diff --git a/ct/alpine-borgbackup-server.sh b/ct/alpine-borgbackup-server.sh new file mode 100644 index 000000000..a80da22f0 --- /dev/null +++ b/ct/alpine-borgbackup-server.sh @@ -0,0 +1,106 @@ +#!/usr/bin/env bash +source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/build.func) +# Copyright (c) 2021-2026 community-scripts ORG +# Author: Sander Koenders (sanderkoenders) +# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE +# Source: https://www.borgbackup.org/ + +APP="Alpine-BorgBackup-Server" +var_tags="${var_tags:-alpine;backup}" +var_cpu="${var_cpu:-2}" +var_ram="${var_ram:-1024}" +var_disk="${var_disk:-20}" +var_os="${var_os:-alpine}" +var_version="${var_version:-3.23}" +var_unprivileged="${var_unprivileged:-1}" + +header_info "$APP" +variables +color +catch_errors + +function update_script() { + header_info + + if [[ ! -f /usr/bin/borg ]]; then + msg_error "No ${APP} Installation Found!" + exit + fi + + CHOICE=$(msg_menu "BorgBackup Server Update Options" \ + "1" "Update BorgBackup Server" \ + "2" "Reset SSH Access" \ + "3" "Enable password authentication for backup user (not recommended, use SSH key instead)" \ + "4" "Disable password authentication for backup user (recommended for security, use SSH key)") + + case $CHOICE in + 1) + msg_info "Updating $APP LXC" + $STD apk -U upgrade + msg_ok "Updated $APP LXC successfully!" + ;; + 2) + if [[ "${PHS_SILENT:-0}" == "1" ]]; then + msg_warn "Reset SSH Public key requires interactive mode, skipping." + exit + fi + + msg_info "Setting up SSH Public Key for backup user" + + msg_info "Please paste your SSH public key (e.g., ssh-rsa AAAAB3... user@host): \n" + read -p "Key: " SSH_PUBLIC_KEY + echo + + if [[ -z "$SSH_PUBLIC_KEY" ]]; then + msg_error "No SSH public key provided!" + exit 1 + fi + + if [[ ! "$SSH_PUBLIC_KEY" =~ ^(ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-) ]]; then + msg_error "Invalid SSH public key format!" + exit 1 + fi + + msg_info "Setting up SSH access" + mkdir -p /home/backup/.ssh + echo "$SSH_PUBLIC_KEY" > /home/backup/.ssh/authorized_keys + + chown -R backup:backup /home/backup/.ssh + chmod 700 /home/backup/.ssh + chmod 600 /home/backup/.ssh/authorized_keys + + msg_ok "SSH access configured for backup user" + ;; + 3) + if [[ "${PHS_SILENT:-0}" == "1" ]]; then + msg_warn "Enabling password authentication requires interactive mode, skipping." + exit + fi + + msg_info "Enabling password authentication for backup user" + msg_warn "Password authentication is less secure than using SSH keys. Consider using SSH keys instead." + passwd backup + sed -i 's/^#*\s*PasswordAuthentication\s\+\(yes\|no\)/PasswordAuthentication yes/' /etc/ssh/sshd_config + rc-service sshd restart + msg_ok "Password authentication enabled for backup user" + ;; + 4) + msg_info "Disabling password authentication for backup user" + sed -i 's/^#*\s*PasswordAuthentication\s\+\(yes\|no\)/PasswordAuthentication no/' /etc/ssh/sshd_config + rc-service sshd restart + msg_ok "Password authentication disabled for backup user" + ;; + esac + + exit 0 +} + +start +build_container +description + +msg_ok "Completed successfully!\n" +echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" +echo -e "${INFO}${YW}Connection information:${CL}" +echo -e "${TAB}${GATEWAY}${BGN}ssh backup@${IP}${CL}" +echo -e "${TAB}${VERIFYPW}${YW}To set SSH key, run this script with the 'update' option and select option 2${CL}" diff --git a/frontend/public/json/alpine-borgbackup-server.json b/frontend/public/json/alpine-borgbackup-server.json new file mode 100644 index 000000000..5394e07b9 --- /dev/null +++ b/frontend/public/json/alpine-borgbackup-server.json @@ -0,0 +1,44 @@ +{ + "name": "Alpine-BorgBackup-Server", + "slug": "alpine-borgbackup-server", + "categories": [ + 7 + ], + "date_created": "2026-02-16", + "type": "ct", + "updateable": true, + "privileged": false, + "interface_port": null, + "documentation": "https://www.borgbackup.org/", + "website": "https://www.borgbackup.org/", + "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/borg.webp", + "config_path": "", + "description": "Alpine-BorgBackup-Server is a lightweight containerized backup server based on Alpine Linux and BorgBackup. It provides a secure and efficient way to manage your backups with minimal resource usage, making it ideal for Proxmox VE environments.", + "install_methods": [ + { + "type": "default", + "script": "ct/alpine-borgbackup-server.sh", + "resources": { + "cpu": 2, + "ram": 1024, + "hdd": 20, + "os": "alpine", + "version": "3.23" + } + } + ], + "default_credentials": { + "username": null, + "password": null + }, + "notes": [ + { + "type": "info", + "content": "After installation, use the 'update' option in the script to configure SSH access and/or password authentication." + }, + { + "type": "info", + "content": "Refer to the official BorgBackup documentation for setup and usage instructions." + } + ] +} diff --git a/install/alpine-borgbackup-server-install.sh b/install/alpine-borgbackup-server-install.sh new file mode 100644 index 000000000..a76b92ff5 --- /dev/null +++ b/install/alpine-borgbackup-server-install.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2026 community-scripts ORG +# Author: Sander Koenders (sanderkoenders) +# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE +# Source: https://www.borgbackup.org/ + +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing BorgBackup" +$STD apk add --no-cache borgbackup openssh +$STD rc-update add sshd +$STD rc-service sshd start +msg_ok "Installed BorgBackup" + +msg_info "Creating backup user" +$STD adduser -D -s /bin/bash -h /home/backup backup +$STD passwd -d backup +msg_ok "Created backup user" + +msg_info "Configure SSH, disabling password authentication and enabling public key authentication" +$STD sed -i -e 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config +$STD rc-service sshd restart +msg_ok "Configured SSH" + +motd_ssh +customize +cleanup_lxc