-
Notifications
You must be signed in to change notification settings - Fork 2
/
entrypoint.sh
executable file
·86 lines (72 loc) · 3.47 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/bin/bash
echo "################################################################################"
echo "# STARTING BORGBACKUP-SERVER #"
echo "################################################################################"
echo ""
mkdir -p /var/lib/docker-borg/ssh >/dev/null 2>&1
mkdir -p /home/borg/backups >/dev/null 2>&1
# Create a random password each startup, as only ssh-key auth is allowed
BORG_PASSWORD=$(openssl passwd -5 "$(openssl rand -base64 128)")
usermod -p "$BORG_PASSWORD" borg > /dev/null
usermod -U borg > /dev/null
# Generate SSH host-key, if not present
if [ ! -f /var/lib/docker-borg/ssh/ssh_host_rsa_key ]; then
echo "Creating SSH keys. To persist keys across container updates, mount a volume to /var/lib/docker-borg..."
ssh-keygen -A
mv /etc/ssh/ssh*key* /var/lib/docker-borg/ssh/
fi
# Ensure correct permisiions for ssh keys
chmod -R og-rwx /var/lib/docker-borg/ssh/
ln -sf /var/lib/docker-borg/ssh/* /etc/ssh >/dev/null 2>&1
if [ -n "${BORG_UID}" ]; then
usermod -u "${BORG_UID}" borg > /dev/null
fi
if [ -n "${BORG_GID}" ]; then
groupmod -o -g "${BORG_GID}" borg
usermod -g "${BORG_GID}" borg > /dev/null
fi
# if BORG_AUTHORIZED_KEYS is set substitute authorized_keys file
if [ -n "${BORG_AUTHORIZED_KEYS+x}" ]; then
echo -e "${BORG_AUTHORIZED_KEYS}" | sed -re "/^\\s*(\$|#)/! s/^/restrict,command=\"borg serve ${BORG_SERVE_ADDITIONAL_ARGS} --restrict-to-path \/home\/borg\/backups\" /" >/home/borg/.ssh/authorized_keys
fi
chown borg:borg /home/borg/.ssh/authorized_keys
chmod og-rwx /home/borg/.ssh/authorized_keys
echo "################################################################################"
echo "# PRINTING THE CONTENTS OF /HOME/BORG/.SSH/AUTHORIZED_KEYS: #"
echo "################################################################################"
cat /home/borg/.ssh/authorized_keys
echo "end of /home/borg/.ssh/authorized_keys"
echo ""
# chown the backups, can be deactivated by setting ENSURE_BACKUP_PERMISSIONS to false
if [ "${ENSURE_BACKUP_PERMISSIONS}" = true ]; then
chown -R borg:borg /home/borg/backups
else
echo "I will not ensure the correct permissions, because \$ENSURE_BACKUP_PERMISSIONS is not true."
echo ""
fi
# Ensure that the ssh keys have the correct permissions
chown -R borg:borg /home/borg/.ssh
echo "################################################################################"
echo "# BORGBACKUP SERVER STARTED SUCCESSFULLY #"
echo "################################################################################"
echo "Environment:"
echo " BORG_UID = ${BORG_UID}"
echo " BORG_GID = ${BORG_GID}"
echo " BORG_SERVE_ADDITIONAL_ARGS = ${BORG_SERVE_ADDITIONAL_ARGS}"
echo " ENSURE_BACKUP_PERMISSIONS = ${ENSURE_BACKUP_PERMISSIONS}"
echo "Borg Version: $(borg --version)"
echo "Following borg repos are present:"
du -sh /home/borg/backups/*
echo "Size of all backups combined: $(du -sh /home/borg/backups)"
echo ""
echo "It is recommended to add the following entry to your clients ~/.ssh/config:"
echo "Host borgbackup"
echo " Hostname <IP_OR_HOST_HERE>"
echo " User borg"
echo " Port <PORT>"
echo " ServerAliveInterval 10"
echo " ServerAliveCountMax 30"
echo " IdentityFile <OPTIONAL_PATH_TO_YOUR_KEYFILE>"
echo ""
echo "For further information refer to: https://borgbackup.readthedocs.io/en/stable/usage/serve.html#ssh-configuration"
exec /usr/sbin/sshd -D -e