Duplicati is the primary backup orchestrator for Smithflix configuration and selected user data. It is the control point for backing up /srv/docker, /opt/stacks, and the documented personal-media sources.
This page documents the duplicati service itself. Overall backup policy lives on Backups.
- Container:
duplicati
- Image:
lscr.io/linuxserver/duplicati:latest
- Stack: Backups Stack
- Compose path:
/opt/stacks/backups/compose.yaml
- Docker network:
backups_default
- Restart policy:
unless-stopped
- LAN port:
8200
- Public hostname:
duplicati.better-than.tv
- No container healthcheck is configured as of
2026-04-07
¶ Config and Data Paths
- Config root:
/srv/docker/duplicati/config
- Source mount for compose files:
/opt/stacks mounted into the container as /source/docker/compose
- Source mount for service configs:
/srv/docker mounted as /source/docker/config
- Source mount for personal media:
/media/personal
- Source mounts for photo backups:
/media/momphotobackup, /media/adamphotobackup
- LAN URL:
http://192.168.0.113:8200
- Public URL:
https://duplicati.better-than.tv
¶ Authentication and Secret Locations
- As verified on
2026-04-07, SETTINGS_ENCRYPTION_KEY is still inline in /opt/stacks/backups/compose.yaml
- This secret should be migrated into a stack-local
.env file to match Smithflix policy
- Remote-backend credentials and job state live inside the Duplicati config directory
- Treat Duplicati as the control plane for recovering
/srv/docker and /opt/stacks
- If the UI becomes inaccessible because of permission drift, use
/home/adam/scripts/fix-duplicati-acls.sh
- Revalidate source mounts after any storage layout change so backups do not silently lose coverage
- Prefer updating backup scope documentation in the same turn as any new service deployment or path change
¶ Monitoring and Logs
- Docker logging driver is inherited from the stack defaults
- Startup logs showed the service listening on
*:8200
- No container healthcheck exists, so service validation should include a live HTTP check rather than container state alone
- Duplicati job success/failure should be monitored in the UI in addition to Docker logs
¶ Backup and Restore
- The service config directory itself lives under
/srv/docker/duplicati/config, which is inside the documented backup scope
- Recovery depends on both the config directory and access to the external backup destination used by the jobs
- After restore, confirm encryption settings, job definitions, and source mounts before trusting the backup system again
¶ Failure Modes and Recovery
- Losing
SETTINGS_ENCRYPTION_KEY can make stored configuration unusable even when the config files are present
- Permission drift on
/srv/docker/duplicati/config can break the UI or job execution
- Source path changes under
/srv/docker, /opt/stacks, or /media can silently reduce backup coverage if jobs are not updated
- Because there is no healthcheck, a running container is not enough proof that backup operations are healthy