-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathhologram-borgbackup-receiver.pkg.toml
55 lines (48 loc) · 1.28 KB
/
hologram-borgbackup-receiver.pkg.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
[package]
name = "hologram-borgbackup-receiver"
version = "1.0.0"
description = "hologram: backup server using Borg"
requires = [
"borg",
"secrets", # this uses /usr/bin/replicator
]
[[group]]
name = "borgrecv"
system = true
[[user]]
name = "borgrecv"
system = true
comment = "Borg Backup Receiver"
group = "borgrecv"
home = "/var/lib/borgrecv"
[[action]]
on = "setup"
script = """
echo 'When adding a client, you must `borg init --encryption=repokey-blake2 /var/lib/borgrecv/repo/$CLIENT` manually.'
"""
[[directory]]
path = "/var/lib/borgrecv"
owner = "borgrecv"
group = "borgrecv"
mode = "0700"
[[directory]]
path = "/var/lib/borgrecv/.ssh"
owner = "borgrecv"
group = "borgrecv"
mode = "0700"
[[file]]
path = "/var/lib/borgrecv/.ssh/authorized_keys"
owner = "borgrecv"
group = "borgrecv"
mode = "0600"
content = '''
{{- range $hostname, $sshkey := .Vars.borgrecv.keys }}
command="borg serve --restrict-to-path /var/lib/borgrecv/repo/{{ $hostname }} --append-only",restrict {{ $sshkey }}
{{- end }}
{{- range .Vars.borgrecv.superkeys }}
command="borg serve --append-only",restrict {{ . }}
{{- end }}
'''
[[symlink]]
path = "/usr/share/holo/files/20-borgbackup-receiver/var/lib/borgrecv/.ssh/authorized_keys.holoscript"
target = "/usr/bin/replicator"