Initital Commit

Dockerfile

@@ -0,0 +1,24 @@
+############################################################
+# Dockerfile to build borgbackup server images
+# Based on Debian
+############################################################
+FROM debian:latest
+
+# Volume for SSH-Keys
+VOLUME /sshkeys
+
+# Volume for borg repositories
+VOLUME /backup
+
+RUN apt-get update && apt-get -y install borgbackup openssh-server
+RUN useradd -s /bin/bash -m borg
+RUN mkdir /home/borg/.ssh && chmod 700 /home/borg/.ssh && chown borg: /home/borg/.ssh
+RUN mkdir /run/sshd
+
+COPY ./data/run.sh /run.sh
+COPY ./data/sshd_config /etc/ssh/sshd_config
+
+CMD /bin/bash -x /run.sh
+
+# Default SSH-Port for clients
+EXPOSE 22

data/run.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+# Init borg-users .ssh/authorized_keys
+
+BORG_DATA_DIR=/backup
+BORG_CMD='cd ${BORG_DATA_DIR}/${client_name}; borg serve --append-only --restrict-to-path ${BORG_DATA_DIR}/${client_name}'
+SSH_KEY_DIR=/sshkeys
+
+# add all sshkeys to borg-user's authorized_keys & create repositories
+echo "########################################################"
+for dir in BORG_DATA_DIR SSH_KEY_DIR ; do
+	dirpath=$(eval echo '$'$dir)
+	echo "Testing Volume $dir: $dirpath"
+	if [ ! -d "$dirpath" ] ; then
+		echo " ERROR: $dirpath is no directory!"
+		exit 1
+	fi
+
+	if [ $(find $SSH_KEY_DIR -type f | wc -l) == 0 ] ; then
+		echo "ERROR: No SSH-Pubkey file found in $SSH_KEY_DIR"
+		exit 1
+	fi
+done
+echo "########################################################"
+
+echo "Starting SSH-Key import..."
+for keyfile in $(find $SSH_KEY_DIR -type f); do
+    client_name=$(basename $keyfile)
+    echo "Adding client ${client_name} with repo path ${BORG_DATA_DIR}/${client_name}"
+    mkdir ${BORG_DATA_DIR}/${client_name} 2>/dev/null
+    echo -n "command=\"$(eval echo -n \"$BORG_CMD\")\" " >> /home/borg/.ssh/authorized_keys
+	cat $keyfile >> /home/borg/.ssh/authorized_keys
+done
+
+chown -R borg: /backup
+chown borg: /home/borg/.ssh/authorized_keys
+chmod 600 /home/borg/.ssh/authorized_keys
+
+echo "Init done!"
+echo "########################################################"
+echo "Starting SSH-Daemon"
+
+/usr/sbin/sshd -D -e

data/sshd_config

@@ -0,0 +1,30 @@
+Port 22
+AddressFamily any
+ListenAddress 0.0.0.0
+ListenAddress ::
+
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
+
+PermitRootLogin no
+StrictModes yes
+MaxSessions 20
+
+PubkeyAuthentication yes
+AuthorizedKeysFile	.ssh/authorized_keys
+
+LogLevel INFO
+#LogLevel DEBUG
+
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+UsePAM yes
+AllowAgentForwarding no
+AllowTcpForwarding no
+X11Forwarding no
+PermitTTY no
+PrintMotd no
+UsePrivilegeSeparation sandbox
+PermitTunnel no
+Subsystem	sftp	/bin/false