Compare commits

...

18 commits
dev ... master

Author SHA1 Message Date
Andreas Mieke 6035ca549e Merge branch 'release/1.0.0'
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2024-01-13 03:20:38 +01:00
Andreas Mieke 397f800372 fix(platforms): Remove useless platforms
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2024-01-13 03:17:42 +01:00
Andreas Mieke 49b78cf10f feat(platforms): Add ARM support
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
2024-01-13 03:14:36 +01:00
nold 45e8883cae fix(sshd_config): recommended keepalive values 2022-11-24 16:29:39 +01:00
nold ef02f845dc add(ci): woodpecker.yml 2022-11-24 16:15:37 +01:00
nold 57ed075e22 Update(drone): Image tag for bookwork v1.2 & v1.2.2 2022-09-20 09:06:17 +02:00
Nold 2c76a45aca
Update: bookworm image version 1.2.1 2022-07-20 11:01:57 +02:00
nold ea677a7da9 Add(drone): Build Bookworm 2022-05-11 18:54:55 +02:00
Gerrit Pannek 95ec06eb80 Fix(run.sh): Add new line in authorized_keys [Fixes #12] 2022-02-05 18:13:41 +01:00
Nold 0b641a8253
Upgrade: bullseye & borgbackup 1.1.16 (#13)
* Upgrade to bullseye-slim image
* Fix(run.sh): authorized_keys permissions
* Change(run.sh): Add restrict to client keys & output debian version
* Change(Dockerfile): Allow different base images
* Update(drone): Build buster & bullseye images
* Update README
2022-01-21 10:33:54 +01:00
nold 7b241c142b Update: README & docker-compose example 2022-01-21 10:02:01 +01:00
nold 7d29e33747 Fix: drone - use kaniko for building 2021-11-29 17:39:31 +01:00
nold 674b4d8757 Add: drone.yml 2021-08-13 12:56:36 +02:00
nold ac797c90f6 Minor output change to PR#5 - thanks abmaonline 2019-12-05 16:55:06 +01:00
Matthijs Abma 5d0d13c42a Add simple integrity check for authorized_keys file, in case you put something interesting in your BORG_SERVE_ARGS 2019-12-01 17:58:29 +01:00
Matthijs Abma 590d6712fb Create borg group and add option to set user id and group id explicitly for easier access to host resources 2019-12-01 17:56:05 +01:00
nold a741486bb3 Add: docker-compose.yml 2019-07-05 13:25:16 +02:00
nold 7643f16ebd Change: Ignore hidden files & files inside of hidden directories [pull/3] 2019-07-05 13:20:24 +02:00
6 changed files with 111 additions and 30 deletions

39
.woodpecker.yml Normal file
View file

@ -0,0 +1,39 @@
steps:
build:
image: woodpeckerci/plugin-docker-buildx
settings:
dry-run: true
repo: git.merp.digital/${CI_REPO_OWNER}/borgserver
platforms: linux/386,linux/amd64,linux/arm/v7,linux/arm64/v8
registry: git.merp.digital
when:
- event: push
branch:
exclude: [develop, master]
publish-nightly:
image: woodpeckerci/plugin-docker-buildx
settings:
repo: git.merp.digital/${CI_REPO_OWNER}/borgserver
platforms: linux/386,linux/amd64,linux/arm/v7,linux/arm64/v8
registry: git.merp.digital
tags: develop-${CI_COMMIT_SHA}
username: ${CI_REPO_OWNER}
password:
from_secret: cb_token
when:
- event: push
branch: develop
publish-release:
image: woodpeckerci/plugin-docker-buildx
settings:
repo: git.merp.digital/${CI_REPO_OWNER}/borgserver
platforms: linux/386,linux/amd64,linux/arm/v7,linux/arm64/v8
registry: git.merp.digital
tags: ${CI_COMMIT_TAG}
username: ${CI_REPO_OWNER}
password:
from_secret: cb_token
when:
- event: tag

View file

@ -2,7 +2,7 @@
# Dockerfile to build borgbackup server images # Dockerfile to build borgbackup server images
# Based on Debian # Based on Debian
############################################################ ############################################################
FROM debian:buster-slim FROM debian:12.4-slim
# Volume for SSH-Keys # Volume for SSH-Keys
VOLUME /sshkeys VOLUME /sshkeys
@ -14,10 +14,10 @@ ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update && apt-get -y --no-install-recommends install \ RUN apt-get update && apt-get -y --no-install-recommends install \
borgbackup openssh-server && apt-get clean && \ borgbackup openssh-server && apt-get clean && \
useradd -s /bin/bash -m borg && \ useradd -s /bin/bash -m -U borg && \
mkdir /home/borg/.ssh && \ mkdir /home/borg/.ssh && \
chmod 700 /home/borg/.ssh && \ chmod 700 /home/borg/.ssh && \
chown borg: /home/borg/.ssh && \ chown borg:borg /home/borg/.ssh && \
mkdir /run/sshd && \ mkdir /run/sshd && \
rm -f /etc/ssh/ssh_host*key* && \ rm -f /etc/ssh/ssh_host*key* && \
rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/* rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/*

View file

@ -29,7 +29,7 @@ docker run -td \
-p 2222:22 \ -p 2222:22 \
--volume ./borg/sshkeys:/sshkeys \ --volume ./borg/sshkeys:/sshkeys \
--volume ./borg/backup:/backup \ --volume ./borg/backup:/backup \
nold360/borgserver:latest git.merp.digital/eranmorkon/borgserver:1.0.0
``` ```
@ -45,7 +45,7 @@ See the the documentation for all available arguments: [borgbackup.readthedocs.i
##### Example ##### Example
``` ```
docker run --rm -e BORG_SERVE_ARGS="--progress --debug" (...) nold360/borgserver docker run --rm -e BORG_SERVE_ARGS="--progress --debug" (...) git.merp.digital/eranmorkon/borgserver
``` ```
#### BORG_APPEND_ONLY #### BORG_APPEND_ONLY
@ -62,7 +62,7 @@ To declare a client as admin, set this variable to the name of the client/sshkey
##### Example ##### Example
``` ```
docker run --rm -e BORG_APPEND_ONLY="yes" -e BORG_ADMIN="nolds_notebook" (...) nold360/borgserver docker run --rm -e BORG_APPEND_ONLY="yes" -e BORG_ADMIN="nolds_notebook" (...) git.merp.digital/eranmorkon/borgserver
``` ```
To prune repos from another client, you have to add the path to the repository in the clients directory: To prune repos from another client, you have to add the path to the repository in the clients directory:
@ -71,6 +71,14 @@ borg prune --keep-last 100 --keep-weekly 1 (...) borgserver:/clientA/clientA
``` ```
#### PUID
Used to set the user id of the `borg` user inside the container. This can be useful when the container has to access resources on the host with a specific user id.
#### PGID
Used to set the group id of the `borg` group inside the container. This can be useful when the container has to access resources on the host with a specific group id.
### Persistent Storages & Client Configuration ### Persistent Storages & Client Configuration
We will need two persistent storage directories for our borgserver to be usefull. We will need two persistent storage directories for our borgserver to be usefull.
@ -82,8 +90,10 @@ Here we will put all SSH public keys from our borg clients, we want to backup. E
That means every client get's it's own repository. So you might want to use the hostname of the client as the name of the sshkey file. That means every client get's it's own repository. So you might want to use the hostname of the client as the name of the sshkey file.
Hidden files & files inside of hidden directories will be ignored!
``` ```
F.e. /sshkeys/clients/webserver.mydomain.com e.g. /sshkeys/clients/webserver.mydomain.com
``` ```
Than your client would have to initiat the borg repository like this: Than your client would have to initiat the borg repository like this:
@ -102,21 +112,7 @@ In this directory will borg write all the client data to. It's best to start wit
## Example Setup ## Example Setup
### docker-compose.yml ### docker-compose.yml
Here is a quick example, how to run borgserver using docker-compose: Here is a quick example, how to run borgserver using docker-compose: [docker-compose.yml](https://github.com/Nold360/docker-borgserver/blob/master/docker-compose.yml)
```
services:
borgserver:
image: nold360/borgserver
volumes:
- /backup:/backup
- ./sshkeys:/sshkeys
ports:
- "2222:22"
environment:
BORG_SERVE_ARGS: ""
BORG_APPEND_ONLY: "no"
BORG_ADMIN: ""
```
### ~/.ssh/config for clients ### ~/.ssh/config for clients
With this configuration (on your borg client) you can easily connect to your borgserver. With this configuration (on your borg client) you can easily connect to your borgserver.

View file

@ -1,17 +1,30 @@
#!/bin/bash #!/bin/bash
# Start Script for docker-borgserver # Start Script for docker-borgserver
PUID=${PUID:-1000}
PGID=${PGID:-1000}
usermod -o -u "$PUID" borg &>/dev/null
groupmod -o -g "$PGID" borg &>/dev/null
BORG_DATA_DIR=/backup BORG_DATA_DIR=/backup
SSH_KEY_DIR=/sshkeys SSH_KEY_DIR=/sshkeys
BORG_CMD='cd ${BORG_DATA_DIR}/${client_name}; borg serve --restrict-to-path ${BORG_DATA_DIR}/${client_name} ${BORG_SERVE_ARGS}' BORG_CMD='cd ${BORG_DATA_DIR}/${client_name}; borg serve --restrict-to-path ${BORG_DATA_DIR}/${client_name} ${BORG_SERVE_ARGS}'
AUTHORIZED_KEYS_PATH=/home/borg/.ssh/authorized_keys
# Append only mode? # Append only mode?
BORG_APPEND_ONLY=${BORG_APPEND_ONLY:=no} BORG_APPEND_ONLY=${BORG_APPEND_ONLY:=no}
source /etc/os-release
echo "########################################################" echo "########################################################"
echo -n " * Docker BorgServer powered by " echo -n " * Docker BorgServer powered by "
borg -V borg -V
echo " * Based on ${PRETTY_NAME}"
echo "########################################################" echo "########################################################"
echo " * User id: $(id -u borg)"
echo " * Group id: $(id -g borg)"
echo "########################################################"
# Precheck if BORG_ADMIN is set # Precheck if BORG_ADMIN is set
if [ "${BORG_APPEND_ONLY}" == "yes" ] && [ -z "${BORG_ADMIN}" ] ; then if [ "${BORG_APPEND_ONLY}" == "yes" ] && [ -z "${BORG_ADMIN}" ] ; then
@ -27,7 +40,7 @@ for dir in BORG_DATA_DIR SSH_KEY_DIR ; do
exit 1 exit 1
fi fi
if [ "$(find ${SSH_KEY_DIR}/clients -type f | wc -l)" == "0" ] ; then if [ "$(find ${SSH_KEY_DIR}/clients ! -regex '.*/\..*' -a -type f | wc -l)" == "0" ] ; then
echo "ERROR: No SSH-Pubkey file found in ${SSH_KEY_DIR}" echo "ERROR: No SSH-Pubkey file found in ${SSH_KEY_DIR}"
exit 1 exit 1
fi fi
@ -47,8 +60,8 @@ echo "########################################################"
echo " * Starting SSH-Key import..." echo " * Starting SSH-Key import..."
# Add every key to borg-users authorized_keys # Add every key to borg-users authorized_keys
rm /home/borg/.ssh/authorized_keys &>/dev/null rm ${AUTHORIZED_KEYS_PATH} &>/dev/null
for keyfile in $(find "${SSH_KEY_DIR}/clients" -type f); do for keyfile in $(find "${SSH_KEY_DIR}/clients" ! -regex '.*/\..*' -a -type f); do
client_name=$(basename ${keyfile}) client_name=$(basename ${keyfile})
mkdir ${BORG_DATA_DIR}/${client_name} 2>/dev/null mkdir ${BORG_DATA_DIR}/${client_name} 2>/dev/null
echo " ** Adding client ${client_name} with repo path ${BORG_DATA_DIR}/${client_name}" echo " ** Adding client ${client_name} with repo path ${BORG_DATA_DIR}/${client_name}"
@ -63,13 +76,22 @@ for keyfile in $(find "${SSH_KEY_DIR}/clients" -type f); do
borg_cmd="${BORG_CMD} --append-only" borg_cmd="${BORG_CMD} --append-only"
fi fi
echo -n "command=\"$(eval echo -n \"${borg_cmd}\")\" " >> /home/borg/.ssh/authorized_keys echo -n "restrict,command=\"$(eval echo -n \"${borg_cmd}\")\" " >> ${AUTHORIZED_KEYS_PATH}
cat ${keyfile} >> /home/borg/.ssh/authorized_keys cat ${keyfile} >> ${AUTHORIZED_KEYS_PATH}
echo >> ${AUTHORIZED_KEYS_PATH}
done done
chmod 0600 "${AUTHORIZED_KEYS_PATH}"
chown -R borg: /backup echo " * Validating structure of generated ${AUTHORIZED_KEYS_PATH}..."
chown borg: /home/borg/.ssh/authorized_keys ERROR=$(ssh-keygen -lf ${AUTHORIZED_KEYS_PATH} 2>&1 >/dev/null)
chmod 600 /home/borg/.ssh/authorized_keys if [ $? -ne 0 ]; then
echo "ERROR: ${ERROR}"
exit 1
fi
chown -R borg:borg ${BORG_DATA_DIR}
chown borg:borg ${AUTHORIZED_KEYS_PATH}
chmod 600 ${AUTHORIZED_KEYS_PATH}
echo "########################################################" echo "########################################################"
echo " * Init done! Starting SSH-Daemon..." echo " * Init done! Starting SSH-Daemon..."

View file

@ -25,3 +25,6 @@ PermitTTY no
PrintMotd no PrintMotd no
PermitTunnel no PermitTunnel no
Subsystem sftp /bin/false Subsystem sftp /bin/false
ClientAliveInterval 10
ClientAliveCountMax 30

21
docker-compose.yml Normal file
View file

@ -0,0 +1,21 @@
version: '3'
services:
borgserver:
image: git.merp.digital/eranmorkon/borgserver
#build: .
volumes:
- ./backup:/backup
- ./sshkeys:/sshkeys
ports:
- "2222:22"
environment:
# Additional Arguments, see https://borgbackup.readthedocs.io/en/stable/usage/serve.html
BORG_SERVE_ARGS: ""
# If set to "yes", only the BORG_ADMIN
# can delete/prune the other clients archives/repos
BORG_APPEND_ONLY: "no"
# Filename of Admins SSH-Key; has full access to all repos
BORG_ADMIN: ""
restart: unless-stopped