zenermerps/docker-borgserver
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Compare commits

base: zenermerps:master
Branches Tags
zenermerps:master
zenermerps:develop
zenermerps:renovate/configure
zenermerps:fix/sshconf
zenermerps:feat/woodpecker
zenermerps:f_drone
zenermerps:f/newline
zenermerps:upgrade/bullseye
zenermerps:f_git_2
zenermerps:f_init_container
zenermerps:f_git_integration
zenermerps:dev
zenermerps:1.0.0
..
compare: zenermerps:f_git_integration
Branches Tags
zenermerps:develop
zenermerps:master
zenermerps:renovate/configure
zenermerps:fix/sshconf
zenermerps:feat/woodpecker
zenermerps:f_drone
zenermerps:f/newline
zenermerps:upgrade/bullseye
zenermerps:f_git_2
zenermerps:f_init_container
zenermerps:f_git_integration
zenermerps:dev
zenermerps:1.0.0

1 commit
master ... f_git_inte

Author SHA1 Message Date
nold 4325a3d964 Add: Clone git repo with SSH public keys into SSH_KEY_DIR 2019-07-05 13:57:35 +02:00
6 changed files with 50 additions and 96 deletions
Show stats Expand all files Collapse all files

39
.woodpecker.yml
View file

@ -1,39 +0,0 @@
steps:
build:
image: woodpeckerci/plugin-docker-buildx
settings:
dry-run: true
repo: git.merp.digital/${CI_REPO_OWNER}/borgserver
platforms: linux/386,linux/amd64,linux/arm/v7,linux/arm64/v8
registry: git.merp.digital
when:
- event: push
branch:
exclude: [develop, master]
publish-nightly:
image: woodpeckerci/plugin-docker-buildx
settings:
repo: git.merp.digital/${CI_REPO_OWNER}/borgserver
platforms: linux/386,linux/amd64,linux/arm/v7,linux/arm64/v8
registry: git.merp.digital
tags: develop-${CI_COMMIT_SHA}
username: ${CI_REPO_OWNER}
password:
from_secret: cb_token
when:
- event: push
branch: develop
publish-release:
image: woodpeckerci/plugin-docker-buildx
settings:
repo: git.merp.digital/${CI_REPO_OWNER}/borgserver
platforms: linux/386,linux/amd64,linux/arm/v7,linux/arm64/v8
registry: git.merp.digital
tags: ${CI_COMMIT_TAG}
username: ${CI_REPO_OWNER}
password:
from_secret: cb_token
when:
- event: tag

8
Dockerfile
View file

@ -2,7 +2,7 @@
# Dockerfile to build borgbackup server images # Dockerfile to build borgbackup server images
# Based on Debian # Based on Debian
############################################################ ############################################################
FROM debian:12.4-slim FROM debian:buster-slim
# Volume for SSH-Keys # Volume for SSH-Keys
VOLUME /sshkeys VOLUME /sshkeys
@ -13,11 +13,11 @@ VOLUME /backup
ENV DEBIAN_FRONTEND noninteractive ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update && apt-get -y --no-install-recommends install \ RUN apt-get update && apt-get -y --no-install-recommends install \
borgbackup openssh-server && apt-get clean && \ borgbackup openssh-server git ca-certificates && apt-get clean && \
useradd -s /bin/bash -m -U borg && \ useradd -s /bin/bash -m borg && \
mkdir /home/borg/.ssh && \ mkdir /home/borg/.ssh && \
chmod 700 /home/borg/.ssh && \ chmod 700 /home/borg/.ssh && \
chown borg:borg /home/borg/.ssh && \ chown borg: /home/borg/.ssh && \
mkdir /run/sshd && \ mkdir /run/sshd && \
rm -f /etc/ssh/ssh_host*key* && \ rm -f /etc/ssh/ssh_host*key* && \
rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/* rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/*

30
README.md
View file

@ -29,7 +29,7 @@ docker run -td \
-p 2222:22 \ -p 2222:22 \
--volume ./borg/sshkeys:/sshkeys \ --volume ./borg/sshkeys:/sshkeys \
--volume ./borg/backup:/backup \ --volume ./borg/backup:/backup \
git.merp.digital/eranmorkon/borgserver:1.0.0 nold360/borgserver:latest
``` ```
@ -45,7 +45,7 @@ See the the documentation for all available arguments: [borgbackup.readthedocs.i
##### Example ##### Example
``` ```
docker run --rm -e BORG_SERVE_ARGS="--progress --debug" (...) git.merp.digital/eranmorkon/borgserver docker run --rm -e BORG_SERVE_ARGS="--progress --debug" (...) nold360/borgserver
``` ```
#### BORG_APPEND_ONLY #### BORG_APPEND_ONLY
@ -62,7 +62,7 @@ To declare a client as admin, set this variable to the name of the client/sshkey
##### Example ##### Example
``` ```
docker run --rm -e BORG_APPEND_ONLY="yes" -e BORG_ADMIN="nolds_notebook" (...) git.merp.digital/eranmorkon/borgserver docker run --rm -e BORG_APPEND_ONLY="yes" -e BORG_ADMIN="nolds_notebook" (...) nold360/borgserver
``` ```
To prune repos from another client, you have to add the path to the repository in the clients directory: To prune repos from another client, you have to add the path to the repository in the clients directory:
@ -71,14 +71,6 @@ borg prune --keep-last 100 --keep-weekly 1 (...) borgserver:/clientA/clientA
``` ```
#### PUID
Used to set the user id of the `borg` user inside the container. This can be useful when the container has to access resources on the host with a specific user id.
#### PGID
Used to set the group id of the `borg` group inside the container. This can be useful when the container has to access resources on the host with a specific group id.
### Persistent Storages & Client Configuration ### Persistent Storages & Client Configuration
We will need two persistent storage directories for our borgserver to be usefull. We will need two persistent storage directories for our borgserver to be usefull.
@ -112,7 +104,21 @@ In this directory will borg write all the client data to. It's best to start wit
## Example Setup ## Example Setup
### docker-compose.yml ### docker-compose.yml
Here is a quick example, how to run borgserver using docker-compose: [docker-compose.yml](https://github.com/Nold360/docker-borgserver/blob/master/docker-compose.yml) Here is a quick example, how to run borgserver using docker-compose:
```
services:
borgserver:
image: nold360/borgserver
volumes:
- /backup:/backup
- ./sshkeys:/sshkeys
ports:
- "2222:22"
environment:
BORG_SERVE_ARGS: ""
BORG_APPEND_ONLY: "no"
BORG_ADMIN: ""
```
### ~/.ssh/config for clients ### ~/.ssh/config for clients
With this configuration (on your borg client) you can easily connect to your borgserver. With this configuration (on your borg client) you can easily connect to your borgserver.

54
data/run.sh
View file

@ -1,36 +1,33 @@
#!/bin/bash #!/bin/bash
# Start Script for docker-borgserver # Start Script for docker-borgserver
#set -x
PUID=${PUID:-1000} #BORG_SERVE_ARGS=${BORG_SERVE_ARGS:=""}
PGID=${PGID:-1000}
usermod -o -u "$PUID" borg &>/dev/null
groupmod -o -g "$PGID" borg &>/dev/null
BORG_DATA_DIR=/backup
SSH_KEY_DIR=/sshkeys
BORG_CMD='cd ${BORG_DATA_DIR}/${client_name}; borg serve --restrict-to-path ${BORG_DATA_DIR}/${client_name} ${BORG_SERVE_ARGS}'
AUTHORIZED_KEYS_PATH=/home/borg/.ssh/authorized_keys
# Append only mode?
BORG_APPEND_ONLY=${BORG_APPEND_ONLY:=no} BORG_APPEND_ONLY=${BORG_APPEND_ONLY:=no}
BORG_DATA_DIR="${BORG_DATA_DIR:=/backup}"
SSH_KEY_DIR="${SSH_KEY_DIR:=/sshkeys}"
BORG_CMD='cd ${BORG_DATA_DIR}/${client_name}; borg serve --restrict-to-path ${BORG_DATA_DIR}/${client_name} ${BORG_SERVE_ARGS}'
source /etc/os-release
echo "########################################################" echo "########################################################"
echo -n " * Docker BorgServer powered by " echo -n " * Docker BorgServer powered by "
borg -V borg -V
echo " * Based on ${PRETTY_NAME}"
echo "########################################################" echo "########################################################"
echo " * User id: $(id -u borg)"
echo " * Group id: $(id -g borg)"
echo "########################################################"
# Precheck if BORG_ADMIN is set # Precheck if BORG_ADMIN is set
if [ "${BORG_APPEND_ONLY}" == "yes" ] && [ -z "${BORG_ADMIN}" ] ; then if [ "${BORG_APPEND_ONLY}" == "yes" ] && [ -z "${BORG_ADMIN}" ] ; then
echo "WARNING: BORG_APPEND_ONLY is active, but no BORG_ADMIN was specified!" echo "WARNING: BORG_APPEND_ONLY is active, but no BORG_ADMIN was specified!"
fi fi
if [ ! -z "${SSH_KEY_GIT}" ] ; then
echo "SSH_KEY_GIT set, cloning '${SSH_KEY_GIT}' into '${SSH_KEY_DIR}/clients'"
if [ ! -d "${SSH_KEY_DIR}/clients/.git" ] ; then
# FIXME: Should the container die here, in case of error?
git clone "${SSH_KEY_GIT}" "${SSH_KEY_DIR}/clients"
else
git -C "${SSH_KEY_DIR}/clients" pull
fi
fi
# Precheck directories & client ssh-keys # Precheck directories & client ssh-keys
for dir in BORG_DATA_DIR SSH_KEY_DIR ; do for dir in BORG_DATA_DIR SSH_KEY_DIR ; do
dirpath=$(eval echo '$'${dir}) dirpath=$(eval echo '$'${dir})
@ -60,7 +57,7 @@ echo "########################################################"
echo " * Starting SSH-Key import..." echo " * Starting SSH-Key import..."
# Add every key to borg-users authorized_keys # Add every key to borg-users authorized_keys
rm ${AUTHORIZED_KEYS_PATH} &>/dev/null rm /home/borg/.ssh/authorized_keys &>/dev/null
for keyfile in $(find "${SSH_KEY_DIR}/clients" ! -regex '.*/\..*' -a -type f); do for keyfile in $(find "${SSH_KEY_DIR}/clients" ! -regex '.*/\..*' -a -type f); do
client_name=$(basename ${keyfile}) client_name=$(basename ${keyfile})
mkdir ${BORG_DATA_DIR}/${client_name} 2>/dev/null mkdir ${BORG_DATA_DIR}/${client_name} 2>/dev/null
@ -76,22 +73,13 @@ for keyfile in $(find "${SSH_KEY_DIR}/clients" ! -regex '.*/\..*' -a -type f); d
borg_cmd="${BORG_CMD} --append-only" borg_cmd="${BORG_CMD} --append-only"
fi fi
echo -n "restrict,command=\"$(eval echo -n \"${borg_cmd}\")\" " >> ${AUTHORIZED_KEYS_PATH} echo -n "command=\"$(eval echo -n \"${borg_cmd}\")\" " >> /home/borg/.ssh/authorized_keys
cat ${keyfile} >> ${AUTHORIZED_KEYS_PATH} cat ${keyfile} >> /home/borg/.ssh/authorized_keys
echo >> ${AUTHORIZED_KEYS_PATH}
done done
chmod 0600 "${AUTHORIZED_KEYS_PATH}"
echo " * Validating structure of generated ${AUTHORIZED_KEYS_PATH}..." chown -R borg: /backup
ERROR=$(ssh-keygen -lf ${AUTHORIZED_KEYS_PATH} 2>&1 >/dev/null) chown borg: /home/borg/.ssh/authorized_keys
if [ $? -ne 0 ]; then chmod 600 /home/borg/.ssh/authorized_keys
echo "ERROR: ${ERROR}"
exit 1
fi
chown -R borg:borg ${BORG_DATA_DIR}
chown borg:borg ${AUTHORIZED_KEYS_PATH}
chmod 600 ${AUTHORIZED_KEYS_PATH}
echo "########################################################" echo "########################################################"
echo " * Init done! Starting SSH-Daemon..." echo " * Init done! Starting SSH-Daemon..."

3
data/sshd_config
View file

@ -25,6 +25,3 @@ PermitTTY no
PrintMotd no PrintMotd no
PermitTunnel no PermitTunnel no
Subsystem sftp /bin/false Subsystem sftp /bin/false
ClientAliveInterval 10
ClientAliveCountMax 30

12
docker-compose.yml
View file

@ -1,21 +1,23 @@
version: '3' version: '3'
services: services:
borgserver: borgserver:
image: git.merp.digital/eranmorkon/borgserver #image: nold360/borgserver
#build: . build: .
volumes: volumes:
- ./backup:/backup - ./backup:/backup
- ./sshkeys:/sshkeys - ./sshkeys:/sshkeys
ports: ports:
- "2222:22" - "2222:22"
environment: environment:
# Additional Arguments, see https://borgbackup.readthedocs.io/en/stable/usage/serve.html
BORG_SERVE_ARGS: "" BORG_SERVE_ARGS: ""
# If set to "yes", only the BORG_ADMIN # If set to "yes", only the BORG_ADMIN
# can delete/prune the other clients archives/repos # can delete/prune the all clients archives/repos
BORG_APPEND_ONLY: "no" BORG_APPEND_ONLY: "no"
# Filename of Admins SSH-Key; has full access to all repos # Hostname of Admin's SSH-Key
BORG_ADMIN: "" BORG_ADMIN: ""
# Client Pubkeys in git:
SSH_KEY_GIT: "https://github.com/<username>/<repo>.git"
restart: unless-stopped restart: unless-stopped