:

# Importing this file adds Backrest as a systemd service to the system.
{
  config,
  pkgs,
  ...
}: {
  environment.systemPackages = with pkgs; [
    restic
    rclone
    backrest
  ];

  systemd.services.backrest = {
    description = "Backrest service";
    wantedBy = ["multi-user.target"];
    requires = ["network-online.target"];
    script = "backrest";
    path = [pkgs.backrest pkgs.rclone];
    environment = {
      BACKREST_PORT = "127.0.0.1:9898";
    };
    serviceConfig = {
      Type = "simple";
      User = "root";
      Group = "root";
    };
  };
}

It starts backrest as root, because I want also to backup /root, limits access to localhost and ensures that the required packages are installed.

This can be imported in configuration.nix like this:

  imports = [
    relative/path/to/backrest-service.nix
  ];

The only thing I couldn't figure out is how I can make Backrest use local time. All times are displayed in UTC on the NixOS system, but that's no real problem. Another system shows the same snapshots as correct local time, which means the data in the repo is fine.

silmaril42 avatar Aug 26 '25 16:08 silmaril42