Split run.sh and add git retrival

[abate]

This patch modularize run.sh, adding two new helper scripts and
make it possible to specify a git repository for ssh keys via a
new env variable BORG_SSHKEYS_REPO.

the modularization add two new files :

• env.sh : define a few envriroment variables
• create-client-dirs.sh : update and create user directories and
  re-create authorized_keys

We also add a new script update-ssh-keys.sh to be called regularly
in a cron job to check if the git repository is up-to-date and
eventually adding/removing users.

[Nold360]

hi, thanks for your contribution! 👍

I wrote some for this some time ago, too. See: https://github.com/Nold360/docker-borgserver/tree/f_git_integration

But it just doesn't feel right to put so much complexity into a container, that should only do one job. I guess the most-containerish way would let a init-container pull the keys from git and feed the finalized authorized_keys into the borg-container.

But afaik docker-compose doesn't really support init-containers. But if the init-container never restarts, it would pull the git with every docker-compose up. which doesn't sound too bad to me right now.. 🤔

[abate]

I see your commit does mostly what I've done. It's handy to store your ssh keys in a git repo.

This MR does not add much more complexity. The container still works as before. The only process running is still sshD . The cronjob that runs periodically the update-ssh-keys.sh should run on the host crontab (so keeping the one process per container philosophy) :

*/5 * * * * docker exec borgserver /usr/local/bin/update-ssh-keys.sh

basically this MR split the run.sh script in 3 components to make possible to add the update-ssh-keys.sh without code replication.

[Nold360]

I used my C-Virus isolationtime today and tried to hack something together: https://github.com/Nold360/docker-borgserver/tree/f_init_container

I split the container up into a init and server part. Basically the init-container gets never restarted & does everything to setup the volumes incl. authorized_keys file.

The server container will sleep 5 seconds and then try to ping init unitl the init-container is not reachable anymore... I changed quite a lot including some stuff like the server now runs fully as borg-user now. The init-container still runs as root ofc.

Still needs a lot of cleanup, but it seems to work quite well right now.

The question is, which way do we want to go?

[abate]

it seems you are adding even more complexity by splitting the init and runtime part in two containers. and duplicating a fair bit of code in the process ... not sure ...

[Nold360]

Yea, that's true - but only because i had to work around the limitations of docker-compose. Otherwise we could move all the logic into the init-container. so kubernetes has to wait.

So for now it seems like a good idea to merge the git feature into another branch or something, so we can tag it like "borgserver:git" or whatever. question is how can we easily maintain the code for both? might be better to have everything in one place/branch then..

//Edit: How about this: https://github.com/Nold360/docker-borgserver/compare/f_git_2

[abate]

this looks good to me ! ref: https://github.com/Nold360/docker-borgserver/compare/f_git_2
I'll test it a bit tomorrow.