Docker/borgBackup-Docker
1
0
Fork 0
Code Issues Actions Packages Activity

Compare commits

base: Docker/borgBackup-Docker:03f5eaf1d22d292251c0a124a5147050d8417404
Branches Tags
Docker/borgBackup-Docker:main Docker/borgBackup-Docker:alpine
..
compare: Docker/borgBackup-Docker:main
Branches Tags
Docker/borgBackup-Docker:alpine Docker/borgBackup-Docker:main

1 Commits
03f5eaf1d2 .. main

Author SHA1 Message Date
daniel156161 44937b6493 update build workflow
Build and Push Docker Container / build-and-push (push) Failing after 12m23s
Details
2026-04-11 23:31:44 +02:00
8 changed files with 144 additions and 127 deletions
Expand all files Collapse all files
.gitea/workflows/prod-docker-images.yml
+31 -7
View File
@@ -6,6 +6,7 @@ on:
push: push:
branches: branches:
- main - main
- alpine
workflow_dispatch: workflow_dispatch:
jobs: jobs:
@@ -14,26 +15,49 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v6
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v4
# --- Logins --- # --- Logins ---
- name: Login to Gitea Registry
if: ${{ github.ref == 'refs/heads/alpine' }}
uses: docker/login-action@v4
with:
registry: ${{ vars.DOCKER_REGISTRY_URL }}
username: ${{ secrets.DOCKER_REGISTRY_USERNAME }}
password: ${{ secrets.ACTION_ACCESS_TOKEN }}
- name: Login to Docker Hub - name: Login to Docker Hub
uses: docker/login-action@v3 if: ${{ github.ref == 'refs/heads/main' }}
uses: docker/login-action@v4
with: with:
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
# ---------------- BRANCH BUILD (main) ---------------- # ---------------- BRANCH BUILD (main) ----------------
# On Branch: Gitea and Docker Hub :latest # On Branch main: Docker Hub :latest
- name: Build & push (branch -> only :latest everywhere) # On Branch alpine: Gitea :alpine
if: ${{ github.ref_type == 'branch' && github.ref == 'refs/heads/main' }} - name: Repo owner to lowercase
uses: docker/build-push-action@v6 run: echo "REPO_OWNER_LC=$(echo '${{ gitea.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
- name: Build and push main image to Docker Hub
if: ${{ github.ref == 'refs/heads/main' }}
uses: docker/build-push-action@v7
with: with:
context: . context: .
push: true push: true
platforms: linux/amd64 platforms: linux/amd64
tags: | tags: |
${{ secrets.DOCKERHUB_USERNAME }}/borgbackup-ssh:latest ${{ secrets.DOCKERHUB_USERNAME }}/borgbackup-ssh:latest
- name: Build and push Alpine image to Gitea
if: ${{ github.ref == 'refs/heads/alpine' }}
uses: docker/build-push-action@v7
with:
context: .
push: true
platforms: linux/amd64
tags: |
${{ vars.DOCKER_REGISTRY_URL }}/${{ env.REPO_OWNER_LC }}/borgbackup-ssh:alpine
.gitmodules
+3
View File
@@ -0,0 +1,3 @@
[submodule "package/teleport-bin"]
path = package/teleport-bin
url = git@git.yiprawr.dev:daniel156161/teleport-bin.git
Dockerfile
+37 -19
View File
@@ -1,4 +1,4 @@
FROM alpine:3.23 FROM archlinux:latest
ENV USER=borg ENV USER=borg
ENV UID=1000 ENV UID=1000
@@ -9,18 +9,8 @@ ENV RUN_INSTALL_SCRIPT="false"
ENV RUN_PROMETHEUS_EXPORTER="false" ENV RUN_PROMETHEUS_EXPORTER="false"
ENV TZ="" ENV TZ=""
RUN apk add --no-cache \ # Add Folders and Shell Scripts
bash sudo openssh-server shadow tzdata curl git dcron coreutils grep sed gawk util-linux ca-certificates tmux prometheus-node-exporter \ RUN mkdir "/.ssh"
borgbackup \
&& mkdir -p \
/.ssh \
/backups \
/logs \
/run/sshd \
/root/.cache/crontab \
/sshkeys/clients \
/sshkeys/host
VOLUME ["/backups"] VOLUME ["/backups"]
VOLUME ["/logs"] VOLUME ["/logs"]
VOLUME ["/sshkeys/host"] VOLUME ["/sshkeys/host"]
@@ -28,16 +18,44 @@ VOLUME ["/sshkeys/host"]
COPY entrypoint-script/entrypoint.sh / COPY entrypoint-script/entrypoint.sh /
COPY entrypoint-script/variables.sh / COPY entrypoint-script/variables.sh /
COPY scripts/borgbackup.sh /usr/local/bin/ COPY scripts/borgbackup.sh /usr/local/bin/
COPY prometheus-borg-exporter/borg_exporter.sh /usr/local/bin/
COPY prometheus-borg-exporter/borg_exporter.rc /etc/
COPY bash-config/.bash_profile /root/ COPY bash-config/.bash_profile /root/
COPY bash-config/.bashrc_root /root/ COPY bash-config/.bashrc_root /root/
COPY bash-config/.bash_profile / COPY bash-config/.bash_profile /
COPY bash-config/.bashrc / COPY bash-config/.bashrc /
COPY sshd_config /etc/ssh/sshd_config COPY bash-config/locale.gen /etc/locale.gen
RUN chmod 0755 /entrypoint.sh /usr/local/bin/borgbackup.sh /usr/local/bin/borg_exporter.sh COPY prometheus-borg-exporter/borg_exporter.sh /usr/local/bin/
COPY prometheus-borg-exporter/borg_exporter.rc /etc/
# Create .cache folder
RUN mkdir -p "/root/.cache/crontab"
# Create locale files
RUN locale-gen
# Install packages
RUN pacman-key --init
RUN pacman -Syu --noconfirm sudo bash-completion openssh fastfetch \
borgbackup dateutils prometheus-node-exporter wget git base-devel cron net-tools inetutils tmux
# Make Build User
RUN useradd builduser -m
RUN passwd -d builduser
RUN printf 'builduser ALL=(ALL) ALL\n' | tee -a /etc/sudoers
RUN sudo -u builduser bash -c 'cd ~ && git clone https://aur.archlinux.org/teleport-bin.git teleport && cd teleport && makepkg -si --noconfirm && cd ~ && rm -rf teleport'
#RUN sudo -u builduser bash -c 'cd ~ && git clone https://git.yiprawr.dev/daniel156161/teleport-bin.git teleport && cd teleport && makepkg -si --noconfirm && cd ~ && rm -rf teleport'
RUN userdel -r builduser
# Setup SSH-Server
RUN sed -ie 's/#Port 22/Port 22/g' /etc/ssh/sshd_config
RUN sed -ie 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
RUN sed -ie 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
RUN sed -ie 's|#HostKey /etc/ssh/ssh_host_rsa_key|HostKey /sshkeys/host/ssh_host_rsa_key|g' /etc/ssh/sshd_config
RUN sed -ie 's|#HostKey /etc/ssh/ssh_host_ecdsa_key|HostKey /sshkeys/host/ssh_host_ecdsa_key|g' /etc/ssh/sshd_config
RUN sed -ie 's|#HostKey /etc/ssh/ssh_host_ed25519_key|HostKey /sshkeys/host/ssh_host_ed25519_key|g' /etc/ssh/sshd_config
EXPOSE 22 EXPOSE 22
ENTRYPOINT [ "/entrypoint.sh" ]
ENTRYPOINT ["/entrypoint.sh"]
entrypoint-script/entrypoint.sh
Regular → Executable
+63 -58
View File
@@ -1,18 +1,16 @@
#!/bin/bash #!/bin/bash
set -euo pipefail
source "/variables.sh" source "/variables.sh"
############################################################################### #####################################################################################################
# Funktionen # Funktionen
############################################################################### #####################################################################################################
function set_environment_variables_if_not_empty { function set_environment_variables_if_not_empty {
# Set Tmux Shell for .bashrc to load tmux and attach session if exists else create new session # Set Tmux Shell for .bashrc to load tmux and attach session if exists else create new session
if [ -n "${USE_TMUX_SHELL:-}" ]; then if [ "$USE_TMUX_SHELL" != "" ]; then
echo "USE_TMUX_SHELL=$USE_TMUX_SHELL" >> /etc/environment echo "USE_TMUX_SHELL=$USE_TMUX_SHELL" >> /etc/environment
fi fi
# Set Server Timezone # Set Server Timezone
if [ -n "${TZ:-}" ]; then if [ "$TZ" != "" ]; then
echo "TZ=$TZ" >> /etc/environment echo "TZ=$TZ" >> /etc/environment
ln -sf "/usr/share/zoneinfo/$TZ" /etc/localtime ln -sf "/usr/share/zoneinfo/$TZ" /etc/localtime
fi fi
@@ -31,55 +29,52 @@ function print_user_info {
echo "* GROUP: $USER - GID: $GID" echo "* GROUP: $USER - GID: $GID"
} }
function create_folder_and_change_permissions {
if [ ! -d "$1" ]; then
mkdir -p "$1"
fi
chown -R "$USER":"$USER" "$1"
}
function add_borg_user { function add_borg_user {
if ! id "$USER" >/dev/null 2>&1; then if ! id "$USER" &>/dev/null; then
groupadd -g "$GID" "$USER" >/dev/null groupadd -g "$GID" "$USER" >> /dev/null
useradd -M -u "$UID" -g "$GID" -d / -s /bin/bash "$USER" >/dev/null useradd -r -u "$UID" -g "$GID" -s "/bin/bash" "$USER" >> /dev/null
printf "%s ALL=(ALL) NOPASSWD: ALL\n" "$USER" >> /etc/sudoers passwd -d "$USER" >> /dev/null
printf "$USER ALL=(ALL) NOPASSWD: ALL\n" | tee -a /etc/sudoers >> /dev/null
usermod -d / borg >> /dev/null
create_folder_and_change_permissions "/.config" create_folder_and_change_permissions "/.config"
create_folder_and_change_permissions "/.cache" create_folder_and_change_permissions "/.cache"
chmod 700 "/.cache" chmod 700 "/.cache"
fi fi
random_pw="$(dd if=/dev/urandom bs=18 count=1 2>/dev/null | base64)"
echo "${USER}:${random_pw}" | chpasswd >/dev/null 2>&1 || true
} }
function make_and_import_ssh_keys { function make_and_import_ssh_keys {
local create_folders="0" local create_folders="0"
mkdir -p "/.ssh" if [ ! -f "/.ssh/authorized_keys" ]; then
: > "/.ssh/authorized_keys" touch "/.ssh/authorized_keys"
else
rm "/.ssh/authorized_keys"
touch "/.ssh/authorized_keys"
fi
for key_dir in "${SSH_FOLDERS[@]}"; do for key in ${SSH_FOLDERS[@]}; do
if [ ! -d "$key_dir" ]; then if [ ! -d "${key}" ]; then
mkdir -p "$key_dir" mkdir -p "${key}"
echo "Created $key_dir" echo "Created ${key}"
create_folders="1" create_folders="1"
fi fi
done done
if [ "$create_folders" = "1" ]; then #chown -R "$USER":"$USER" "/sshkeys"
if [ $create_folders == "1" ]; then
sepurator sepurator
fi fi
echo "* IMPORT SSH KEYS" echo "* IMPORT SSH KEYS"
shopt -s nullglob FILES=$(ls -1 /sshkeys/clients)
for key in /sshkeys/clients/*; do for key in $FILES; do
echo "- Adding SSH-Key $(basename "$key")" echo "- Adding SSH-Key $key"
cat "$key" >> "/.ssh/authorized_keys" cat "/sshkeys/clients/$key" >> "/.ssh/authorized_keys"
echo "" >> "/.ssh/authorized_keys" echo "" >> "/.ssh/authorized_keys"
done done
shopt -u nullglob
chown -R "$USER":"$USER" "/.ssh" chown -R "$USER":"$USER" "/.ssh"
chmod 700 "/.ssh" chmod 700 "/.ssh"
@@ -94,30 +89,26 @@ function print_message {
function generate_host_sshkey { function generate_host_sshkey {
# Generate SSH-Keys # Generate SSH-Keys
mkdir -p /sshkeys/host
if [ ! -f "/sshkeys/host/ssh_host_rsa_key" ]; then if [ ! -f "/sshkeys/host/ssh_host_rsa_key" ]; then
sepurator sepurator
print_message "HOST SSH-KEY RSA not found, generating..." print_message "HOST SSH-KEY RSA not found, generating..."
ssh-keygen -q -t rsa -b 4096 -f "/sshkeys/host/ssh_host_rsa_key" -N "" ssh-keygen -t rsa -b 4096 -f "/sshkeys/host/ssh_host_rsa_key" -N ""
print_message "HOST SSH-KEY RSA Generated" print_message "HOST SSH-KEY RSA Generated"
fi fi
if [ ! -f "/sshkeys/host/ssh_host_ecdsa_key" ]; then if [ ! -f "/sshkeys/host/ssh_host_ecdsa_key" ]; then
sepurator sepurator
print_message "HOST SSH-KEY ECDSA not found, generating..." print_message "HOST SSH-KEY ECDSA not found, generating..."
ssh-keygen -q -t ecdsa -b 521 -f "/sshkeys/host/ssh_host_ecdsa_key" -N "" ssh-keygen -t ecdsa -b 521 -f "/sshkeys/host/ssh_host_ecdsa_key" -N ""
print_message "HOST SSH-KEY ECDSA Generated" print_message "HOST SSH-KEY ECDSA Generated"
fi fi
if [ ! -f "/sshkeys/host/ssh_host_ed25519_key" ]; then if [ ! -f "/sshkeys/host/ssh_host_ed25519_key" ]; then
sepurator sepurator
print_message "HOST SSH-KEY ED25519 not found, generating..." print_message "HOST SSH-KEY ED25519 not found, generating..."
ssh-keygen -q -t ed25519 -f "/sshkeys/host/ssh_host_ed25519_key" -N "" ssh-keygen -t ed25519 -b 521 -f "/sshkeys/host/ssh_host_ed25519_key" -N ""
print_message "HOST SSH-KEY ED25519 Generated" print_message "HOST SSH-KEY ED25519 Generated"
fi fi
chmod 600 /sshkeys/host/ssh_host_*_key chown -R "$USER":"$USER" "/sshkeys/host"
chmod 644 /sshkeys/host/ssh_host_*_key.pub
chown root:root /sshkeys/host/ssh_host_* || true
} }
function maintenance_enable { function maintenance_enable {
@@ -125,7 +116,7 @@ function maintenance_enable {
echo "* MAINTENANCE MODE - ENABLED" echo "* MAINTENANCE MODE - ENABLED"
if [ -f "/crontab.txt" ]; then if [ -f "/crontab.txt" ]; then
crontab "/crontab.txt" crontab "/crontab.txt"
crond crond -i 2> /dev/null
echo "- Crontab loaded successfully" echo "- Crontab loaded successfully"
else else
echo "- Can not find /crontab.txt" echo "- Can not find /crontab.txt"
@@ -135,7 +126,7 @@ function maintenance_enable {
} }
function show_timezone_output { function show_timezone_output {
if [ -n "${TZ:-}" ]; then if [ "$TZ" != "" ]; then
echo "* Setting Timezone to $TZ" echo "* Setting Timezone to $TZ"
else else
echo "* Timezone not set - Use UTC Time" echo "* Timezone not set - Use UTC Time"
@@ -144,26 +135,37 @@ function show_timezone_output {
} }
function run_install_script { function run_install_script {
if [ "$RUN_INSTALL_SCRIPT" != "false" ] && [ ! -f "/.runnedInstall" ]; then if [ "$RUN_INSTALL_SCRIPT" != "false" ]; then
if [ ! -f "/.runnedInstall" ]; then
echo "* RUNNING INSTALL SCRIPT" echo "* RUNNING INSTALL SCRIPT"
sepurator sepurator
sh "$RUN_INSTALL_SCRIPT" sh "$RUN_INSTALL_SCRIPT"
sepurator sepurator
touch "/.runnedInstall" touch "/.runnedInstall"
fi fi
fi
} }
function run_prometheus_exporter { function create_folder_and_change_permissions {
if [ ! -d "$1" ]; then
mkdir -p "$1"
fi
chown -R "$USER":"$USER" "$1"
}
function run_prometheus_exporter() {
if [ "$RUN_PROMETHEUS_EXPORTER" != "false" ]; then if [ "$RUN_PROMETHEUS_EXPORTER" != "false" ]; then
create_folder_and_change_permissions "/var/log/" create_folder_and_change_permissions "/var/log/"
echo "* STARTING Prometheus Exporter for Borg Backup" echo "* STARTING Prometheus Exporter for Borg Backup"
crontab -l > /tmp/cron_bkp 2>/dev/null || true crontab -l > /tmp/cron_bkp
echo "" >> /tmp/cron_bkp echo "" >> /tmp/cron_bkp
echo "- Add Cronjob to Crontab" echo "- Add Cronjob to Crontab"
echo "$RUN_PROMETHEUS_EXPORTER su -c '/usr/local/bin/borg_exporter.sh 2>&1' -s /bin/bash borg" >> /tmp/cron_bkp echo "$RUN_PROMETHEUS_EXPORTER su -c '/usr/local/bin/borg_exporter.sh 2>&1' -s /bin/bash borg" >> /tmp/cron_bkp
crontab /tmp/cron_bkp >/dev/null 2>&1 crontab /tmp/cron_bkp > /dev/null 2>&1
rm /tmp/cron_bkp rm /tmp/cron_bkp
if [ ! -f "/var/log/borg_exporter.prom" ]; then if [ ! -f "/var/log/borg_exporter.prom" ]; then
@@ -172,22 +174,24 @@ function run_prometheus_exporter {
fi fi
echo "- STARTING Node Exporter" echo "- STARTING Node Exporter"
if command -v prometheus-node-exporter >/dev/null 2>&1; then sudo -H -u "$USER" bash -c "prometheus-node-exporter --collector.textfile.directory=$NODE_EXPORTER_DIR > /dev/null 2>&1 &"
sudo -H -u "$USER" bash -c "prometheus-node-exporter --collector.textfile.directory=$NODE_EXPORTER_DIR >/dev/null 2>&1 &"
elif command -v node_exporter >/dev/null 2>&1; then
sudo -H -u "$USER" bash -c "node_exporter --collector.textfile.directory=$NODE_EXPORTER_DIR >/dev/null 2>&1 &"
fi
if ! pgrep -x crond >/dev/null 2>&1; then
crond
fi
sepurator sepurator
fi fi
} }
###############################################################################
function run_correct_ssh_service() {
if [ -f "/etc/teleport.yaml" ]; then
echo "* STARTING Teleport Server"
exec teleport start -c /etc/teleport.yaml 2>&1
else
exec /usr/sbin/sshd -D -e "$@" 2>&1
fi;
}
#####################################################################################################
# Main Code # Main Code
############################################################################### #####################################################################################################
set_environment_variables_if_not_empty set_environment_variables_if_not_empty
dbus-uuidgen --ensure=/etc/machine-id
add_borg_user add_borg_user
print_container_info print_container_info
@@ -205,4 +209,5 @@ run_install_script
echo "* Init done! - Starting SSH-Daemon..." echo "* Init done! - Starting SSH-Daemon..."
sepurator sepurator
exec /usr/sbin/sshd -D -e "$@" 2>&1
run_correct_ssh_service
entrypoint-script/variables.sh
+3 -3
View File
@@ -3,11 +3,11 @@ BORG_VERSION=$(borg -V)
SSH_FOLDERS=( "/sshkeys/clients" "/sshkeys/host" ) SSH_FOLDERS=( "/sshkeys/clients" "/sshkeys/host" )
NODE_EXPORTER_DIR="/var/log" NODE_EXPORTER_DIR="/var/log"
COLUMNS="86" COLUMNS="86"
############################################################################### ##############################################################################################################################
# Funktionen # Funktionen
############################################################################### ##############################################################################################################################
function sepurator { function sepurator {
if [ -n "${2:-}" ]; then if [ ! -z "$2" ]; then
local end="$2" local end="$2"
else else
local end="$COLUMNS" local end="$COLUMNS"
package/teleport-bin
Submodule
+1
Submodule package/teleport-bin added at a840ba5f13
sshd_config
-34
View File
@@ -1,34 +0,0 @@
Port 22
Protocol 2
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::
HostKey /sshkeys/host/ssh_host_rsa_key
HostKey /sshkeys/host/ssh_host_ecdsa_key
HostKey /sshkeys/host/ssh_host_ed25519_key
PermitRootLogin no
PasswordAuthentication no
KbdInteractiveAuthentication no
ChallengeResponseAuthentication no
PubkeyAuthentication yes
AuthenticationMethods publickey
PermitEmptyPasswords no
AuthorizedKeysFile .ssh/authorized_keys
StrictModes yes
AllowUsers borg
AllowAgentForwarding no
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
PermitTTY yes
PermitTunnel no
TCPKeepAlive yes
ClientAliveInterval 300
ClientAliveCountMax 3
UseDNS no
PrintMotd no
Subsystem sftp internal-sftp