Duply

From ArchWiki

From duply.net:

Duply is a frontend for the mighty duplicity magic. Duplicity is a python based shell application that makes encrypted incremental backups to remote storages.

Installation

Duply can be installed with the duplyAUR package.

Usage

For an overview on how to use Duply, run duply usage.

The first thing to do is create a profile. Run duply my_profile create to create a profile named my_profile. Then configure the profile using the file ~/.duply/my_profile/conf.

Use duply my_profile backup to make backups and duply my_profile restore restore_directory to restore after configuration is complete.

Configuration

Set GPG_KEY to encrypt and sign the backup with a GPG key. Set the GPG_PW with the GPG passphrase. See #No GPG Passphrase for details on Duply prompting for the GPG passphrase. Set TARGET for the destination of the backup. Set SOURCE for the base location to backup. See the conf file for information on other Duply backup settings.

Example:

~/.duply/my_profile/conf
GPG_KEY='72AD0468'
GPG_PW='password'
TARGET='file://my_profile_backup'
SOURCE='/tmp/important_files'

Now run duply my_profile backup to backup everything in /tmp/important_files. The first time duply my_profile backup the user will be prompted for the GPG passphrase so that the key can be exported for safe keeping. Afterwords, Duply should run without prompting for a passphrase.

To exclude files backed up, see the ~/.duply/my_profile/exclude file.

~/.duply/my_profile/exclude
# Backup everything except this directory
- **/less_important_files

OR

~/.duply/my_profile/exclude
# Individual files
+ /tmp/important_files/file1
+ /tmp/important_files/file2

# Exclude cache inside directory
- /tmp/important_files/directory/cache
+ /tmp/important_files/directory

# Exclude everything else
- **

Dupicity exclude requires ** as to match the base directory.

No GPG Passphrase

Because of a bug in the Duply, duplicity will prompt for a GPG passphrase even though it is available from the gpg-agent. Simply pressing return during the prompt will work as the passphrase is not needed to use the key (if the key is cached), or the DUPL_PARAMS="$DUPL_PARAMS --use-agent" line can be added to the conf.

~/.duply/my_profile/conf
# Turn on --use-agent option no matter what
DUPL_PARAMS="$DUPL_PARAMS --use-agent"

Signing fails using GPG version 2.1.0 or later

Due to changes in recent versions of GPG, this message may occur during backup process:

duply gpg: signing failed: Inappropriate ioctl for device

This can be fixed by uncommenting GPG_OPTS section of Duply's conf file and adding --pinentry-mode loopback argument into it:

~/.duply/my_profile/conf OR /etc/duply/my_profile/conf (if running as root)
GPG_OPTS='--pinentry-mode loopback'

Backup configuration

It is important to backup the configuration for your profile so that the backup can be recovered. One way to do this automatically is to add a post script which tars the profile after a backup. For example:

~/.duply/my_profile/post
#!/bin/bash

profile_name=$(basename $CONFDIR)

time=$(date +%s)
backup_file="$HOME/.duply/duply-$profile_name-"$time".tar.gz"

# Archive the profile in the ~/.duply directory.
tar -zcvf $backup_file -C $HOME/.duply $profile_name
chmod 600 $backup_file

Copy the *.tar.gz file to a secure storage location such as LastPass, KeePass, Bitwarden or an offline USB harddrive. Another option is to archive the profile on a piece of paper as QR code (duply_qr-gitAUR). The configuration file should accessible even if access is lost to the computer being backed up because the whole point of the backup is that it can be recovered even if the computer is lost or destroyed.