deblan-mirror/borgwarehouse
deblan-mirror/borgwarehouse
1
0
Fork 0
mirror of https://github.com/Ravinou/borgwarehouse synced 2024-06-04 06:52:30 +02:00
Code Issues Packages Projects Releases Wiki Activity
borgwarehouse/helpers/shells/createRepo.sh
Ravinou 1d1c4e01d6
fix: remove \n in end of the error msg
2023-09-10 15:06:23 +02:00

77 lines
2.5 KiB
Bash
Executable file
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env bash
# Shell created by Raven for BorgWarehouse.
# This shell takes 2 arguments : [SSH pub key] X [quota]
# Main steps are :
# - check if args are present
# - check the ssh pub key format
# - check if the ssh pub key is already present in authorized_keys
# - check if borgbackup package is install
# - generate a random repositoryName
# - add the SSH public key in the authorized_keys with borg restriction for repository and storage quota.
# This simple method prevents the user from connecting to the server with a shell in SSH.
# He can only use the borg command. Moreover, he will not be able to leave his repository or create a new one.
# It is similar to a jail and that is the goal.
# Limitation : all SSH pubkey are unique : https://github.com/borgbackup/borg/issues/7757
# Exit when any command fails
set -e
# Load .env if exists
if [[ -f .env ]]; then
source .env
fi
# Default value if .env not exists
: "${home:=/home/borgwarehouse}"
# Some variables
pool="${home}/repos"
authorized_keys="${home}/.ssh/authorized_keys"
# Check args
if [ "$1" == "" ] || [ "$2" == "" ];then
echo -n "This shell takes 2 arguments : SSH Public Key, Quota in Go [e.g. : 10] "
exit 1
fi
# Check if the SSH public key is a valid format
# This pattern validates SSH public keys for : rsa, ed25519, ed25519-sk
pattern='(ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29t|ssh-rsa AAAAB3NzaC1yc2)[0-9A-Za-z+/]+[=]{0,3}(\s.*)?'
if [[ ! "$1" =~ $pattern ]]
then
echo -n "Invalid public SSH KEY format. Provide a key in OpenSSH format (rsa, ed25519, ed25519-sk)"
exit 2
fi
# Check if SSH pub key is already present in authorized_keys
if grep -q "$1" "$authorized_keys"; then
echo -n "SSH pub key already present in authorized_keys"
exit 3
fi
# Check if borgbackup is installed
if ! [ -x "$(command -v borg)" ]; then
echo -n "You must install borgbackup package."
exit 4
fi
# Generation of a random for repositoryName
randRepositoryName () {
openssl rand -hex 4
}
repositoryName=$(randRepositoryName)
## Check if authorized_keys exists
if [ ! -f "${authorized_keys}" ];then
echo -n "${authorized_keys} must be present"
exit 5
fi
## Add ssh public key in authorized_keys with borg restriction for only 1 repository and storage quota
restricted_authkeys="command=\"cd ${pool};borg serve --restrict-to-path ${pool}/${repositoryName} --storage-quota $2G\",restrict $1"
echo "$restricted_authkeys" | tee -a "${authorized_keys}" >/dev/null
## Return the repositoryName
echo "${repositoryName}"
Reference in a new issue View git blame Copy permalink