Add backup user

Also provide a way to set the ssh public key for the backup user
2026-02-16 19:05:44 +01:00 · 2026-02-16 19:05:44 +01:00 · 0042f61d04
commit 0042f61d04
parent 65fc2dc320
2 changed files with 59 additions and 5 deletions
--- a/ct/alpine-borgbackup-server.sh
+++ b/ct/alpine-borgbackup-server.sh
@ -27,11 +27,55 @@ function update_script() {
    exit
  fi

+  CHOICE=$(msg_menu "BorgBackup Server Update Options" \
+    "1" "Update BorgBackup Server" \
+    "2" "Reset SSH Access")
+
+  case $CHOICE in
+  1)    
    msg_info "Updating $APP LXC"
    $STD apk -U upgrade
-  msg_ok "Updated $APP LXC"
+    msg_ok "Updated $APP LXC successfully!"
+    ;;
+  2)
+    if [[ "${PHS_SILENT:-0}" == "1" ]]; then
+      msg_warn "Reset SSH Public key requires interactive mode, skipping."
+      exit
+    fi
+    
+    msg_info "Setting up SSH Public Key for backup user"
+    
+    # Get SSH public key from user
+    msg_info "Please paste your SSH public key (e.g., ssh-rsa AAAAB3... user@host):"
+    read -r SSH_PUBLIC_KEY
+    
+    if [[ -z "$SSH_PUBLIC_KEY" ]]; then
+      msg_error "No SSH public key provided!"
+      exit 1
+    fi
+    
+    # Validate that it looks like an SSH public key
+    if [[ ! "$SSH_PUBLIC_KEY" =~ ^(ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-) ]]; then
+      msg_error "Invalid SSH public key format!"
+      exit 1
+    fi
+    
+    # Set up SSH directory and authorized_keys file
+    msg_info "Setting up SSH access"
+    mkdir -p /home/backup/.ssh
+    echo "$SSH_PUBLIC_KEY" > /home/backup/.ssh/authorized_keys
+    
+    # Set correct permissions
+    chown -R backup:backup /home/backup/.ssh
+    chmod 700 /home/backup/.ssh
+    chmod 600 /home/backup/.ssh/authorized_keys
+    
+    msg_ok "SSH access configured for backup user"
+    msg_info "SSH access details:"
+    msg_info "Connection: ssh backup@${IP}"
+    ;;
+  esac
  
-  msg_ok "Updated successfully!"
  exit 0
 }

--- a/install/alpine-borgbackup-server-install.sh
+++ b/install/alpine-borgbackup-server-install.sh
@ -19,6 +19,16 @@ $STD rc-update add sshd
 $STD rc-service sshd start
 msg_ok "Installed BorgBackup"

+msg_info "Creating backup user"
+$STD adduser -D -s /bin/bash -h /home/backup backup
+$STD passwd -d backup
+msg_ok "Created backup user"
+
+msg_info "Configure SSH, disabling password authentication and enabling public key authentication"
+$STD sed -i -e 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
+$STD rc-service sshd restart
+msg_ok "Configured SSH"
+
 motd_ssh
 customize
 cleanup_lxc