Systemd

systemd is a common service manager in use by many Linux distributions. resticprofile has the ability to create systemd timer and service files. systemd can be used in place of cron to schedule backups.

User systemd units are created under the user’s systemd profile (~/.config/systemd/user).

System units are created in /etc/systemd/system

systemd calendars

resticprofile uses systemd OnCalendar format to schedule events.

Testing systemd calendars can be done with the systemd-analyze application. systemd-analyze will display when the next trigger will happen:

systemd-analyze calendar 'daily'

  Original form: daily
Normalized form: *-*-* 00:00:00
    Next elapse: Sat 2020-04-18 00:00:00 CDT
       (in UTC): Sat 2020-04-18 05:00:00 UTC
       From now: 10h left

First time schedule

When you schedule a profile with the schedule command, under the hood resticprofile will

• create the unit file (of type notify)
• create the timer file
• run systemctl daemon-reload (only if schedule-permission is set to system)
• run systemctl enable
• run systemctl start

Run after the network is up

Specifying the profile option schedule-after-network-online: true means that the scheduled services will wait for a network connection before running. This is done via an After=network-online.target entry in the service.

systemd drop-in files

It is possible to automatically populate *.conf.d drop-in files for profiles, which allows easy overriding of the generated services, without modifying the service templates. For example:

version = "1"

[root]
  systemd-drop-in-files = ["99-drop-in-example.conf"]

  [root.backup]
    schedule = "hourly"
    schedule-permission = "system"
    schedule-lock-wait = "45m"
    schedule-after-network-online = true

---
version: 1

root:
  systemd-drop-in-files:
    - "99-drop-in-example.conf"

  backup:
    schedule: hourly
    schedule-permission: system
    schedule-lock-wait: 45m
    schedule-after-network-online: true

"version" = "1"

"root" = {
  "systemd-drop-in-files" = ["99-drop-in-example.conf"]
  "backup" = {
    "schedule" = "hourly"
    "schedule-permission" = "system"
    "schedule-lock-wait" = "45m"
    "schedule-after-network-online" = true
  }
}

{
  "version": "1",
  "root": {
    "systemd-drop-in-files": ["99-drop-in-example.conf"],
    "backup": {
      "schedule": "hourly",
      "schedule-permission": "system",
      "schedule-lock-wait": "45m",
      "schedule-after-network-online": true
    }
  }
}

Where 99-drop-in-example.conf is in the same directory as profiles.toml and with the contents

[Service]
Environment=RCLONE_CONFIG=%d/rclone.conf
SetCredentialEncrypted=restic-repo-password: \
        Whxqht+dQJax1aZeCGLxmiAAAAABAAAADAAAABAAAABl6ctIWEqgRC4yHbgAAAAA8umMn \
        +6KYd8tAL58jUmtf/5wckDcxQSeuo+xd9OzN5XG7QW0iBIRRGCuWvvuAAiHEAKSk9MR8p \
        EDSaSm
SetCredentialEncrypted=rclone.conf: \
        Whxqht+dQJax1aZeCGLxmiAAAAABAAAADAAAABAAAAC+vNhJYedv5QmyDHYAAAAAimeli \
        +Oo+URGN47SUBf7Jm1n3gdu22+Sd/eL7CjzpYQvHAMOCY8xz9hp9kW9/DstWHTfdsHJo7 \
        thOpk4IbSSazCPwEr39VVQONLxzpRlY22LkQKLoGAVD4Yifk+U5aJJ4FlRW/VGpPoef2S \
        rGvQzqQI7kNX+v7EPXj4B0tSUeBBJJCEu4mgajZNAhwHtbw==

Generated with the following, see systemd credentials docs for more details. This could allow, for example, using a TPM-backed encrypted password, outside of the resticprofile config itself

systemd-ask-password -n | sudo systemd-creds encrypt --name=restic-repo-password -p - -
sudo systemd-creds encrypt --name=rclone.conf -p - - <<EOF
[restic-example]
type = smb
host = example
user = restic
pass = $(systemd-ask-password -n "smb restic user password" | rclone obscure -)
EOF

Priority and CPU scheduling

resticprofile allows you to set the nice value, the CPU scheduling policy and IO nice values for the systemd service. This is only working properly for resticprofile >= 0.29.0.

How to change the default systemd unit and timer file using a template

By default, an opinionated systemd unit and timer are automatically generated by resticprofile.

Since version 0.16.0, you now can describe your own templates if you need to add things in it (typically like sending an email on failure).

The format used is a go template and you need to specify your own unit and/or timer file in the global section of the configuration (it will apply to all your profiles):

[global]
  systemd-unit-template = "service.tmpl"
  systemd-timer-template = "timer.tmpl"

---
global:
  systemd-unit-template: service.tmpl
  systemd-timer-template: timer.tmpl

"global" = {
  "systemd-unit-template" = "service.tmpl"
  "systemd-timer-template" = "timer.tmpl"
}

{
  "global": {
    "systemd-unit-template": "service.tmpl",
    "systemd-timer-template": "timer.tmpl"
  }
}

Here are the defaults if you don’t specify your own (which I recommend to use as a starting point for your own templates)

Default unit file

[Unit]
Description={{ .JobDescription }}
{{ if .AfterNetworkOnline }}After=network-online.target
{{ end }}
[Service]
Type=notify
WorkingDirectory={{ .WorkingDirectory }}
ExecStart={{ .CommandLine }}
{{ if .Nice }}Nice={{ .Nice }}
{{ end -}}
{{ if .CPUSchedulingPolicy }}CPUSchedulingPolicy={{ .CPUSchedulingPolicy }}
{{ end -}}
{{ if .IOSchedulingClass }}IOSchedulingClass={{ .IOSchedulingClass }}
{{ end -}}
{{ if .IOSchedulingPriority }}IOSchedulingPriority={{ .IOSchedulingPriority }}
{{ end -}}
{{ range .Environment -}}
Environment="{{ . }}"
{{ end -}}

Default timer file

[Unit]
Description={{ .TimerDescription }}

[Timer]
{{ range .OnCalendar -}}
OnCalendar={{ . }}
{{ end -}}
Unit={{ .SystemdProfile }}
Persistent=true

[Install]
WantedBy=timers.target

Template variables

These are available for both the unit and timer templates:

• JobDescription string
• TimerDescription string
• WorkingDirectory string
• CommandLine string
• OnCalendar array of strings
• SystemdProfile string
• Nice integer
• Environment array of strings