Open abate opened 4 years ago
hi, thanks for your contribution! :+1:
I wrote some for this some time ago, too. See: https://github.com/Nold360/docker-borgserver/tree/f_git_integration
But it just doesn't feel right to put so much complexity into a container, that should only do one job. I guess the most-containerish way would let a init-container pull the keys from git and feed the finalized authorized_keys into the borg-container.
But afaik docker-compose doesn't really support init-containers. But if the init-container never restarts, it would pull the git with every docker-compose up
. which doesn't sound too bad to me right now.. :thinking:
I see your commit does mostly what I've done. It's handy to store your ssh keys in a git repo.
This MR does not add much more complexity. The container still works as before. The only process running is still sshD
. The cronjob that runs periodically the update-ssh-keys.sh
should run on the host crontab (so keeping the one process per container philosophy) :
*/5 * * * * docker exec borgserver /usr/local/bin/update-ssh-keys.sh
basically this MR split the run.sh
script in 3 components to make possible to add the update-ssh-keys.sh
without code replication.
I used my C-Virus isolationtime today and tried to hack something together: https://github.com/Nold360/docker-borgserver/tree/f_init_container
I split the container up into a init and server part. Basically the init-container gets never restarted & does everything to setup the volumes incl. authorized_keys file.
The server container will sleep 5 seconds and then try to ping init
unitl the init-container is not reachable anymore... I changed quite a lot including some stuff like the server now runs fully as borg
-user now. The init-container still runs as root ofc.
Still needs a lot of cleanup, but it seems to work quite well right now.
The question is, which way do we want to go?
it seems you are adding even more complexity by splitting the init and runtime part in two containers. and duplicating a fair bit of code in the process ... not sure ...
Yea, that's true - but only because i had to work around the limitations of docker-compose. Otherwise we could move all the logic into the init-container. so kubernetes has to wait.
So for now it seems like a good idea to merge the git feature into another branch or something, so we can tag it like "borgserver:git" or whatever. question is how can we easily maintain the code for both? might be better to have everything in one place/branch then..
//Edit: How about this: https://github.com/Nold360/docker-borgserver/compare/f_git_2
this looks good to me ! ref: https://github.com/Nold360/docker-borgserver/compare/f_git_2 I'll test it a bit tomorrow.
This patch modularize run.sh, adding two new helper scripts and make it possible to specify a git repository for ssh keys via a new env variable
BORG_SSHKEYS_REPO
.the modularization add two new files :
env.sh
: define a few envriroment variablescreate-client-dirs.sh
: update and create user directories and re-create authorized_keysWe also add a new script
update-ssh-keys.sh
to be called regularly in a cron job to check if the git repository is up-to-date and eventually adding/removing users.