From 9ff54e254f0047f8ae6ec335614d60206e49d25b Mon Sep 17 00:00:00 2001
From: nold <nold@gnu.one>
Date: Fri, 20 Aug 2021 14:30:01 +0200
Subject: [PATCH 1/6] Upgrade to bullseye-slim image

---
 .drone.yml | 4 ++--
 Dockerfile | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index e79c02f..c561724 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -14,5 +14,5 @@ steps:
     repo: nold360/borgserver
     dockerfile: Dockerfile
     tags:
-      - latest
-      - buster
+      - bullseye
+      - 1.1.16
diff --git a/Dockerfile b/Dockerfile
index a682457..0ec2244 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,7 @@
 # Dockerfile to build borgbackup server images
 # Based on Debian
 ############################################################
-FROM debian:buster-slim
+FROM debian:bullseye-slim
 
 # Volume for SSH-Keys
 VOLUME /sshkeys

From 04819a897c2ca52a1988875c8864b3400accab88 Mon Sep 17 00:00:00 2001
From: nold <nold@gnu.one>
Date: Fri, 20 Aug 2021 14:40:09 +0200
Subject: [PATCH 2/6] Fix: authorized_keys permissions

---
 data/run.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/run.sh b/data/run.sh
index e794704..ba38093 100755
--- a/data/run.sh
+++ b/data/run.sh
@@ -77,6 +77,7 @@ for keyfile in $(find "${SSH_KEY_DIR}/clients" ! -regex '.*/\..*' -a -type f); d
     echo -n "command=\"$(eval echo -n \"${borg_cmd}\")\" " >> ${AUTHORIZED_KEYS_PATH}
 	cat ${keyfile} >> ${AUTHORIZED_KEYS_PATH}
 done
+chmod 0600 "${AUTHORIZED_KEYS_PATH}"
 
 echo " * Validating structure of generated ${AUTHORIZED_KEYS_PATH}..."
 ERROR=$(ssh-keygen -lf ${AUTHORIZED_KEYS_PATH} 2>&1 >/dev/null)

From 5c1724875cdbc4bbdad621838168070b64c530cf Mon Sep 17 00:00:00 2001
From: nold <nold@gnu.one>
Date: Fri, 21 Jan 2022 10:16:42 +0100
Subject: [PATCH 3/6] Change: Add restrict to client keys & output debian
 version

---
 data/run.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/run.sh b/data/run.sh
index ba38093..63ec0eb 100755
--- a/data/run.sh
+++ b/data/run.sh
@@ -15,9 +15,11 @@ AUTHORIZED_KEYS_PATH=/home/borg/.ssh/authorized_keys
 # Append only mode?
 BORG_APPEND_ONLY=${BORG_APPEND_ONLY:=no}
 
+source /etc/os-release
 echo "########################################################"
 echo -n " * Docker BorgServer powered by "
 borg -V
+echo " * Based on ${PRETTY_NAME}"
 echo "########################################################"
 echo " * User  id: $(id -u borg)"
 echo " * Group id: $(id -g borg)"
@@ -74,7 +76,7 @@ for keyfile in $(find "${SSH_KEY_DIR}/clients" ! -regex '.*/\..*' -a -type f); d
 		borg_cmd="${BORG_CMD} --append-only"
 	fi
 
-    echo -n "command=\"$(eval echo -n \"${borg_cmd}\")\" " >> ${AUTHORIZED_KEYS_PATH}
+    echo -n "restrict,command=\"$(eval echo -n \"${borg_cmd}\")\" " >> ${AUTHORIZED_KEYS_PATH}
 	cat ${keyfile} >> ${AUTHORIZED_KEYS_PATH}
 done
 chmod 0600 "${AUTHORIZED_KEYS_PATH}"

From 80e99c96d5e515006e34998636883608cf60e257 Mon Sep 17 00:00:00 2001
From: nold <nold@gnu.one>
Date: Fri, 21 Jan 2022 10:16:58 +0100
Subject: [PATCH 4/6] Change(Dockerfile): Allow different base images

---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 0ec2244..a7cd5d1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,8 @@
 # Dockerfile to build borgbackup server images
 # Based on Debian
 ############################################################
-FROM debian:bullseye-slim
+ARG BASE_IMAGE=debian:bullseye-slim
+FROM $BASE_IMAGE
 
 # Volume for SSH-Keys
 VOLUME /sshkeys

From c0cb6eb340c57f2b1dba395432820fb2eaaa8769 Mon Sep 17 00:00:00 2001
From: nold <nold@gnu.one>
Date: Fri, 21 Jan 2022 10:19:37 +0100
Subject: [PATCH 5/6] Update(drone): Build buster & bullseye images

---
 .drone.yml | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/.drone.yml b/.drone.yml
index c561724..f204aa3 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -4,7 +4,7 @@ name: build
 type: kubernetes
 
 steps:
-- name: build-image
+- name: build-bullseye
   image: plugins/kaniko
   settings:
     username:
@@ -13,6 +13,24 @@ steps:
       from_secret: docker_password
     repo: nold360/borgserver
     dockerfile: Dockerfile
+    build_args:
+      - BASE_IMAGE=debian:bullseye-slim
     tags:
+      - latest
       - bullseye
       - 1.1.16
+
+- name: build-buster
+  image: plugins/kaniko
+  settings:
+    username:
+      from_secret: docker_username
+    password:
+      from_secret: docker_password
+    repo: nold360/borgserver
+    dockerfile: Dockerfile
+    build_args:
+      - BASE_IMAGE=debian:buster-slim
+    tags:
+      - buster
+      - 1.1.9

From e07f5e9957e69436cabdbfcef92f13c957389ffe Mon Sep 17 00:00:00 2001
From: nold <nold@gnu.one>
Date: Fri, 21 Jan 2022 10:27:23 +0100
Subject: [PATCH 6/6] Update README

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index a0d7eec..e381cdc 100644
--- a/README.md
+++ b/README.md
@@ -132,3 +132,9 @@ And create your first backup!
 ```
  $ borg create backup:my_first_borg_repo::documents-2017-11-01 /home/user/MyImportentDocs
 ```
+
+## Tags
+
+All images are freshly built every week & published as `nold360/borgserver` with the following tags:
+ - Latest / Stable [borg 1.1.16]: `bullseye`, `1.1.16`, `latest`
+ - Legacy / Buster [borg 1.1.9 ]: `buster`, `1.1.9`