Merge branch 'release/1.0.0'

* Upgrade to bullseye-slim image
* Fix(run.sh): authorized_keys permissions
* Change(run.sh): Add restrict to client keys & output debian version
* Change(Dockerfile): Allow different base images
* Update(drone): Build buster & bullseye images
* Update README

.woodpecker.yml

@@ -0,0 +1,39 @@
+steps:
+  build:
+    image: woodpeckerci/plugin-docker-buildx
+    settings:
+      dry-run: true
+      repo: git.merp.digital/${CI_REPO_OWNER}/borgserver
+      platforms: linux/386,linux/amd64,linux/arm/v7,linux/arm64/v8
+      registry: git.merp.digital
+    when:
+      - event: push
+        branch: 
+          exclude: [develop, master]
+
+  publish-nightly:
+    image: woodpeckerci/plugin-docker-buildx
+    settings:
+      repo: git.merp.digital/${CI_REPO_OWNER}/borgserver
+      platforms: linux/386,linux/amd64,linux/arm/v7,linux/arm64/v8
+      registry: git.merp.digital
+      tags: develop-${CI_COMMIT_SHA}
+      username: ${CI_REPO_OWNER}
+      password:
+        from_secret: cb_token
+    when:
+      - event: push
+        branch: develop
+
+  publish-release:
+    image: woodpeckerci/plugin-docker-buildx
+    settings:
+      repo: git.merp.digital/${CI_REPO_OWNER}/borgserver
+      platforms: linux/386,linux/amd64,linux/arm/v7,linux/arm64/v8
+      registry: git.merp.digital
+      tags: ${CI_COMMIT_TAG}
+      username: ${CI_REPO_OWNER}
+      password:
+        from_secret: cb_token
+    when:
+      - event: tag

Dockerfile

@@ -2,7 +2,7 @@
 # Dockerfile to build borgbackup server images
 # Based on Debian
 ############################################################
-FROM debian:buster-slim
+FROM debian:12.4-slim
 
 # Volume for SSH-Keys
 VOLUME /sshkeys

README.md

@@ -29,7 +29,7 @@ docker run -td \
 	-p 2222:22  \
 	--volume ./borg/sshkeys:/sshkeys \
 	--volume ./borg/backup:/backup \
-	nold360/borgserver:latest
+	git.merp.digital/eranmorkon/borgserver:1.0.0
 ```
 
 
@@ -45,7 +45,7 @@ See the the documentation for all available arguments: [borgbackup.readthedocs.i
 
 ##### Example
 ```
-docker run --rm -e BORG_SERVE_ARGS="--progress --debug" (...) nold360/borgserver
+docker run --rm -e BORG_SERVE_ARGS="--progress --debug" (...) git.merp.digital/eranmorkon/borgserver
 ```
 
 #### BORG_APPEND_ONLY
@@ -62,7 +62,7 @@ To declare a client as admin, set this variable to the name of the client/sshkey
 
 ##### Example
 ```
-docker run --rm -e BORG_APPEND_ONLY="yes" -e BORG_ADMIN="nolds_notebook" (...) nold360/borgserver
+docker run --rm -e BORG_APPEND_ONLY="yes" -e BORG_ADMIN="nolds_notebook" (...) git.merp.digital/eranmorkon/borgserver
 ```
 
 To prune repos from another client, you have to add the path to the repository in the clients directory:
@@ -112,23 +112,7 @@ In this directory will borg write all the client data to. It's best to start wit
 
 ## Example Setup
 ### docker-compose.yml
-Here is a quick example, how to run borgserver using docker-compose:
-```
-services:
- borgserver:
-  image: nold360/borgserver
-  volumes:
-   - /backup:/backup
-   - ./sshkeys:/sshkeys
-  ports:
-   - "2222:22"
-  environment:
-   BORG_SERVE_ARGS: ""
-   BORG_APPEND_ONLY: "no"
-   BORG_ADMIN: ""
-   PUID: 1000
-   PGID: 1000
-```
+Here is a quick example, how to run borgserver using docker-compose: [docker-compose.yml](https://github.com/Nold360/docker-borgserver/blob/master/docker-compose.yml)
 
 ### ~/.ssh/config for clients
 With this configuration (on your borg client) you can easily connect to your borgserver.

data/run.sh

@@ -15,9 +15,11 @@ AUTHORIZED_KEYS_PATH=/home/borg/.ssh/authorized_keys
 # Append only mode?
 BORG_APPEND_ONLY=${BORG_APPEND_ONLY:=no}
 
+source /etc/os-release
 echo "########################################################"
 echo -n " * Docker BorgServer powered by "
 borg -V
+echo " * Based on ${PRETTY_NAME}"
 echo "########################################################"
 echo " * User  id: $(id -u borg)"
 echo " * Group id: $(id -g borg)"
@@ -74,9 +76,11 @@ for keyfile in $(find "${SSH_KEY_DIR}/clients" ! -regex '.*/\..*' -a -type f); d
 		borg_cmd="${BORG_CMD} --append-only"
 	fi
 
-    echo -n "command=\"$(eval echo -n \"${borg_cmd}\")\" " >> ${AUTHORIZED_KEYS_PATH}
-	cat ${keyfile} >> ${AUTHORIZED_KEYS_PATH}
+  echo -n "restrict,command=\"$(eval echo -n \"${borg_cmd}\")\" " >> ${AUTHORIZED_KEYS_PATH}
+  cat ${keyfile} >> ${AUTHORIZED_KEYS_PATH}
+  echo >> ${AUTHORIZED_KEYS_PATH}
 done
+chmod 0600 "${AUTHORIZED_KEYS_PATH}"
 
 echo " * Validating structure of generated ${AUTHORIZED_KEYS_PATH}..."
 ERROR=$(ssh-keygen -lf ${AUTHORIZED_KEYS_PATH} 2>&1 >/dev/null)

data/sshd_config

@@ -25,3 +25,6 @@ PermitTTY no
 PrintMotd no
 PermitTunnel no
 Subsystem	sftp	/bin/false
+
+ClientAliveInterval 10
+ClientAliveCountMax 30

docker-compose.yml

@@ -1,7 +1,7 @@
 version: '3'
 services:
  borgserver:
-  image: nold360/borgserver
+  image: git.merp.digital/eranmorkon/borgserver
   #build: .
   volumes:
    - ./backup:/backup
@@ -9,12 +9,13 @@ services:
   ports:
    - "2222:22"
   environment:
+  # Additional Arguments, see https://borgbackup.readthedocs.io/en/stable/usage/serve.html
    BORG_SERVE_ARGS: ""
 
    # If set to "yes", only the BORG_ADMIN
-   # can delete/prune the all clients archives/repos
+   # can delete/prune the other clients archives/repos
    BORG_APPEND_ONLY: "no"
 
-   # Hostname of Admin's SSH-Key
+   # Filename of Admins SSH-Key; has full access to all repos
    BORG_ADMIN: ""
   restart: unless-stopped