From b4a446d848d0f04e6eb75f9740274f745068b81b Mon Sep 17 00:00:00 2001
From: AnotherStranger <6563442+AnotherStranger@users.noreply.github.com>
Date: Fri, 5 May 2023 15:12:38 +0200
Subject: [PATCH] feat(docker): :sparkles: Allow mounting an authorized_keys
 file directly instead of using the environment variable.

As an alternative to the ENV-Var the Docker image now supports the mounting of an authorized_key file. Note that setting the environment variable WILL overwrite any mounted file.
---
 Dockerfile         |  3 +--
 README.md          | 22 ++++++++++++++++------
 docker-compose.yml |  1 +
 entrypoint.sh      | 19 ++++++++++---------
 4 files changed, 28 insertions(+), 17 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 76ff49d..86d00e8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -78,7 +78,6 @@ LABEL org.opencontainers.image.title="borg-server"
 ENV BORG_SERVE_ADDITIONAL_ARGS=""
 ENV BORG_UID=""
 ENV BORG_GID=""
-ENV BORG_AUTHORIZED_KEYS=""
 
 RUN set -x && \
     apk add --no-cache \
@@ -112,7 +111,7 @@ RUN set -x \
 && mkdir -p /var/lib/docker-borg/ssh \
 && mkdir -p /home/borg/backups
 
-VOLUME ["/home/borg/backups/", "/var/lib/docker-borg"]
+VOLUME ["/home/borg/backups/", "/var/lib/docker-borg", "/home/borg/.ssh/authorized_keys"]
 
 COPY ./entrypoint.sh /
 
diff --git a/README.md b/README.md
index ed82e6d..f0e800f 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,7 @@ services:
     volumes:
       - backup:/home/borg/backups # You can find your backups inside this volume
       - server_keys:/var/lib/docker-borg # This volume is used to persist the hosts ssh-keys across updates
+      # - <path to authorized_keys file>:/home/borg/.ssh/authorized_keys <- Alternative to BORG_AUTHORIZED_KEYS
     ports:
       - "8022:22"
 
@@ -47,15 +48,24 @@ volumes:
 ```
 <!-- markdownlint-enable -->
 
+### Volumes
+
+<!-- markdownlint-disable -->
+| Path                              | Description                                                                              |
+| --------------------------------- | ---------------------------------------------------------------------------------------- |
+| `/home/borg/backups`              | All backups will be in this volume                                                       |
+| `/var/lib/docker-borg`            | This volume persists the hosts ssh-keys across updates                                   |
+| `/home/borg/.ssh/authorized_keys` | As an alternative to the variable `BORG_AUTHORIZED_KEYS` you can mount the file directly |
+<!-- markdownlint-enable -->
 ### Environment variables
 
 <!-- markdownlint-disable -->
-| Variable                    | Description                            | Example                |
-|-----------------------------|----------------------------------------|------------------------|
-| `BORG_AUTHORIZED_KEYS`      | Public ssh keys for backups. Required. | `<key-one>\n<key-two>` |
-| `BORG_UID`                  | UID for the backup user.               | `1000`                 |
-| `BORG_GID`                  | GID for the backup user.               | `1000`                 |
-| `BORG_SERVE_ADDITIONAL_ARGS`| Additional CMD args to borg serve      | `--append-only`        |
+| Variable                     | Description                            | Example                |
+| ---------------------------- | -------------------------------------- | ---------------------- |
+| `BORG_AUTHORIZED_KEYS`       | Public ssh keys for backups. Required. | `<key-one>\n<key-two>` |
+| `BORG_UID`                   | UID for the backup user.               | `1000`                 |
+| `BORG_GID`                   | GID for the backup user.               | `1000`                 |
+| `BORG_SERVE_ADDITIONAL_ARGS` | Additional CMD args to borg serve      | `--append-only`        |
 <!-- markdownlint-enable -->
 
 ### Important Notes
diff --git a/docker-compose.yml b/docker-compose.yml
index 7cabbc4..b531815 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -16,6 +16,7 @@ services:
     volumes:
       - backup:/home/borg/backups
       - server_keys:/var/lib/docker-borg
+      # - <path to authorized_keys file>:/home/borg/.ssh/authorized_keys <- Alternative to BORG_AUTHORIZED_KEYS
     ports:
       - "8022:22"
 
diff --git a/entrypoint.sh b/entrypoint.sh
index 445cca2..0162b75 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -33,18 +33,19 @@ if [ -n "${BORG_GID}" ]; then
     usermod -g "${BORG_GID}" borg > /dev/null
 fi
 
+# if BORG_AUTHORIZED_KEYS is set substitute authorized_keys file
 if [ -n "${BORG_AUTHORIZED_KEYS+x}" ]; then
     echo -e "${BORG_AUTHORIZED_KEYS}" | sed  -e "s/^/command=\"borg serve ${BORG_SERVE_ADDITIONAL_ARGS} --restrict-to-path \/home\/borg\/backups\" /"  >/home/borg/.ssh/authorized_keys
-    chown borg:borg /home/borg/.ssh/authorized_keys
-    chmod og-rwx /home/borg/.ssh/authorized_keys
-
-    echo "################################################################################"
-    echo "#          PRINTING THE CONTENTS OF /HOME/BORG/.SSH/AUTHORIZED_KEYS:           #"
-    echo "################################################################################"
-    cat /home/borg/.ssh/authorized_keys
-    echo "end of /home/borg/.ssh/authorized_keys"
-    echo ""
 fi
+chown borg:borg /home/borg/.ssh/authorized_keys
+chmod og-rwx /home/borg/.ssh/authorized_keys
+
+echo "################################################################################"
+echo "#          PRINTING THE CONTENTS OF /HOME/BORG/.SSH/AUTHORIZED_KEYS:           #"
+echo "################################################################################"
+cat /home/borg/.ssh/authorized_keys
+echo "end of /home/borg/.ssh/authorized_keys"
+echo ""
 
 chown -R borg:borg /home/borg
 chown -R borg:borg /home/borg/.ssh