Compare commits

...

18 commits
dev ... master

Author SHA1 Message Date
Andreas Mieke 6035ca549e Merge branch 'release/1.0.0'
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2024-01-13 03:20:38 +01:00
Andreas Mieke 397f800372 fix(platforms): Remove useless platforms
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2024-01-13 03:17:42 +01:00
Andreas Mieke 49b78cf10f feat(platforms): Add ARM support
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
2024-01-13 03:14:36 +01:00
nold 45e8883cae fix(sshd_config): recommended keepalive values 2022-11-24 16:29:39 +01:00
nold ef02f845dc add(ci): woodpecker.yml 2022-11-24 16:15:37 +01:00
nold 57ed075e22 Update(drone): Image tag for bookwork v1.2 & v1.2.2 2022-09-20 09:06:17 +02:00
Nold 2c76a45aca
Update: bookworm image version 1.2.1 2022-07-20 11:01:57 +02:00
nold ea677a7da9 Add(drone): Build Bookworm 2022-05-11 18:54:55 +02:00
Gerrit Pannek 95ec06eb80 Fix(run.sh): Add new line in authorized_keys [Fixes #12] 2022-02-05 18:13:41 +01:00
Nold 0b641a8253
Upgrade: bullseye & borgbackup 1.1.16 (#13)
* Upgrade to bullseye-slim image
* Fix(run.sh): authorized_keys permissions
* Change(run.sh): Add restrict to client keys & output debian version
* Change(Dockerfile): Allow different base images
* Update(drone): Build buster & bullseye images
* Update README
2022-01-21 10:33:54 +01:00
nold 7b241c142b Update: README & docker-compose example 2022-01-21 10:02:01 +01:00
nold 7d29e33747 Fix: drone - use kaniko for building 2021-11-29 17:39:31 +01:00
nold 674b4d8757 Add: drone.yml 2021-08-13 12:56:36 +02:00
nold ac797c90f6 Minor output change to PR#5 - thanks abmaonline 2019-12-05 16:55:06 +01:00
Matthijs Abma 5d0d13c42a Add simple integrity check for authorized_keys file, in case you put something interesting in your BORG_SERVE_ARGS 2019-12-01 17:58:29 +01:00
Matthijs Abma 590d6712fb Create borg group and add option to set user id and group id explicitly for easier access to host resources 2019-12-01 17:56:05 +01:00
nold a741486bb3 Add: docker-compose.yml 2019-07-05 13:25:16 +02:00
nold 7643f16ebd Change: Ignore hidden files & files inside of hidden directories [pull/3] 2019-07-05 13:20:24 +02:00
6 changed files with 111 additions and 30 deletions

39
.woodpecker.yml Normal file
View file

@ -0,0 +1,39 @@
steps:
build:
image: woodpeckerci/plugin-docker-buildx
settings:
dry-run: true
repo: git.merp.digital/${CI_REPO_OWNER}/borgserver
platforms: linux/386,linux/amd64,linux/arm/v7,linux/arm64/v8
registry: git.merp.digital
when:
- event: push
branch:
exclude: [develop, master]
publish-nightly:
image: woodpeckerci/plugin-docker-buildx
settings:
repo: git.merp.digital/${CI_REPO_OWNER}/borgserver
platforms: linux/386,linux/amd64,linux/arm/v7,linux/arm64/v8
registry: git.merp.digital
tags: develop-${CI_COMMIT_SHA}
username: ${CI_REPO_OWNER}
password:
from_secret: cb_token
when:
- event: push
branch: develop
publish-release:
image: woodpeckerci/plugin-docker-buildx
settings:
repo: git.merp.digital/${CI_REPO_OWNER}/borgserver
platforms: linux/386,linux/amd64,linux/arm/v7,linux/arm64/v8
registry: git.merp.digital
tags: ${CI_COMMIT_TAG}
username: ${CI_REPO_OWNER}
password:
from_secret: cb_token
when:
- event: tag

View file

@ -2,7 +2,7 @@
# Dockerfile to build borgbackup server images
# Based on Debian
############################################################
FROM debian:buster-slim
FROM debian:12.4-slim
# Volume for SSH-Keys
VOLUME /sshkeys
@ -14,10 +14,10 @@ ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update && apt-get -y --no-install-recommends install \
borgbackup openssh-server && apt-get clean && \
useradd -s /bin/bash -m borg && \
useradd -s /bin/bash -m -U borg && \
mkdir /home/borg/.ssh && \
chmod 700 /home/borg/.ssh && \
chown borg: /home/borg/.ssh && \
chown borg:borg /home/borg/.ssh && \
mkdir /run/sshd && \
rm -f /etc/ssh/ssh_host*key* && \
rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/*

View file

@ -29,7 +29,7 @@ docker run -td \
-p 2222:22 \
--volume ./borg/sshkeys:/sshkeys \
--volume ./borg/backup:/backup \
nold360/borgserver:latest
git.merp.digital/eranmorkon/borgserver:1.0.0
```
@ -45,7 +45,7 @@ See the the documentation for all available arguments: [borgbackup.readthedocs.i
##### Example
```
docker run --rm -e BORG_SERVE_ARGS="--progress --debug" (...) nold360/borgserver
docker run --rm -e BORG_SERVE_ARGS="--progress --debug" (...) git.merp.digital/eranmorkon/borgserver
```
#### BORG_APPEND_ONLY
@ -62,7 +62,7 @@ To declare a client as admin, set this variable to the name of the client/sshkey
##### Example
```
docker run --rm -e BORG_APPEND_ONLY="yes" -e BORG_ADMIN="nolds_notebook" (...) nold360/borgserver
docker run --rm -e BORG_APPEND_ONLY="yes" -e BORG_ADMIN="nolds_notebook" (...) git.merp.digital/eranmorkon/borgserver
```
To prune repos from another client, you have to add the path to the repository in the clients directory:
@ -71,6 +71,14 @@ borg prune --keep-last 100 --keep-weekly 1 (...) borgserver:/clientA/clientA
```
#### PUID
Used to set the user id of the `borg` user inside the container. This can be useful when the container has to access resources on the host with a specific user id.
#### PGID
Used to set the group id of the `borg` group inside the container. This can be useful when the container has to access resources on the host with a specific group id.
### Persistent Storages & Client Configuration
We will need two persistent storage directories for our borgserver to be usefull.
@ -82,8 +90,10 @@ Here we will put all SSH public keys from our borg clients, we want to backup. E
That means every client get's it's own repository. So you might want to use the hostname of the client as the name of the sshkey file.
Hidden files & files inside of hidden directories will be ignored!
```
F.e. /sshkeys/clients/webserver.mydomain.com
e.g. /sshkeys/clients/webserver.mydomain.com
```
Than your client would have to initiat the borg repository like this:
@ -102,21 +112,7 @@ In this directory will borg write all the client data to. It's best to start wit
## Example Setup
### docker-compose.yml
Here is a quick example, how to run borgserver using docker-compose:
```
services:
borgserver:
image: nold360/borgserver
volumes:
- /backup:/backup
- ./sshkeys:/sshkeys
ports:
- "2222:22"
environment:
BORG_SERVE_ARGS: ""
BORG_APPEND_ONLY: "no"
BORG_ADMIN: ""
```
Here is a quick example, how to run borgserver using docker-compose: [docker-compose.yml](https://github.com/Nold360/docker-borgserver/blob/master/docker-compose.yml)
### ~/.ssh/config for clients
With this configuration (on your borg client) you can easily connect to your borgserver.

View file

@ -1,17 +1,30 @@
#!/bin/bash
# Start Script for docker-borgserver
PUID=${PUID:-1000}
PGID=${PGID:-1000}
usermod -o -u "$PUID" borg &>/dev/null
groupmod -o -g "$PGID" borg &>/dev/null
BORG_DATA_DIR=/backup
SSH_KEY_DIR=/sshkeys
BORG_CMD='cd ${BORG_DATA_DIR}/${client_name}; borg serve --restrict-to-path ${BORG_DATA_DIR}/${client_name} ${BORG_SERVE_ARGS}'
AUTHORIZED_KEYS_PATH=/home/borg/.ssh/authorized_keys
# Append only mode?
BORG_APPEND_ONLY=${BORG_APPEND_ONLY:=no}
source /etc/os-release
echo "########################################################"
echo -n " * Docker BorgServer powered by "
borg -V
echo " * Based on ${PRETTY_NAME}"
echo "########################################################"
echo " * User id: $(id -u borg)"
echo " * Group id: $(id -g borg)"
echo "########################################################"
# Precheck if BORG_ADMIN is set
if [ "${BORG_APPEND_ONLY}" == "yes" ] && [ -z "${BORG_ADMIN}" ] ; then
@ -27,7 +40,7 @@ for dir in BORG_DATA_DIR SSH_KEY_DIR ; do
exit 1
fi
if [ "$(find ${SSH_KEY_DIR}/clients -type f | wc -l)" == "0" ] ; then
if [ "$(find ${SSH_KEY_DIR}/clients ! -regex '.*/\..*' -a -type f | wc -l)" == "0" ] ; then
echo "ERROR: No SSH-Pubkey file found in ${SSH_KEY_DIR}"
exit 1
fi
@ -47,8 +60,8 @@ echo "########################################################"
echo " * Starting SSH-Key import..."
# Add every key to borg-users authorized_keys
rm /home/borg/.ssh/authorized_keys &>/dev/null
for keyfile in $(find "${SSH_KEY_DIR}/clients" -type f); do
rm ${AUTHORIZED_KEYS_PATH} &>/dev/null
for keyfile in $(find "${SSH_KEY_DIR}/clients" ! -regex '.*/\..*' -a -type f); do
client_name=$(basename ${keyfile})
mkdir ${BORG_DATA_DIR}/${client_name} 2>/dev/null
echo " ** Adding client ${client_name} with repo path ${BORG_DATA_DIR}/${client_name}"
@ -63,13 +76,22 @@ for keyfile in $(find "${SSH_KEY_DIR}/clients" -type f); do
borg_cmd="${BORG_CMD} --append-only"
fi
echo -n "command=\"$(eval echo -n \"${borg_cmd}\")\" " >> /home/borg/.ssh/authorized_keys
cat ${keyfile} >> /home/borg/.ssh/authorized_keys
echo -n "restrict,command=\"$(eval echo -n \"${borg_cmd}\")\" " >> ${AUTHORIZED_KEYS_PATH}
cat ${keyfile} >> ${AUTHORIZED_KEYS_PATH}
echo >> ${AUTHORIZED_KEYS_PATH}
done
chmod 0600 "${AUTHORIZED_KEYS_PATH}"
chown -R borg: /backup
chown borg: /home/borg/.ssh/authorized_keys
chmod 600 /home/borg/.ssh/authorized_keys
echo " * Validating structure of generated ${AUTHORIZED_KEYS_PATH}..."
ERROR=$(ssh-keygen -lf ${AUTHORIZED_KEYS_PATH} 2>&1 >/dev/null)
if [ $? -ne 0 ]; then
echo "ERROR: ${ERROR}"
exit 1
fi
chown -R borg:borg ${BORG_DATA_DIR}
chown borg:borg ${AUTHORIZED_KEYS_PATH}
chmod 600 ${AUTHORIZED_KEYS_PATH}
echo "########################################################"
echo " * Init done! Starting SSH-Daemon..."

View file

@ -25,3 +25,6 @@ PermitTTY no
PrintMotd no
PermitTunnel no
Subsystem sftp /bin/false
ClientAliveInterval 10
ClientAliveCountMax 30

21
docker-compose.yml Normal file
View file

@ -0,0 +1,21 @@
version: '3'
services:
borgserver:
image: git.merp.digital/eranmorkon/borgserver
#build: .
volumes:
- ./backup:/backup
- ./sshkeys:/sshkeys
ports:
- "2222:22"
environment:
# Additional Arguments, see https://borgbackup.readthedocs.io/en/stable/usage/serve.html
BORG_SERVE_ARGS: ""
# If set to "yes", only the BORG_ADMIN
# can delete/prune the other clients archives/repos
BORG_APPEND_ONLY: "no"
# Filename of Admins SSH-Key; has full access to all repos
BORG_ADMIN: ""
restart: unless-stopped