From de3e2908451808f9c70b393c9903904b875812c2 Mon Sep 17 00:00:00 2001
From: meskio <meskio@sindominio.net>
Date: Thu, 16 Jul 2020 20:37:07 +0200
Subject: [PATCH] Working container

---
 Dockerfile    | 17 +++++++++++++++++
 README.md     | 14 ++++++++++++++
 entrypoint.sh | 13 +++++++++++++
 sshd_config   |  6 ++++++
 4 files changed, 50 insertions(+)
 create mode 100644 Dockerfile
 create mode 100644 README.md
 create mode 100755 entrypoint.sh
 create mode 100644 sshd_config

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..dffe744
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,17 @@
+FROM docker.io/debian
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+            borgbackup openssh-server && \
+    apt-get clean
+
+ADD sshd_config /etc/ssh/sshd_config
+ADD entrypoint.sh /entrypoint.sh
+
+RUN mkdir /repo && \
+    mkdir /run/sshd && \
+    mkdir /root/.ssh && \
+    chmod 700 /root/.ssh
+
+VOLUME /repo
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..5e73adb
--- /dev/null
+++ b/README.md
@@ -0,0 +1,14 @@
+Simple borg+ssh docker image
+
+It will limit the ssh so only `borg serve` command will be allowed.
+
+It will run the ssh daemon on port 2222, expect a folder with the repos in /repo and the ssh public key being passed as the environment variable `KEY`.
+
+For example it can be run with podman:
+```
+podman run -user user \
+           -p 2222:2222 \
+           -e "KEY=ssh-ed25519 <key> user" \
+           -v '/path/to/repo:/repo' \
+           borg
+```
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100755
index 0000000..c3f085a
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+echo -n "restrict,command=\"borg serve" >> /root/.ssh/authorized_keys
+for repo in `ls /repo`
+do
+	echo "allow repo $repo"
+	echo -n " --restrict-to-repository /repo/$repo" >> /root/.ssh/authorized_keys
+done
+echo "\" $KEY" >> /root/.ssh/authorized_keys
+
+chmod 600 /root/.ssh/authorized_keys
+echo "Start ssh"
+/usr/sbin/sshd -D -e
diff --git a/sshd_config b/sshd_config
new file mode 100644
index 0000000..e0d38ea
--- /dev/null
+++ b/sshd_config
@@ -0,0 +1,6 @@
+Port 2222
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+UsePAM no
+PermitRootLogin yes
+PubkeyAuthentication yes