From 65fc2dc320d8a52a2066d2a92f26859e27711fff Mon Sep 17 00:00:00 2001 From: Sander Koenders Date: Mon, 16 Feb 2026 11:01:20 +0100 Subject: [PATCH 1/5] Add borgbackup server Use alpine 3.23 --- ct/alpine-borgbackup-server.sh | 49 +++++++++++++++++++ .../public/json/alpine-borgbackup-server.json | 44 +++++++++++++++++ install/alpine-borgbackup-server-install.sh | 24 +++++++++ 3 files changed, 117 insertions(+) create mode 100644 ct/alpine-borgbackup-server.sh create mode 100644 frontend/public/json/alpine-borgbackup-server.json create mode 100644 install/alpine-borgbackup-server-install.sh diff --git a/ct/alpine-borgbackup-server.sh b/ct/alpine-borgbackup-server.sh new file mode 100644 index 000000000..02043fd6b --- /dev/null +++ b/ct/alpine-borgbackup-server.sh @@ -0,0 +1,49 @@ +#!/usr/bin/env bash +source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) +# Copyright (c) 2021-2026 community-scripts ORG +# Author: Sander Koenders (sanderkoenders) +# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE +# Source: https://www.borgbackup.org/ + +APP="Alpine-BorgBackup-Server" +var_tags="${var_tags:-alpine;backup}" # Max 2 tags, semicolon-separated +var_cpu="${var_cpu:-2}" # CPU cores: 1-4 typical +var_ram="${var_ram:-1024}" # RAM in MB: 512, 1024, 2048, etc. +var_disk="${var_disk:-20}" # Disk in GB: 6, 8, 10, 20 typical +var_os="${var_os:-alpine}" # OS: debian, ubuntu, alpine +var_version="${var_version:-3.23}" # OS Version: 13 (Debian), 24.04 (Ubuntu), 3.23 (Alpine) +var_unprivileged="${var_unprivileged:-1}" # 1=unprivileged (secure), 0=privileged (for Docker/Podman) + +header_info "$APP" # Display app name and setup header +variables # Initialize build.func variables +color # Load color variables for output +catch_errors # Enable error handling with automatic exit on failure + +function update_script() { + header_info + + if [[ ! -f /usr/bin/borg ]]; then + msg_error "No ${APP} Installation Found!" + exit + fi + + msg_info "Updating $APP LXC" + $STD apk -U upgrade + msg_ok "Updated $APP LXC" + + msg_ok "Updated successfully!" + exit 0 +} + +start +build_container +description + +# ============================================================================ +# COMPLETION MESSAGE +# ============================================================================ +msg_ok "Completed successfully!\n" +echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" +echo -e "${INFO}${YW}Connection information:${CL}" +echo -e "${TAB}${GATEWAY}${BGN}ssh backup@${IP}${CL}" +echo -e "${TAB}${VERIFYPW}${YW}To set SSH key, run this script with the 'update' option and select option 2${CL}" diff --git a/frontend/public/json/alpine-borgbackup-server.json b/frontend/public/json/alpine-borgbackup-server.json new file mode 100644 index 000000000..5394e07b9 --- /dev/null +++ b/frontend/public/json/alpine-borgbackup-server.json @@ -0,0 +1,44 @@ +{ + "name": "Alpine-BorgBackup-Server", + "slug": "alpine-borgbackup-server", + "categories": [ + 7 + ], + "date_created": "2026-02-16", + "type": "ct", + "updateable": true, + "privileged": false, + "interface_port": null, + "documentation": "https://www.borgbackup.org/", + "website": "https://www.borgbackup.org/", + "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/borg.webp", + "config_path": "", + "description": "Alpine-BorgBackup-Server is a lightweight containerized backup server based on Alpine Linux and BorgBackup. It provides a secure and efficient way to manage your backups with minimal resource usage, making it ideal for Proxmox VE environments.", + "install_methods": [ + { + "type": "default", + "script": "ct/alpine-borgbackup-server.sh", + "resources": { + "cpu": 2, + "ram": 1024, + "hdd": 20, + "os": "alpine", + "version": "3.23" + } + } + ], + "default_credentials": { + "username": null, + "password": null + }, + "notes": [ + { + "type": "info", + "content": "After installation, use the 'update' option in the script to configure SSH access and/or password authentication." + }, + { + "type": "info", + "content": "Refer to the official BorgBackup documentation for setup and usage instructions." + } + ] +} diff --git a/install/alpine-borgbackup-server-install.sh b/install/alpine-borgbackup-server-install.sh new file mode 100644 index 000000000..c07d80bfc --- /dev/null +++ b/install/alpine-borgbackup-server-install.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2026 community-scripts ORG +# Author: Sander Koenders (sanderkoenders) +# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE +# Source: https://www.borgbackup.org/ + +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing BorgBackup" +$STD apk add --no-cache borgbackup openssh +$STD rc-update add sshd +$STD rc-service sshd start +msg_ok "Installed BorgBackup" + +motd_ssh +customize +cleanup_lxc From 0042f61d04a5e6623108fcc37be4413709d833b6 Mon Sep 17 00:00:00 2001 From: Sander Koenders Date: Mon, 16 Feb 2026 19:05:44 +0100 Subject: [PATCH 2/5] Add backup user Also provide a way to set the ssh public key for the backup user --- ct/alpine-borgbackup-server.sh | 54 +++++++++++++++++++-- install/alpine-borgbackup-server-install.sh | 10 ++++ 2 files changed, 59 insertions(+), 5 deletions(-) diff --git a/ct/alpine-borgbackup-server.sh b/ct/alpine-borgbackup-server.sh index 02043fd6b..b293a8340 100644 --- a/ct/alpine-borgbackup-server.sh +++ b/ct/alpine-borgbackup-server.sh @@ -21,17 +21,61 @@ catch_errors # Enable error handling with automatic exit on failure function update_script() { header_info - + if [[ ! -f /usr/bin/borg ]]; then msg_error "No ${APP} Installation Found!" exit fi - msg_info "Updating $APP LXC" - $STD apk -U upgrade - msg_ok "Updated $APP LXC" + CHOICE=$(msg_menu "BorgBackup Server Update Options" \ + "1" "Update BorgBackup Server" \ + "2" "Reset SSH Access") - msg_ok "Updated successfully!" + case $CHOICE in + 1) + msg_info "Updating $APP LXC" + $STD apk -U upgrade + msg_ok "Updated $APP LXC successfully!" + ;; + 2) + if [[ "${PHS_SILENT:-0}" == "1" ]]; then + msg_warn "Reset SSH Public key requires interactive mode, skipping." + exit + fi + + msg_info "Setting up SSH Public Key for backup user" + + # Get SSH public key from user + msg_info "Please paste your SSH public key (e.g., ssh-rsa AAAAB3... user@host):" + read -r SSH_PUBLIC_KEY + + if [[ -z "$SSH_PUBLIC_KEY" ]]; then + msg_error "No SSH public key provided!" + exit 1 + fi + + # Validate that it looks like an SSH public key + if [[ ! "$SSH_PUBLIC_KEY" =~ ^(ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-) ]]; then + msg_error "Invalid SSH public key format!" + exit 1 + fi + + # Set up SSH directory and authorized_keys file + msg_info "Setting up SSH access" + mkdir -p /home/backup/.ssh + echo "$SSH_PUBLIC_KEY" > /home/backup/.ssh/authorized_keys + + # Set correct permissions + chown -R backup:backup /home/backup/.ssh + chmod 700 /home/backup/.ssh + chmod 600 /home/backup/.ssh/authorized_keys + + msg_ok "SSH access configured for backup user" + msg_info "SSH access details:" + msg_info "Connection: ssh backup@${IP}" + ;; + esac + exit 0 } diff --git a/install/alpine-borgbackup-server-install.sh b/install/alpine-borgbackup-server-install.sh index c07d80bfc..a76b92ff5 100644 --- a/install/alpine-borgbackup-server-install.sh +++ b/install/alpine-borgbackup-server-install.sh @@ -19,6 +19,16 @@ $STD rc-update add sshd $STD rc-service sshd start msg_ok "Installed BorgBackup" +msg_info "Creating backup user" +$STD adduser -D -s /bin/bash -h /home/backup backup +$STD passwd -d backup +msg_ok "Created backup user" + +msg_info "Configure SSH, disabling password authentication and enabling public key authentication" +$STD sed -i -e 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config +$STD rc-service sshd restart +msg_ok "Configured SSH" + motd_ssh customize cleanup_lxc From d2ca6fb86158b3856dac239c32d19824f3be8a78 Mon Sep 17 00:00:00 2001 From: Sander Koenders Date: Mon, 16 Feb 2026 18:00:34 +0100 Subject: [PATCH 3/5] Add options to enable and disable password authentication Using password auth is not recommended, but it can be useful for testing or in environments where public key authentication is not feasible. This commit adds options to enable and disable password authentication in the SSH configuration. --- ct/alpine-borgbackup-server.sh | 50 ++++++++++++++++++++++++---------- 1 file changed, 35 insertions(+), 15 deletions(-) diff --git a/ct/alpine-borgbackup-server.sh b/ct/alpine-borgbackup-server.sh index b293a8340..a1fe28a44 100644 --- a/ct/alpine-borgbackup-server.sh +++ b/ct/alpine-borgbackup-server.sh @@ -21,7 +21,7 @@ catch_errors # Enable error handling with automatic exit on failure function update_script() { header_info - + if [[ ! -f /usr/bin/borg ]]; then msg_error "No ${APP} Installation Found!" exit @@ -29,10 +29,12 @@ function update_script() { CHOICE=$(msg_menu "BorgBackup Server Update Options" \ "1" "Update BorgBackup Server" \ - "2" "Reset SSH Access") + "2" "Reset SSH Access" \ + "3" "Enable password authentication for backup user (not recommended, use SSH key instead)" \ + "4" "Disable password authentication for backup user (recommended for security, use SSH key)") case $CHOICE in - 1) + 1) msg_info "Updating $APP LXC" $STD apk -U upgrade msg_ok "Updated $APP LXC successfully!" @@ -42,40 +44,58 @@ function update_script() { msg_warn "Reset SSH Public key requires interactive mode, skipping." exit fi - + msg_info "Setting up SSH Public Key for backup user" - + # Get SSH public key from user - msg_info "Please paste your SSH public key (e.g., ssh-rsa AAAAB3... user@host):" - read -r SSH_PUBLIC_KEY - + msg_info "Please paste your SSH public key (e.g., ssh-rsa AAAAB3... user@host): \n" + read -p "Key: " SSH_PUBLIC_KEY + echo + if [[ -z "$SSH_PUBLIC_KEY" ]]; then msg_error "No SSH public key provided!" exit 1 fi - + # Validate that it looks like an SSH public key if [[ ! "$SSH_PUBLIC_KEY" =~ ^(ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-) ]]; then msg_error "Invalid SSH public key format!" exit 1 fi - + # Set up SSH directory and authorized_keys file msg_info "Setting up SSH access" mkdir -p /home/backup/.ssh echo "$SSH_PUBLIC_KEY" > /home/backup/.ssh/authorized_keys - + # Set correct permissions chown -R backup:backup /home/backup/.ssh chmod 700 /home/backup/.ssh chmod 600 /home/backup/.ssh/authorized_keys - + msg_ok "SSH access configured for backup user" - msg_info "SSH access details:" - msg_info "Connection: ssh backup@${IP}" + ;; + 3) + if [[ "${PHS_SILENT:-0}" == "1" ]]; then + msg_warn "Enabling password authentication requires interactive mode, skipping." + exit + fi + + msg_info "Enabling password authentication for backup user" + msg_warn "Password authentication is less secure than using SSH keys. Consider using SSH keys instead." + passwd backup + sed -i 's/^#*\s*PasswordAuthentication\s\+\(yes\|no\)/PasswordAuthentication yes/' /etc/ssh/sshd_config + rc-service sshd restart + msg_ok "Password authentication enabled for backup user" + ;; + 4) + msg_info "Disabling password authentication for backup user" + sed -i 's/^#*\s*PasswordAuthentication\s\+\(yes\|no\)/PasswordAuthentication no/' /etc/ssh/sshd_config + rc-service sshd restart + msg_ok "Password authentication disabled for backup user" ;; esac - + exit 0 } From 2d12d6ab449cfa88ff70b152caa8afad377511e0 Mon Sep 17 00:00:00 2001 From: Sander Koenders Date: Mon, 16 Feb 2026 19:40:18 +0100 Subject: [PATCH 4/5] Use ProxmoxVED build.func temporarily --- ct/alpine-borgbackup-server.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ct/alpine-borgbackup-server.sh b/ct/alpine-borgbackup-server.sh index a1fe28a44..43daac264 100644 --- a/ct/alpine-borgbackup-server.sh +++ b/ct/alpine-borgbackup-server.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) +source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/build.func) # Copyright (c) 2021-2026 community-scripts ORG # Author: Sander Koenders (sanderkoenders) # License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE From 8c06b6d73ee25bfea39fa091bc5423d0fea6525a Mon Sep 17 00:00:00 2001 From: Sander Koenders Date: Tue, 17 Feb 2026 09:02:39 +0100 Subject: [PATCH 5/5] Remove comments from alpine-borgbackup-server --- ct/alpine-borgbackup-server.sh | 29 +++++++++++------------------ 1 file changed, 11 insertions(+), 18 deletions(-) diff --git a/ct/alpine-borgbackup-server.sh b/ct/alpine-borgbackup-server.sh index 43daac264..a80da22f0 100644 --- a/ct/alpine-borgbackup-server.sh +++ b/ct/alpine-borgbackup-server.sh @@ -6,18 +6,18 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV # Source: https://www.borgbackup.org/ APP="Alpine-BorgBackup-Server" -var_tags="${var_tags:-alpine;backup}" # Max 2 tags, semicolon-separated -var_cpu="${var_cpu:-2}" # CPU cores: 1-4 typical -var_ram="${var_ram:-1024}" # RAM in MB: 512, 1024, 2048, etc. -var_disk="${var_disk:-20}" # Disk in GB: 6, 8, 10, 20 typical -var_os="${var_os:-alpine}" # OS: debian, ubuntu, alpine -var_version="${var_version:-3.23}" # OS Version: 13 (Debian), 24.04 (Ubuntu), 3.23 (Alpine) -var_unprivileged="${var_unprivileged:-1}" # 1=unprivileged (secure), 0=privileged (for Docker/Podman) +var_tags="${var_tags:-alpine;backup}" +var_cpu="${var_cpu:-2}" +var_ram="${var_ram:-1024}" +var_disk="${var_disk:-20}" +var_os="${var_os:-alpine}" +var_version="${var_version:-3.23}" +var_unprivileged="${var_unprivileged:-1}" -header_info "$APP" # Display app name and setup header -variables # Initialize build.func variables -color # Load color variables for output -catch_errors # Enable error handling with automatic exit on failure +header_info "$APP" +variables +color +catch_errors function update_script() { header_info @@ -47,7 +47,6 @@ function update_script() { msg_info "Setting up SSH Public Key for backup user" - # Get SSH public key from user msg_info "Please paste your SSH public key (e.g., ssh-rsa AAAAB3... user@host): \n" read -p "Key: " SSH_PUBLIC_KEY echo @@ -57,18 +56,15 @@ function update_script() { exit 1 fi - # Validate that it looks like an SSH public key if [[ ! "$SSH_PUBLIC_KEY" =~ ^(ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-) ]]; then msg_error "Invalid SSH public key format!" exit 1 fi - # Set up SSH directory and authorized_keys file msg_info "Setting up SSH access" mkdir -p /home/backup/.ssh echo "$SSH_PUBLIC_KEY" > /home/backup/.ssh/authorized_keys - # Set correct permissions chown -R backup:backup /home/backup/.ssh chmod 700 /home/backup/.ssh chmod 600 /home/backup/.ssh/authorized_keys @@ -103,9 +99,6 @@ start build_container description -# ============================================================================ -# COMPLETION MESSAGE -# ============================================================================ msg_ok "Completed successfully!\n" echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" echo -e "${INFO}${YW}Connection information:${CL}"