feat(docker): ✨ Allow mounting an authorized_keys file directly inste…

…ad of using the environment variable.

As an alternative to the ENV-Var the Docker image now supports the mounting of an authorized_key file. Note that setting the environment variable WILL overwrite any mounted file.

Dockerfile

@@ -78,7 +78,6 @@ LABEL org.opencontainers.image.title="borg-server"
 ENV BORG_SERVE_ADDITIONAL_ARGS=""
 ENV BORG_UID=""
 ENV BORG_GID=""
-ENV BORG_AUTHORIZED_KEYS=""
 
 RUN set -x && \
     apk add --no-cache \
@@ -112,7 +111,7 @@ RUN set -x \
 && mkdir -p /var/lib/docker-borg/ssh \
 && mkdir -p /home/borg/backups
 
-VOLUME ["/home/borg/backups/", "/var/lib/docker-borg"]
+VOLUME ["/home/borg/backups/", "/var/lib/docker-borg", "/home/borg/.ssh/authorized_keys"]
 
 COPY ./entrypoint.sh /
 

README.md

@@ -38,6 +38,7 @@ services:
     volumes:
       - backup:/home/borg/backups # You can find your backups inside this volume
       - server_keys:/var/lib/docker-borg # This volume is used to persist the hosts ssh-keys across updates
+      # - <path to authorized_keys file>:/home/borg/.ssh/authorized_keys <- Alternative to BORG_AUTHORIZED_KEYS
     ports:
       - "8022:22"
 
@@ -47,15 +48,24 @@ volumes:
 ```
 <!-- markdownlint-enable -->
 
+### Volumes
+
+<!-- markdownlint-disable -->
+| Path                              | Description                                                                              |
+| --------------------------------- | ---------------------------------------------------------------------------------------- |
+| `/home/borg/backups`              | All backups will be in this volume                                                       |
+| `/var/lib/docker-borg`            | This volume persists the hosts ssh-keys across updates                                   |
+| `/home/borg/.ssh/authorized_keys` | As an alternative to the variable `BORG_AUTHORIZED_KEYS` you can mount the file directly |
+<!-- markdownlint-enable -->
 ### Environment variables
 
 <!-- markdownlint-disable -->
-| Variable                    | Description                            | Example                |
-|-----------------------------|----------------------------------------|------------------------|
-| `BORG_AUTHORIZED_KEYS`      | Public ssh keys for backups. Required. | `<key-one>\n<key-two>` |
-| `BORG_UID`                  | UID for the backup user.               | `1000`                 |
-| `BORG_GID`                  | GID for the backup user.               | `1000`                 |
-| `BORG_SERVE_ADDITIONAL_ARGS`| Additional CMD args to borg serve      | `--append-only`        |
+| Variable                     | Description                            | Example                |
+| ---------------------------- | -------------------------------------- | ---------------------- |
+| `BORG_AUTHORIZED_KEYS`       | Public ssh keys for backups. Required. | `<key-one>\n<key-two>` |
+| `BORG_UID`                   | UID for the backup user.               | `1000`                 |
+| `BORG_GID`                   | GID for the backup user.               | `1000`                 |
+| `BORG_SERVE_ADDITIONAL_ARGS` | Additional CMD args to borg serve      | `--append-only`        |
 <!-- markdownlint-enable -->
 
 ### Important Notes

docker-compose.yml

@@ -16,6 +16,7 @@ services:
     volumes:
       - backup:/home/borg/backups
       - server_keys:/var/lib/docker-borg
+      # - <path to authorized_keys file>:/home/borg/.ssh/authorized_keys <- Alternative to BORG_AUTHORIZED_KEYS
     ports:
       - "8022:22"
 

entrypoint.sh

@@ -33,18 +33,19 @@ if [ -n "${BORG_GID}" ]; then
     usermod -g "${BORG_GID}" borg > /dev/null
 fi
 
+# if BORG_AUTHORIZED_KEYS is set substitute authorized_keys file
 if [ -n "${BORG_AUTHORIZED_KEYS+x}" ]; then
     echo -e "${BORG_AUTHORIZED_KEYS}" | sed  -e "s/^/command=\"borg serve ${BORG_SERVE_ADDITIONAL_ARGS} --restrict-to-path \/home\/borg\/backups\" /"  >/home/borg/.ssh/authorized_keys
-    chown borg:borg /home/borg/.ssh/authorized_keys
-    chmod og-rwx /home/borg/.ssh/authorized_keys
-
-    echo "################################################################################"
-    echo "#          PRINTING THE CONTENTS OF /HOME/BORG/.SSH/AUTHORIZED_KEYS:           #"
-    echo "################################################################################"
-    cat /home/borg/.ssh/authorized_keys
-    echo "end of /home/borg/.ssh/authorized_keys"
-    echo ""
 fi
+chown borg:borg /home/borg/.ssh/authorized_keys
+chmod og-rwx /home/borg/.ssh/authorized_keys
+
+echo "################################################################################"
+echo "#          PRINTING THE CONTENTS OF /HOME/BORG/.SSH/AUTHORIZED_KEYS:           #"
+echo "################################################################################"
+cat /home/borg/.ssh/authorized_keys
+echo "end of /home/borg/.ssh/authorized_keys"
+echo ""
 
 chown -R borg:borg /home/borg
 chown -R borg:borg /home/borg/.ssh