Duplicity on Digi Storage

Here is a simple script to backup your Linux/FreeBSD server or your macOS on storage.rcs-rds.ro. I’m not associated with Digi Storage, I just know they have many users who can find this useful. As always, make sure you store your secrets in a safe file, preferably not in your script. This article assumes you have installed duplicity already. If not, in most cases it is very simple, your default package manager (apt, dnf, pkg, brew) should be able to take care of it.
What is duplicity? Duplicity is an open-source backup tool that provides encrypted, bandwidth-efficient, and space-efficient backups. It is designed to work well with both local and remote storage locations.

First, create a duplicity.conf with your connection information, mine looks like this:

# Digi storage auth.
EMAIL_ADDR=address@domain.com
FTP_PASSWORD=ftp-password
PASSPHRASE=a-random-string
  • EMAIL_ADDR = the email address you use to log on to https://storage.rcs-rds.ro
  • FTP_PASSWORD = the password you created on https://storage.rcs-rds.ro/app/admin/preferences/password
  • PASSPHRASE = a random passphrase used to encrypt your data. Yes, we are encrypting our data, especially if it is stored on the internet.
    WARNING: if you loose your FTP password or passphrase you lose you data, make sure to add them to your password manager.

Set proper permissions on duplicity.conf , for example chmod 400 duplicity.conf, so only your user can access it. An even better option is using Vault, using Vault is out of the scope of this article.

Then create the script:

#!/bin/bash
# Simple script to backup my stuff to storage.rcs-rds.ro
. /the/path/to/your/duplicity.conf
export EMAIL_ADDR
export FTP_PASSWORD
export PASSPHRASE

duplicity --no-print-statistics remove-older-than 1Y ftp://$EMAIL_ADDR@storage.rcs-rds.ro/Digi\ Cloud/server1/etc
duplicity --no-print-statistics remove-older-than 1Y ftp://$EMAIL_ADDR@storage.rcs-rds.ro/Digi\ Cloud/server1/usr/local/etc
duplicity --log-file /var/log/duplicity.log --full-if-older-than 3M /etc ftp://$EMAIL_ADDR@storage.rcs-rds.ro/Digi\ Cloud/server1/etc
duplicity --log-file /var/log/duplicity.log --full-if-older-than 3M /usr/local/etc ftp://$EMAIL_ADDR@storage.rcs-rds.ro/Digi\ Cloud/server1/usr/local/etc

The script is going to backup /etc and /usr/local/etc directories, for more directories simply add a line with the directory’s full path. By default incremental backups (archives of new files and the deltas from previous backups) are added, if it has been more than 3 months it’ll do a full backup. Backups older than one year are going to be deleted. When you run this script for the first time the remove-older-than lines will error out, this is expected as there are no backups yet.

Note how we are escaping the space in “Digi Cloud” with a \, this is needed in shell. If you run the commands by hand, once done, unset the variables containing the secrets: unset FTP_PASSWORD, unset PASSPHRASE.

Checking the status of your backup:

% source duplicity.conf
% export EMAIL_ADDR
% export FTP_PASSWORD
% export PASSPHRASE
% duplicity collection-status ftp://$EMAIL_ADDR@storage.rcs-rds.ro/Digi\ Cloud/server1/etc
LFTP version is 4.9.2
Last full backup date: Sun Jul  7 11:15:06 2024
Collection Status
-----------------
Connecting with backend: BackendWrapper
Archive dir: /home/joe/.cache/duplicity/e3e3dd7a10e742f7dabe3c8bf63c1627

Found 0 secondary backup chains.

Found primary backup chain with matching signature chain:
-------------------------
Chain start time: Sun Jul  7 11:15:06 2024
Chain end time: Sat Aug  3 17:56:02 2024
Number of contained backup sets: 7
Total number of contained volumes: 7
 Type of backup set:                            Time:      Num volumes:
                Full         Sun Jul  7 11:15:06 2024                 1
         Incremental         Sun Jul  7 11:22:54 2024                 1
         Incremental         Fri Jul 12 21:01:59 2024                 1
         Incremental         Sun Jul 14 06:47:05 2024                 1
         Incremental         Sun Jul 21 06:47:05 2024                 1
         Incremental         Sun Jul 28 06:47:05 2024                 1
         Incremental         Sat Aug  3 17:56:02 2024                 1
-------------------------
No orphaned or incomplete backup sets found.
$ unset FTP_PASSWORD
$ unset PASSPHRASE

Listing files in your backup:

% source duplicity.conf
% export EMAIL_ADDR
% export FTP_PASSWORD
% export PASSPHRASE
% duplicity list-current-files  ftp://$EMAIL_ADDR@storage.rcs-rds.ro/Digi\ Cloud/server1/etc
LFTP version is 4.8.4
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Sun May 12 06:47:06 2024
Fri Aug  2 22:13:18 2024 .
Wed Aug 25 11:10:00 2021 acpi
Wed Aug 25 11:10:00 2021 acpi/events
Sun Apr 19 19:28:23 2020 acpi/events/powerbtn-acpi-support
Sun Apr 19 19:28:23 2020 acpi/powerbtn-acpi-support.sh
Wed Aug 25 11:07:20 2021 adduser.conf
Wed Aug 25 11:10:27 2021 adjtime
Sun Mar 17 11:21:37 2024 alternatives
Wed Apr 14 00:43:39 2021 alternatives/README
Fri Dec 22 22:21:29 2023 alternatives/arptables
Fri Dec 22 22:21:29 2023 alternatives/arptables-restore
Fri Dec 22 22:21:29 2023 alternatives/arptables-save
...
Tue Jul 13 19:29:24 2021 systemd/system.conf
Tue Jul 13 19:29:24 2021 systemd/timesyncd.conf
Fri Dec 22 23:29:13 2023 systemd/user
Fri Dec 22 23:29:14 2023 systemd/user/sockets.target.wants
Fri Dec 22 23:29:14 2023 systemd/user/sockets.target.wants/dirmngr.socket
Fri Dec 22 23:29:13 2023 systemd/user/sockets.target.wants/gpg-agent-browser.socket
Fri Dec 22 23:29:13 2023 systemd/user/sockets.target.wants/gpg-agent-extra.socket
Fri Dec 22 23:29:14 2023 systemd/user/sockets.target.wants/gpg-agent-ssh.socket
Fri Dec 22 23:29:14 2023 systemd/user/sockets.target.wants/gpg-agent.socket

Restoring files: by default duplicity restores the latest backup, if you’d like to restore a specific version of the file/directory you can specify it using the -t parameter, see the manual for more details.

% source duplicity.conf
% export EMAIL_ADDR
% export FTP_PASSWORD
% export PASSPHRASE
duplicity --file-to-restore ssl/openssl.cnf ftp://$EMAIL_ADDR@storage.rcs-rds.ro/Digi\ Cloud/server1/etc restore/ssl/openssl.cnf
LFTP version is 4.8.4
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Sun May 12 06:47:06 2024
duplicity -t 7D --file-to-restore systemd/timesyncd.conf ftp://$EMAIL_ADDR@storage.rcs-rds.ro@storage.rcs-rds.ro/Digi\ Cloud/server1/etc restore/timesyncd.conf
LFTP version is 4.8.4
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Sun May 12 06:47:06 2024
$ unset FTP_PASSWORD
$ unset PASSPHRASE

Once done you can create a cron or periodic job by copying your script under /etc/cron.daily/ (Linux) or /usr/local/etc/periodic/daily/ (FreeBSD) directories. Don’t forget to make them executable: chmod +x or chmod 700.

A side node, as of now storage.rcs-rds.ro and storage.digi.ro are different servers, I’m not sure why or what’s the difference.

❯ host storage.rcs-rds.ro
storage.rcs-rds.ro has address 62.231.125.2
storage.rcs-rds.ro mail is handled by 0 mail.storage.rcs-rds.ro.
❯ host storage.digi.ro
storage.digi.ro has address 81.196.1.156
storage.digi.ro has address 81.196.1.152

Fore more ideas I recommend visiting the following websites:
https://help.ubuntu.com/community/DuplicityBackupHowto
https://www.thegeekdiary.com/duplicity-creates-incremental-compressed-encrypted-and-versioned-backups/

Volume size can be important, the default worked out for me. You can find here a good article about it: https://forum.duplicati.com/t/choosing-sizes-in-duplicati/17683


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.