zenermerps/docker-borgserver
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Compare commits

base: zenermerps:master
Branches Tags
zenermerps:master
zenermerps:develop
zenermerps:renovate/configure
zenermerps:fix/sshconf
zenermerps:feat/woodpecker
zenermerps:f_drone
zenermerps:f/newline
zenermerps:upgrade/bullseye
zenermerps:f_git_2
zenermerps:f_init_container
zenermerps:f_git_integration
zenermerps:dev
zenermerps:1.0.0
..
compare: zenermerps:dev
Branches Tags
zenermerps:develop
zenermerps:master
zenermerps:renovate/configure
zenermerps:fix/sshconf
zenermerps:feat/woodpecker
zenermerps:f_drone
zenermerps:f/newline
zenermerps:upgrade/bullseye
zenermerps:f_git_2
zenermerps:f_init_container
zenermerps:f_git_integration
zenermerps:dev
zenermerps:1.0.0

No commits in common. "master" and "dev" have entirely different histories.
master ... dev

6 changed files with 30 additions and 111 deletions
Show stats Expand all files Collapse all files

39
.woodpecker.yml
View file

@ -1,39 +0,0 @@
steps:
build:
image: woodpeckerci/plugin-docker-buildx
settings:
dry-run: true
repo: git.merp.digital/${CI_REPO_OWNER}/borgserver
platforms: linux/386,linux/amd64,linux/arm/v7,linux/arm64/v8
registry: git.merp.digital
when:
- event: push
branch:
exclude: [develop, master]
publish-nightly:
image: woodpeckerci/plugin-docker-buildx
settings:
repo: git.merp.digital/${CI_REPO_OWNER}/borgserver
platforms: linux/386,linux/amd64,linux/arm/v7,linux/arm64/v8
registry: git.merp.digital
tags: develop-${CI_COMMIT_SHA}
username: ${CI_REPO_OWNER}
password:
from_secret: cb_token
when:
- event: push
branch: develop
publish-release:
image: woodpeckerci/plugin-docker-buildx
settings:
repo: git.merp.digital/${CI_REPO_OWNER}/borgserver
platforms: linux/386,linux/amd64,linux/arm/v7,linux/arm64/v8
registry: git.merp.digital
tags: ${CI_COMMIT_TAG}
username: ${CI_REPO_OWNER}
password:
from_secret: cb_token
when:
- event: tag

6
Dockerfile
View file

@ -2,7 +2,7 @@
# Dockerfile to build borgbackup server images # Dockerfile to build borgbackup server images
# Based on Debian # Based on Debian
############################################################ ############################################################
FROM debian:12.4-slim FROM debian:buster-slim
# Volume for SSH-Keys # Volume for SSH-Keys
VOLUME /sshkeys VOLUME /sshkeys
@ -14,10 +14,10 @@ ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update && apt-get -y --no-install-recommends install \ RUN apt-get update && apt-get -y --no-install-recommends install \
borgbackup openssh-server && apt-get clean && \ borgbackup openssh-server && apt-get clean && \
useradd -s /bin/bash -m -U borg && \ useradd -s /bin/bash -m borg && \
mkdir /home/borg/.ssh && \ mkdir /home/borg/.ssh && \
chmod 700 /home/borg/.ssh && \ chmod 700 /home/borg/.ssh && \
chown borg:borg /home/borg/.ssh && \ chown borg: /home/borg/.ssh && \
mkdir /run/sshd && \ mkdir /run/sshd && \
rm -f /etc/ssh/ssh_host*key* && \ rm -f /etc/ssh/ssh_host*key* && \
rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/* rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/*

34
README.md
View file

@ -29,7 +29,7 @@ docker run -td \
-p 2222:22 \ -p 2222:22 \
--volume ./borg/sshkeys:/sshkeys \ --volume ./borg/sshkeys:/sshkeys \
--volume ./borg/backup:/backup \ --volume ./borg/backup:/backup \
git.merp.digital/eranmorkon/borgserver:1.0.0 nold360/borgserver:latest
``` ```
@ -45,7 +45,7 @@ See the the documentation for all available arguments: [borgbackup.readthedocs.i
##### Example ##### Example
``` ```
docker run --rm -e BORG_SERVE_ARGS="--progress --debug" (...) git.merp.digital/eranmorkon/borgserver docker run --rm -e BORG_SERVE_ARGS="--progress --debug" (...) nold360/borgserver
``` ```
#### BORG_APPEND_ONLY #### BORG_APPEND_ONLY
@ -62,7 +62,7 @@ To declare a client as admin, set this variable to the name of the client/sshkey
##### Example ##### Example
``` ```
docker run --rm -e BORG_APPEND_ONLY="yes" -e BORG_ADMIN="nolds_notebook" (...) git.merp.digital/eranmorkon/borgserver docker run --rm -e BORG_APPEND_ONLY="yes" -e BORG_ADMIN="nolds_notebook" (...) nold360/borgserver
``` ```
To prune repos from another client, you have to add the path to the repository in the clients directory: To prune repos from another client, you have to add the path to the repository in the clients directory:
@ -71,14 +71,6 @@ borg prune --keep-last 100 --keep-weekly 1 (...) borgserver:/clientA/clientA
``` ```
#### PUID
Used to set the user id of the `borg` user inside the container. This can be useful when the container has to access resources on the host with a specific user id.
#### PGID
Used to set the group id of the `borg` group inside the container. This can be useful when the container has to access resources on the host with a specific group id.
### Persistent Storages & Client Configuration ### Persistent Storages & Client Configuration
We will need two persistent storage directories for our borgserver to be usefull. We will need two persistent storage directories for our borgserver to be usefull.
@ -90,10 +82,8 @@ Here we will put all SSH public keys from our borg clients, we want to backup. E
That means every client get's it's own repository. So you might want to use the hostname of the client as the name of the sshkey file. That means every client get's it's own repository. So you might want to use the hostname of the client as the name of the sshkey file.
Hidden files & files inside of hidden directories will be ignored!
``` ```
e.g. /sshkeys/clients/webserver.mydomain.com F.e. /sshkeys/clients/webserver.mydomain.com
``` ```
Than your client would have to initiat the borg repository like this: Than your client would have to initiat the borg repository like this:
@ -112,7 +102,21 @@ In this directory will borg write all the client data to. It's best to start wit
## Example Setup ## Example Setup
### docker-compose.yml ### docker-compose.yml
Here is a quick example, how to run borgserver using docker-compose: [docker-compose.yml](https://github.com/Nold360/docker-borgserver/blob/master/docker-compose.yml) Here is a quick example, how to run borgserver using docker-compose:
```
services:
borgserver:
image: nold360/borgserver
volumes:
- /backup:/backup
- ./sshkeys:/sshkeys
ports:
- "2222:22"
environment:
BORG_SERVE_ARGS: ""
BORG_APPEND_ONLY: "no"
BORG_ADMIN: ""
```
### ~/.ssh/config for clients ### ~/.ssh/config for clients
With this configuration (on your borg client) you can easily connect to your borgserver. With this configuration (on your borg client) you can easily connect to your borgserver.

38
data/run.sh
View file

@ -1,30 +1,17 @@
#!/bin/bash #!/bin/bash
# Start Script for docker-borgserver # Start Script for docker-borgserver
PUID=${PUID:-1000}
PGID=${PGID:-1000}
usermod -o -u "$PUID" borg &>/dev/null
groupmod -o -g "$PGID" borg &>/dev/null
BORG_DATA_DIR=/backup BORG_DATA_DIR=/backup
SSH_KEY_DIR=/sshkeys SSH_KEY_DIR=/sshkeys
BORG_CMD='cd ${BORG_DATA_DIR}/${client_name}; borg serve --restrict-to-path ${BORG_DATA_DIR}/${client_name} ${BORG_SERVE_ARGS}' BORG_CMD='cd ${BORG_DATA_DIR}/${client_name}; borg serve --restrict-to-path ${BORG_DATA_DIR}/${client_name} ${BORG_SERVE_ARGS}'
AUTHORIZED_KEYS_PATH=/home/borg/.ssh/authorized_keys
# Append only mode? # Append only mode?
BORG_APPEND_ONLY=${BORG_APPEND_ONLY:=no} BORG_APPEND_ONLY=${BORG_APPEND_ONLY:=no}
source /etc/os-release
echo "########################################################" echo "########################################################"
echo -n " * Docker BorgServer powered by " echo -n " * Docker BorgServer powered by "
borg -V borg -V
echo " * Based on ${PRETTY_NAME}"
echo "########################################################" echo "########################################################"
echo " * User id: $(id -u borg)"
echo " * Group id: $(id -g borg)"
echo "########################################################"
# Precheck if BORG_ADMIN is set # Precheck if BORG_ADMIN is set
if [ "${BORG_APPEND_ONLY}" == "yes" ] && [ -z "${BORG_ADMIN}" ] ; then if [ "${BORG_APPEND_ONLY}" == "yes" ] && [ -z "${BORG_ADMIN}" ] ; then
@ -40,7 +27,7 @@ for dir in BORG_DATA_DIR SSH_KEY_DIR ; do
exit 1 exit 1
fi fi
if [ "$(find ${SSH_KEY_DIR}/clients ! -regex '.*/\..*' -a -type f | wc -l)" == "0" ] ; then if [ "$(find ${SSH_KEY_DIR}/clients -type f | wc -l)" == "0" ] ; then
echo "ERROR: No SSH-Pubkey file found in ${SSH_KEY_DIR}" echo "ERROR: No SSH-Pubkey file found in ${SSH_KEY_DIR}"
exit 1 exit 1
fi fi
@ -60,8 +47,8 @@ echo "########################################################"
echo " * Starting SSH-Key import..." echo " * Starting SSH-Key import..."
# Add every key to borg-users authorized_keys # Add every key to borg-users authorized_keys
rm ${AUTHORIZED_KEYS_PATH} &>/dev/null rm /home/borg/.ssh/authorized_keys &>/dev/null
for keyfile in $(find "${SSH_KEY_DIR}/clients" ! -regex '.*/\..*' -a -type f); do for keyfile in $(find "${SSH_KEY_DIR}/clients" -type f); do
client_name=$(basename ${keyfile}) client_name=$(basename ${keyfile})
mkdir ${BORG_DATA_DIR}/${client_name} 2>/dev/null mkdir ${BORG_DATA_DIR}/${client_name} 2>/dev/null
echo " ** Adding client ${client_name} with repo path ${BORG_DATA_DIR}/${client_name}" echo " ** Adding client ${client_name} with repo path ${BORG_DATA_DIR}/${client_name}"
@ -76,22 +63,13 @@ for keyfile in $(find "${SSH_KEY_DIR}/clients" ! -regex '.*/\..*' -a -type f); d
borg_cmd="${BORG_CMD} --append-only" borg_cmd="${BORG_CMD} --append-only"
fi fi
echo -n "restrict,command=\"$(eval echo -n \"${borg_cmd}\")\" " >> ${AUTHORIZED_KEYS_PATH} echo -n "command=\"$(eval echo -n \"${borg_cmd}\")\" " >> /home/borg/.ssh/authorized_keys
cat ${keyfile} >> ${AUTHORIZED_KEYS_PATH} cat ${keyfile} >> /home/borg/.ssh/authorized_keys
echo >> ${AUTHORIZED_KEYS_PATH}
done done
chmod 0600 "${AUTHORIZED_KEYS_PATH}"
echo " * Validating structure of generated ${AUTHORIZED_KEYS_PATH}..." chown -R borg: /backup
ERROR=$(ssh-keygen -lf ${AUTHORIZED_KEYS_PATH} 2>&1 >/dev/null) chown borg: /home/borg/.ssh/authorized_keys
if [ $? -ne 0 ]; then chmod 600 /home/borg/.ssh/authorized_keys
echo "ERROR: ${ERROR}"
exit 1
fi
chown -R borg:borg ${BORG_DATA_DIR}
chown borg:borg ${AUTHORIZED_KEYS_PATH}
chmod 600 ${AUTHORIZED_KEYS_PATH}
echo "########################################################" echo "########################################################"
echo " * Init done! Starting SSH-Daemon..." echo " * Init done! Starting SSH-Daemon..."

3
data/sshd_config
View file

@ -25,6 +25,3 @@ PermitTTY no
PrintMotd no PrintMotd no
PermitTunnel no PermitTunnel no
Subsystem sftp /bin/false Subsystem sftp /bin/false
ClientAliveInterval 10
ClientAliveCountMax 30

21
docker-compose.yml
View file

@ -1,21 +0,0 @@
version: '3'
services:
borgserver:
image: git.merp.digital/eranmorkon/borgserver
#build: .
volumes:
- ./backup:/backup
- ./sshkeys:/sshkeys
ports:
- "2222:22"
environment:
# Additional Arguments, see https://borgbackup.readthedocs.io/en/stable/usage/serve.html
BORG_SERVE_ARGS: ""
# If set to "yes", only the BORG_ADMIN
# can delete/prune the other clients archives/repos
BORG_APPEND_ONLY: "no"
# Filename of Admins SSH-Key; has full access to all repos
BORG_ADMIN: ""
restart: unless-stopped