Compare commits
No commits in common. "master" and "dev" have entirely different histories.
|
|
@ -1,39 +0,0 @@
|
|||
steps:
|
||||
build:
|
||||
image: woodpeckerci/plugin-docker-buildx
|
||||
settings:
|
||||
dry-run: true
|
||||
repo: git.merp.digital/${CI_REPO_OWNER}/borgserver
|
||||
platforms: linux/386,linux/amd64,linux/arm/v7,linux/arm64/v8
|
||||
registry: git.merp.digital
|
||||
when:
|
||||
- event: push
|
||||
branch:
|
||||
exclude: [develop, master]
|
||||
|
||||
publish-nightly:
|
||||
image: woodpeckerci/plugin-docker-buildx
|
||||
settings:
|
||||
repo: git.merp.digital/${CI_REPO_OWNER}/borgserver
|
||||
platforms: linux/386,linux/amd64,linux/arm/v7,linux/arm64/v8
|
||||
registry: git.merp.digital
|
||||
tags: develop-${CI_COMMIT_SHA}
|
||||
username: ${CI_REPO_OWNER}
|
||||
password:
|
||||
from_secret: cb_token
|
||||
when:
|
||||
- event: push
|
||||
branch: develop
|
||||
|
||||
publish-release:
|
||||
image: woodpeckerci/plugin-docker-buildx
|
||||
settings:
|
||||
repo: git.merp.digital/${CI_REPO_OWNER}/borgserver
|
||||
platforms: linux/386,linux/amd64,linux/arm/v7,linux/arm64/v8
|
||||
registry: git.merp.digital
|
||||
tags: ${CI_COMMIT_TAG}
|
||||
username: ${CI_REPO_OWNER}
|
||||
password:
|
||||
from_secret: cb_token
|
||||
when:
|
||||
- event: tag
|
||||
|
|
@ -2,7 +2,7 @@
|
|||
# Dockerfile to build borgbackup server images
|
||||
# Based on Debian
|
||||
############################################################
|
||||
FROM debian:12.4-slim
|
||||
FROM debian:buster-slim
|
||||
|
||||
# Volume for SSH-Keys
|
||||
VOLUME /sshkeys
|
||||
|
|
@ -14,10 +14,10 @@ ENV DEBIAN_FRONTEND noninteractive
|
|||
|
||||
RUN apt-get update && apt-get -y --no-install-recommends install \
|
||||
borgbackup openssh-server && apt-get clean && \
|
||||
useradd -s /bin/bash -m -U borg && \
|
||||
useradd -s /bin/bash -m borg && \
|
||||
mkdir /home/borg/.ssh && \
|
||||
chmod 700 /home/borg/.ssh && \
|
||||
chown borg:borg /home/borg/.ssh && \
|
||||
chown borg: /home/borg/.ssh && \
|
||||
mkdir /run/sshd && \
|
||||
rm -f /etc/ssh/ssh_host*key* && \
|
||||
rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/*
|
||||
|
|
|
|||
34
README.md
34
README.md
|
|
@ -29,7 +29,7 @@ docker run -td \
|
|||
-p 2222:22 \
|
||||
--volume ./borg/sshkeys:/sshkeys \
|
||||
--volume ./borg/backup:/backup \
|
||||
git.merp.digital/eranmorkon/borgserver:1.0.0
|
||||
nold360/borgserver:latest
|
||||
```
|
||||
|
||||
|
||||
|
|
@ -45,7 +45,7 @@ See the the documentation for all available arguments: [borgbackup.readthedocs.i
|
|||
|
||||
##### Example
|
||||
```
|
||||
docker run --rm -e BORG_SERVE_ARGS="--progress --debug" (...) git.merp.digital/eranmorkon/borgserver
|
||||
docker run --rm -e BORG_SERVE_ARGS="--progress --debug" (...) nold360/borgserver
|
||||
```
|
||||
|
||||
#### BORG_APPEND_ONLY
|
||||
|
|
@ -62,7 +62,7 @@ To declare a client as admin, set this variable to the name of the client/sshkey
|
|||
|
||||
##### Example
|
||||
```
|
||||
docker run --rm -e BORG_APPEND_ONLY="yes" -e BORG_ADMIN="nolds_notebook" (...) git.merp.digital/eranmorkon/borgserver
|
||||
docker run --rm -e BORG_APPEND_ONLY="yes" -e BORG_ADMIN="nolds_notebook" (...) nold360/borgserver
|
||||
```
|
||||
|
||||
To prune repos from another client, you have to add the path to the repository in the clients directory:
|
||||
|
|
@ -71,14 +71,6 @@ borg prune --keep-last 100 --keep-weekly 1 (...) borgserver:/clientA/clientA
|
|||
```
|
||||
|
||||
|
||||
#### PUID
|
||||
Used to set the user id of the `borg` user inside the container. This can be useful when the container has to access resources on the host with a specific user id.
|
||||
|
||||
|
||||
#### PGID
|
||||
Used to set the group id of the `borg` group inside the container. This can be useful when the container has to access resources on the host with a specific group id.
|
||||
|
||||
|
||||
### Persistent Storages & Client Configuration
|
||||
We will need two persistent storage directories for our borgserver to be usefull.
|
||||
|
||||
|
|
@ -90,10 +82,8 @@ Here we will put all SSH public keys from our borg clients, we want to backup. E
|
|||
|
||||
That means every client get's it's own repository. So you might want to use the hostname of the client as the name of the sshkey file.
|
||||
|
||||
Hidden files & files inside of hidden directories will be ignored!
|
||||
|
||||
```
|
||||
e.g. /sshkeys/clients/webserver.mydomain.com
|
||||
F.e. /sshkeys/clients/webserver.mydomain.com
|
||||
```
|
||||
|
||||
Than your client would have to initiat the borg repository like this:
|
||||
|
|
@ -112,7 +102,21 @@ In this directory will borg write all the client data to. It's best to start wit
|
|||
|
||||
## Example Setup
|
||||
### docker-compose.yml
|
||||
Here is a quick example, how to run borgserver using docker-compose: [docker-compose.yml](https://github.com/Nold360/docker-borgserver/blob/master/docker-compose.yml)
|
||||
Here is a quick example, how to run borgserver using docker-compose:
|
||||
```
|
||||
services:
|
||||
borgserver:
|
||||
image: nold360/borgserver
|
||||
volumes:
|
||||
- /backup:/backup
|
||||
- ./sshkeys:/sshkeys
|
||||
ports:
|
||||
- "2222:22"
|
||||
environment:
|
||||
BORG_SERVE_ARGS: ""
|
||||
BORG_APPEND_ONLY: "no"
|
||||
BORG_ADMIN: ""
|
||||
```
|
||||
|
||||
### ~/.ssh/config for clients
|
||||
With this configuration (on your borg client) you can easily connect to your borgserver.
|
||||
|
|
|
|||
38
data/run.sh
38
data/run.sh
|
|
@ -1,30 +1,17 @@
|
|||
#!/bin/bash
|
||||
# Start Script for docker-borgserver
|
||||
|
||||
PUID=${PUID:-1000}
|
||||
PGID=${PGID:-1000}
|
||||
|
||||
usermod -o -u "$PUID" borg &>/dev/null
|
||||
groupmod -o -g "$PGID" borg &>/dev/null
|
||||
|
||||
BORG_DATA_DIR=/backup
|
||||
SSH_KEY_DIR=/sshkeys
|
||||
BORG_CMD='cd ${BORG_DATA_DIR}/${client_name}; borg serve --restrict-to-path ${BORG_DATA_DIR}/${client_name} ${BORG_SERVE_ARGS}'
|
||||
AUTHORIZED_KEYS_PATH=/home/borg/.ssh/authorized_keys
|
||||
|
||||
# Append only mode?
|
||||
BORG_APPEND_ONLY=${BORG_APPEND_ONLY:=no}
|
||||
|
||||
source /etc/os-release
|
||||
echo "########################################################"
|
||||
echo -n " * Docker BorgServer powered by "
|
||||
borg -V
|
||||
echo " * Based on ${PRETTY_NAME}"
|
||||
echo "########################################################"
|
||||
echo " * User id: $(id -u borg)"
|
||||
echo " * Group id: $(id -g borg)"
|
||||
echo "########################################################"
|
||||
|
||||
|
||||
# Precheck if BORG_ADMIN is set
|
||||
if [ "${BORG_APPEND_ONLY}" == "yes" ] && [ -z "${BORG_ADMIN}" ] ; then
|
||||
|
|
@ -40,7 +27,7 @@ for dir in BORG_DATA_DIR SSH_KEY_DIR ; do
|
|||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$(find ${SSH_KEY_DIR}/clients ! -regex '.*/\..*' -a -type f | wc -l)" == "0" ] ; then
|
||||
if [ "$(find ${SSH_KEY_DIR}/clients -type f | wc -l)" == "0" ] ; then
|
||||
echo "ERROR: No SSH-Pubkey file found in ${SSH_KEY_DIR}"
|
||||
exit 1
|
||||
fi
|
||||
|
|
@ -60,8 +47,8 @@ echo "########################################################"
|
|||
echo " * Starting SSH-Key import..."
|
||||
|
||||
# Add every key to borg-users authorized_keys
|
||||
rm ${AUTHORIZED_KEYS_PATH} &>/dev/null
|
||||
for keyfile in $(find "${SSH_KEY_DIR}/clients" ! -regex '.*/\..*' -a -type f); do
|
||||
rm /home/borg/.ssh/authorized_keys &>/dev/null
|
||||
for keyfile in $(find "${SSH_KEY_DIR}/clients" -type f); do
|
||||
client_name=$(basename ${keyfile})
|
||||
mkdir ${BORG_DATA_DIR}/${client_name} 2>/dev/null
|
||||
echo " ** Adding client ${client_name} with repo path ${BORG_DATA_DIR}/${client_name}"
|
||||
|
|
@ -76,22 +63,13 @@ for keyfile in $(find "${SSH_KEY_DIR}/clients" ! -regex '.*/\..*' -a -type f); d
|
|||
borg_cmd="${BORG_CMD} --append-only"
|
||||
fi
|
||||
|
||||
echo -n "restrict,command=\"$(eval echo -n \"${borg_cmd}\")\" " >> ${AUTHORIZED_KEYS_PATH}
|
||||
cat ${keyfile} >> ${AUTHORIZED_KEYS_PATH}
|
||||
echo >> ${AUTHORIZED_KEYS_PATH}
|
||||
echo -n "command=\"$(eval echo -n \"${borg_cmd}\")\" " >> /home/borg/.ssh/authorized_keys
|
||||
cat ${keyfile} >> /home/borg/.ssh/authorized_keys
|
||||
done
|
||||
chmod 0600 "${AUTHORIZED_KEYS_PATH}"
|
||||
|
||||
echo " * Validating structure of generated ${AUTHORIZED_KEYS_PATH}..."
|
||||
ERROR=$(ssh-keygen -lf ${AUTHORIZED_KEYS_PATH} 2>&1 >/dev/null)
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "ERROR: ${ERROR}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
chown -R borg:borg ${BORG_DATA_DIR}
|
||||
chown borg:borg ${AUTHORIZED_KEYS_PATH}
|
||||
chmod 600 ${AUTHORIZED_KEYS_PATH}
|
||||
chown -R borg: /backup
|
||||
chown borg: /home/borg/.ssh/authorized_keys
|
||||
chmod 600 /home/borg/.ssh/authorized_keys
|
||||
|
||||
echo "########################################################"
|
||||
echo " * Init done! Starting SSH-Daemon..."
|
||||
|
|
|
|||
|
|
@ -25,6 +25,3 @@ PermitTTY no
|
|||
PrintMotd no
|
||||
PermitTunnel no
|
||||
Subsystem sftp /bin/false
|
||||
|
||||
ClientAliveInterval 10
|
||||
ClientAliveCountMax 30
|
||||
|
|
|
|||
|
|
@ -1,21 +0,0 @@
|
|||
version: '3'
|
||||
services:
|
||||
borgserver:
|
||||
image: git.merp.digital/eranmorkon/borgserver
|
||||
#build: .
|
||||
volumes:
|
||||
- ./backup:/backup
|
||||
- ./sshkeys:/sshkeys
|
||||
ports:
|
||||
- "2222:22"
|
||||
environment:
|
||||
# Additional Arguments, see https://borgbackup.readthedocs.io/en/stable/usage/serve.html
|
||||
BORG_SERVE_ARGS: ""
|
||||
|
||||
# If set to "yes", only the BORG_ADMIN
|
||||
# can delete/prune the other clients archives/repos
|
||||
BORG_APPEND_ONLY: "no"
|
||||
|
||||
# Filename of Admins SSH-Key; has full access to all repos
|
||||
BORG_ADMIN: ""
|
||||
restart: unless-stopped
|
||||
Loading…
Reference in a new issue