Hi all.
I am trying to install Duplicati on Arch. There is already a thread about this, but it is from before the 2.0 release.
I have a few questions:
- Why does the AUR package suggest I enter a password in the systemctl file. If the password is set via a file in plaintext, that defeats the entire purpose of encryption.
- How do I set the tray icon?
UI can be accessed via following URL: http://localhost:8200
- Running duplicati user instance (using current user account)
-
set up database password: systemctl --user edit duplicati
[Service]
Environment=“SETTINGS_ENCRYPTION_KEY=<your_password_here>”
(see Release v2.0.9.106_canary_2024-09-03 · duplicati/duplicati · GitHub for details)
-
to start duplicati manually: systemctl --user start duplicati
-
to autostart duplicati on user login: systemctl --user enable duplicati
- To run Duplicati.Server.exe as root, simply use systemd’s “drop-in” feature
- and specify
- User=root
- Group=root
The Arch package is community provided and I do not have control over it.
The SETTINGS_ENCRYPTION_KEY sets up encryption of the settings database. The main purpose of this is to secure the database in case it ever leaves the system. The database contains the signing keys for you access tokens, and the credentials+encryption passphrase for backups.
With a copy of the database an attacker would be able to log in to the Duplicati UI without a password, and directly tamper with the remote backup data. For that reason, it is recommended that you encrypt the database as shown in the suggestion.
If you prefer to not have that key in plain text, you need to figure out where to store it, and that is usually hard for something you would like to just run on startup. You can use one of the secret providers and use one of the supported providers ot remove it from the file.
There is a guide that explains how to use a “detached TrayIcon”, which can connect to a running server (in another user context) instead of hosting the server inside the process.