Skip to content

Instantly share code, notes, and snippets.

@jg3

jg3/truenas_duplicati_jail_20231206.md

Last active February 26, 2024 20:22
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jg3/6aaffc3944ba6f9827c0173c8ee440d4 to your computer and use it in GitHub Desktop.
Save jg3/6aaffc3944ba6f9827c0173c8ee440d4 to your computer and use it in GitHub Desktop.
Download ZIP
Backup: Installing Duplicati into a TrueNAS Jail
Raw
truenas_duplicati_jail_20231206.md

WARNING: orphaned

This worked for me. It will probably work for you with minor touches if you insist. After I ran this for a while I didn't like how unreliable Duplicati was with the actual work of backing up and I began to investigate Duplicacy instead. I will leave this here for a year or so because it will probably remain more or less valid for that long and I did spend a lot of time putting it together to just thwack it because it's not useful to me. YMMV. GL. GG.

Duplicati on TrueNAS

This is a note on installing Duplicati, a free Backup server into a TrueNAS Core jail.

1 - Set up and configure the Jail

In TrueNAS create a Jail running the latest FreeBSD image available (13.2-RELEASE-p4). I am calling this jail instance backup

todo: Add notes on jail settings
I find there is trouble with TrueNAS jails and DHCP, but otherwise the defaults should be fine.

Mount points:

1️⃣ /mnt/Vol_2X8T/Server/Apps/Backup/ --> /mnt/Vol_2X8T/iocage/jails/backup/root/mnt/
2️⃣ /mnt --> /mnt/Vol_2X8T/iocage/jails/backup/root/media

1️⃣ Where you put your app data is beyond the scope of this note, but in general a persistent location for containerized (incl. jailed) apps to store configs and data is useful, and gets mounted to a handy path inside the container. Here I'm using /mnt and I will put everything within that directory that needs to persist outside the jail. I will symlink the config and startup files from there into the jail when recreating it.

If you don't do this, you can still follow this guide unchanged (/mnt is a default and empty directory in FreeBSD). The main difference is destroying your jail will destroy the Duplicati files and configs too.

If you are closely following this guide, the paths here from /mnt should be fine. If you mount your persistent storage somewhere else that's fine (Linux often uses /opt for this kind of stuff), but you may need to add some settings in the /etc/rc.conf.local file as the /usr/local/etc/rc.d/duplicati example included below assumes my paths as the defaults.

2️⃣ Mounting the topmost level of my TrueNas storage to /media inside the jail as read only so all the backup jobs I create will run out of there.

These mounting strategies are mine. Feel free to use or improve on them. Live large.

2 - Get & Install Duplicati

For this section you should be operating from a root shell in your new jail.

  • Use curl to download the zip file.
    pkg install curl
  • We will need Mono to run the .net executables in the *nix environment.
    pkg install mono will NOT work as it (currently) installs mono5.20. As of this writing there is a package for mono6: mono6.8-6.8.0.123_2 which works. Because these are updated regularly, check pkg search mono to find the exact package available.
    pkg install mono6.8-6.8.0.123_2
  • We will need sqlite3 for Duplicati to store data pkg install sqlite3
  • Create the user (and group) that Duplicati will run under.
    pw user add duplicati -c duplicati -u 818 -d /nonexistent -s /usr/bin/nologin
  • Create a some directories for binaries, data, and startup scripts.
    mkdir -p /mnt/Duplicati-bin /mnt/Duplicati-data /mnt/_usr_local_etc/rc.d
    chown duplicati:duplicati /mnt/Duplicati-data/
  • Get link for zip file from https://www.duplicati.com/download and decompress it:
    curl -o /mnt/Duplicati-bin/duplicati.zip https://updates.duplicati.com/beta/duplicati-2.0.7.1_beta_2023-05-25.zip
    cd /mnt/Duplicati/ ; unzip duplicati.zip

Duplicati Startup Script

We will follow the FreeBSD convention using a startup script for local services. This will show up as /usr/local/etc/rc.d/duplicati inside the jail.

  1. Copy the contents from the appendix /mnt/_usr_local_etc/rc.d/duplicati below. You should not need to edit any of the stuff in this file.
  2. Use your favorite editor to create the file and paste in the contents.
    ee /mnt/_usr_local_etc/rc.d/duplicati
  3. Set the correct file permissions on that file.
    chmod 555 /mnt/_usr_local_etc/rc.d/duplicati
  4. Link it into place inside the jail filesystem.
    ln -s /mnt/_usr_local_etc/rc.d /usr/local/etc/rc.d

Local rc configuration

We will continue followingthe FreeBSD convention for enabling and passing variables to local services. This will show up as /etc/rc.conf.local inside the jail.

  1. Copy and paste the contents from the appendix /mnt/_etc_rc.conf.local below.
  2. Use your favorite editor to create and paste in the contents. You should definitely read the comments and edit these settings to suit your environment.
    ee /mnt/_etc_rc.conf.local
  3. Set the correct file permissions on that file.
    chmod 755 /mnt/_etc_rc.conf.local
  4. Link it into place inside the jail filesystem.
    ln -s /mnt/_usr_local_etc/rc.d /usr/local/etc/rc.d

But does it work?

Now you should be able to run the command service duplicati status and if you got back the answer duplicati is not running. Congratulations -- you're on the right track. Now let's actually start up Duplicati. ready?
service duplicati start

todo: does it actually work? I think it does, it seems to be working for me. Please let me know if it works for you, or if you have comments on how this doc can be improved.

99 - Recreating

Taking a day off? Inadvertently killed your jail? Want to upgrade the jail easily? These commands inside the jail should get you back in action if you have already created the jail as described above and just want to bring up the same settings and data in a new jail instance.

refer to the notes above about determining exactly what version / package of mono to install

pkg install sqlite3 mono6.8-6.8.0.123_2
ln -s /mnt/_etc_rc.conf.local /etc/rc.conf.local
ln -s /mnt/_usr_local_etc/rc.d /usr/local/etc/rc.d
pw user add duplicati -c duplicati -u 818 -d /nonexistent -s /usr/bin/nologin

Appendix

Contents of /mnt_usr_local_etc/rc.d/duplicati

Hat tip to Ryan_Y who posted a version of this on the Duplicati forum

#!/bin/sh

# $FreeBSD$
#
# PROVIDE: duplicati
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add these settings to /etc/rc.conf.local to configure this service:
#
# duplicati_enable: Set to YES to enable duplicati
# duplicati_user: The user account used to run the duplicati daemon.
#  This is optional, however do not specifically set this to an
#  empty string as this will cause the daemon to run as root.
# duplicati_group: The group account used to run the duplicati daemon.
#  This is optional, however do not specifically set this to an
#  empty string as this will cause the daemon to run with group wheel.
# duplicati_data_dir: Directory where duplicati configuration
#  data is stored.
# duplicati_exe: path to the Duplicati.Server.exe binary
# duplicati_webui_password: there are better ways to do this
#  Default empty (note this webUI connection is not encrypted,
#  this password will be passed over the network in cleartext)
# duplicati_webui_port: TCP port for web user interface
# duplicati_webui_allowed_hostnames: hosts permitted for initial
#  connection to the webUI.  As this is a server, starting open
#  is probably okay, the list can be limited within the config.

. /etc/rc.subr

name=duplicati
rcvar=${name}_enable
load_rc_config $name

start_precmd="${name}_precmd"
required_dirs="${duplicati_data_dir}"

# Varibles you could set in /etc/rc.conf.local
: ${duplicati_enable:="NO"}
: ${duplicati_webui_password:=""}
: ${duplicati_webui_port:=8200}
: ${duplicati_webui_allowed_hostnames:="*"}
: ${duplicati_user:="duplicati"}
: ${duplicati_group:="duplicati"}
: ${duplicati_data_dir:="/mnt/Duplicati-data/"}
: ${duplicati_exe:="/mnt/Duplicati-bin/Duplicati.Server.exe"}
: ${duplicati_pidfile:="/tmp/duplicati.pid"}
: ${duplicati_msg_success:="Duplicati daemon started on pid: "}


startmsg="Starting ${name} daemon"

command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"

command_args="-S -t ${name} -T ${name} -p ${duplicati_pidfile} \
  ${procname} ${duplicati_exe} \
  --webservice-port=${duplicati_webui_port} --webservice-interface=any \
  --webservice-allowed-hostnames=${duplicati_webui_allowed_hostnames} \
  --webservice-password=${duplicati_webui_password} \
  --server-datafolder=${duplicati_data_dir}"

duplicati_precmd() {
  export USER=${duplicati_user}
  if [ ! -d ${duplicati_data_dir} ]; then
    install -d -o ${duplicati_user} -g ${duplicati_group} ${duplicati_data_dir}
  fi
}

run_rc_command $1

Contents of /mnt/_etc_rc.conf.local

The top two lines are not related to Duplicati, feel free to leave them out if you do not want the Jail to run an SSH daemon.

## Run SSH daemon
sshd_enable="YES"

#### Duplicati settings ####
# Nothing else matters if this is not YES
duplicati_enable="YES"

# if webui port is not set here default will be 8200
duplicati_webui_port="8200"

# If webui password is not set here default will be empty
# NOTE: this webUI connection is not encrypted, this
# password will be passed over the network in cleartext
duplicati_webui_password="LetMeInPlease"

References

@Nordlicht-13
Copy link

cd /mnt/Duplicati/ ; unzip duplicati.zip has to be cd /mnt/Duplicati-bin/ ; unzip duplicati.zip

When I start the jail, dubplicati is not starting. I have to startin manually with "service duplicati onestart"
"service duplicati start" is not working even if "duplicati_enable" is set to "YES""

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment