As described in my previous post I use Duplicity with Google Drive for storage. In this post I give a quick how to on configuring Duplicity for that setup.

Prerequisites

  • Duplicity installed
  • PyDrive, I installed it from Arch Linux's Aur repository
  • GPG keys configured
  • A Google Drive account
  • First time you run Duplicity it has to be done interactively, as it will prompt you to allow access to Google drive

Google drive API setup

Go to console.developers.google.com and create a new project, under "Show advanced options > App Engine location" I selected "europe-west".

  1. Select "Google Drive API" and enable, then select "Credentials" in the menu to the left
  2. Fill out "OAuth consent screen"
  3. Click "Create credentials" in the popup and select "OAuth client ID" in the dropdown
  4. Select "Other" and give the client a name
  5. Download the JSON file, save it as /root/.duplicity/client_secrets.json . Put the "Client ID" and "Client secret" in /root/.duplicity/gdrive (see below)
1. Enabling Google drive API for project
1. Enabling Google drive API for project
2. OAuth consent screen
2. OAuth consent screen
3. Selecting OAuth client ID
3. Selecting OAuth client ID
4. Creating client ID
4. Creating client ID
5. Credentials for client and JSON download
5. Credentials for client and JSON download

Create /root/.duplicity/gdrive and add the values from step 5:

client_config_backend: settings
client_config:
  client_id: XXXXXXXXXXXXXXXXXXXXXX.apps.googleusercontent.com
  client_secret: XXXXXXXXXXXXXXXXXXXXXX
save_credentials: True
save_credentials_backend: file
save_credentials_file: gdrive.cache
get_refresh_token: True

Granting Duplicity access to Google drive

PyDrive would prompt for a verification code everytime I ran Duplicity, and would not create the gdrive.cache file. I fixed it by changing the current working directory to /root/.duplicity/ . A simple script like the following should work:

#!/bin/bash
cd /root/.duplicity/

PASSPHRASE="XXXXXXXXXX"
GOOGLE_DRIVE_SETTINGS="/root/.duplicity/gdrive"
DEST="gdocs://YOUR_GMAIL/SOME_DIR/$HOSTNAME/home"
SRC="/home"

duplicity incr --encrypt-key XXXXXXX --full-if-older-than 4M --volsize 1024 --asynchronous-upload --exclude-device-files --exclude-other-filesystems "${SRC}" "${DEST}"

When you run this script the first time, you should get a prompt that says (XXXXXXXXXXXXXXXXXXXXXX will be your client id):

Go to the following link in your browser:

    https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&client_id=XXXXXXXXXXXXXXXXXXXXXX.apps.googleusercontent.com&access_type=offline

Enter verification code:

When you have approved access you should have the file /root/.duplicity/gdrive.cache , and next time Duplicity runs, it should automatically be authorized.

Wrapping up

I have created a set of Duplicity backup scrips with error handling/reporting that wraps backup, restore, cleanup and backup verification, feel free to use or fork them :)