User level backup with borgmatic

I have been using Bareos (previously I used Bacula) for many years, both at work and at home. Since Freedombox uses Borg, and it is always good to understand what is available I have been looking at Borg for comparison. This led me to Borgmatic, as a good way to setup and manage Borg backups. The Debian package gave me a smooth route to system backups (the systemd files required to automate the running need to be manually installed and configured, but this is not too tricky – the main thing to watch out for is adjusting the path to executable in /etc/systemd/system/borgmatic.service)

I wanted to see if I could run a separate backup of key files from my user account so they could be held on another server as an extra level of security. I discovered a problem, in that some, but not all, of those files are really held on an NFS server, and root on my desktop does not have access to them. This prompted me to see if I could run borgmatic, as installed at a system level from the Debian bullseye package, as a normal user. It turns out to be possible, and as it might be useful to others I am documenting it here.

mkdir .config/borgmatic
generate-borgmatic-config -d .config/borgmatic/config.yaml

Note above that borgmatic uses -d for the name of the configuration file when it is being generated, but -c elsewhere.

Now edit the borgmatic configuration to pick up the files to be backed up and the place they should be stored. This could be a remote borg server, completely different from the one used for system backups.

validate-borgmatic-config -c .config/borgmatic/config.yaml

borgmatic -c .config/borgmatic/config.yaml init --encryption repokey
borgmatic -c .config/borgmatic/config.yaml --verbosity 1 --files

This should check the configuration, and backup the files.

Now to run it as a systemd user service with a timer.

mkdir -p .config/systemd/user

within this directory create these files – based on the system ones


Description=User borgmatic backup

# Backup at some time when the system will be, but not busy



Description=borgmatic user john backup

ExecStart=/usr/bin/borgmatic -c /home/john/.config/borgmatic/config.yaml --verbosity -1 --syslog-verbosity 1

Now run the commands

systemctl --user daemon-reload
systemctl --user enable borgmatic.timer --now

These should now run your backup once per day at the time you specified. Note that this assumes your user is logged on, which is the case for me – getting into user timers which run when the user is logged out is another issue – and requires root access, which none of the preceding steps need (as long as the borgmatic package is installed.