This is a simple container serving borg-backup. Requires very little configuration. Supports multiple users.
Clone the repo.
cd /opt
sudo git clone https://github.com/yvolchkov/docker-borgbackup.git
cd docker-borgbackup/
For configuration, create file .env
in the root of the docker-borgbackup
folder with the following contents:
USERS=foo:2000 bar:2001 baz:2002
HOST_DATA=/data
Where:
USERS
contains all the users you want to serve in formatUSER_NAME:UID
. It is recommended to give every user a separate account. One user can have multiple repositories. For details see Borg's documentation. UID can be arbitrary. For example, you can grant one of the users the same UID number as your user on the host machine (typically 1000) so you will be able tols
data withoutsudo
(not much of use though).HOST_DATA
path to the storage folder on the host machine. User backups will be stored here. In the container, this will be mapped into/data
, and each user will get a folder/data/<user_name>
.
Now you need to create authorized_keys
files for each of the users with proper ownership and permissions (sshd is quite picky). To simplify this step a script configure.sh
is shipped with this repo. It parses your .env
file and creates corresponding authorized_keys
for you. You would have to fill them manually, (follow the Borg's documentation).
So, run the configure:
sudo ./configure.sh
And then, for each user edit the authorized_keys
:
nano conf/<user_name>/authorized_keys
and add one or more line like:
command="borg serve --restrict-to-repository /data/<user_name>/repository",restrict
<key type> <key> <key host>
Also for testing purposes, it is a good idea to add your key without restrictions (do not forget to remove it later!)
Permissions and ownership for $HOST_DATA
subdirectories have to match to users as well, but it is a bit risky to delegate this task to a shady script (because this $HOST_DATA can potentially point anywhere in your system). However as the last step /.configure.sh
provides you some guidance in form of the actual commands lines you would need to copy paste (after a very thorough review; the author(s) of the script are not responsible for any potential data loss).
Now you are ready to go. Run your container:
cd /opt/docker-borgbackup
sudo docker-compose pull
sudo docker-compose up -d
The link for your borg account will be something like this:
ssh://foo@your_server_fqdn_or_ip:8265/data/foo/home_backup
Just run:
cd /opt/docker-borgbackup
sudo docker-compose pull
sudo docker-compose up -d --force-recreate
You need to edit your .env
file acordingly. And run:
cd /opt/docker-borgbackup
sudo cp -ra conf conf_backup
sudo ./configure.sh
# create data folder for the new user (you can follow hints from the configure.sh)
sudo docker-compose up -d --force-recreate
Do not forget to edit authorized_keys
as well.
Just edit conf/<user_name>/authorized_keys
, and add corresponding key. Container will see it immidiatelly. No restarts needed.