Duplicity jail

Setup for Duplicity service jail with iocage.

On FreeNAS

Create jail:

iocage create --release 11.1-RELEASE --name duplicity \
          boot="on" vnet=on bpf=on \
          allow_raw_sockets="1" \
          ip4_addr="vnet1|172.20.40.41/24" \
          interfaces="vnet1:bridge1" \
          defaultrouter="172.20.40.1" \
          resolver="search ramsden.network;nameserver 172.20.40.1;nameserver 8.8.8.8"

Create user on FreeNAS with ID 983, nologin to match the user in the jail.

Nullfs mount datasets to backup in jail:

Duplicity data:

iocage exec duplicity 'mkdir -p /mnt/duplicity/data'
iocage fstab --add duplicity '/mnt/tank/data/syncthing/sync /mnt/duplicity/data nullfs rw 0 0'

Start jail and enter.

iocage console duplicity

Jail

In the jail, update all packages and install duplicity and py27-boto.

Create a user with uid 983 to match mounted data.

Add script /usr/local/scripts/duplicitybak, put secrets in /usr/local/scripts/duplicitybak.auth.

Secrets in /usr/local/scripts/duplicitybak.auth:

Set executable:

Now I can be run from a crontab outside of the jail: