From 21ae5738c36101191cdd7b555c4a180672e173af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adam=20=C5=A0trauch?= <cx@initd.cz>
Date: Wed, 19 Nov 2025 23:54:03 +0100
Subject: [PATCH] Initial commit

---
 .forgejo/workflows/main.yml | 24 ++++++++++++++++++++++
 Dockerfile                  | 17 +++++++++++++++
 Taskfile.yml                | 18 ++++++++++++++++
 entrypoint.sh               | 41 +++++++++++++++++++++++++++++++++++++
 4 files changed, 100 insertions(+)
 create mode 100644 .forgejo/workflows/main.yml
 create mode 100644 Dockerfile
 create mode 100644 Taskfile.yml
 create mode 100644 entrypoint.sh

diff --git a/.forgejo/workflows/main.yml b/.forgejo/workflows/main.yml
new file mode 100644
index 0000000..717fc07
--- /dev/null
+++ b/.forgejo/workflows/main.yml
@@ -0,0 +1,24 @@
+name: Build a dev image
+
+on:
+  push:
+    branches: [ main ]
+  workflow_dispatch: {}
+  schedule:
+  - cron: "15 5 * * *"
+
+jobs:
+  build:
+    runs-on: [dev, amd64]
+    env:
+      IMAGE: gitea.ceperka.net/cx/borg-server
+      TAG: dev
+    steps:
+      - uses: actions/checkout@v4
+      - name: docker login
+        run: |
+          docker login gitea.ceperka.net -u "${{ secrets.REGISTRY_DEV_USERNAME }}" -p "${{ secrets.REGISTRY_DEV_PASSWORD }}"
+      - name: Build
+        run: task build IMAGE=$IMAGE TAG=$TAG
+      - name: Push
+        run: task push IMAGE=$IMAGE TAG=$TAG
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..a5c3e32
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,17 @@
+FROM alpine:3.22
+
+RUN apk add --no-cache borgbackup openssh
+
+COPY entrypoint.sh /entrypoint.sh
+
+RUN addgroup borg && \
+    adduser -D -h /srv -G borg borg && \
+    chmod +x /entrypoint.sh && \
+    sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/' /etc/ssh/sshd_config
+
+VOLUME /srv
+EXPOSE 22
+
+ENTRYPOINT ["/entrypoint.sh"]
+
+CMD ["borg", "--help"]
diff --git a/Taskfile.yml b/Taskfile.yml
new file mode 100644
index 0000000..7262f6b
--- /dev/null
+++ b/Taskfile.yml
@@ -0,0 +1,18 @@
+# https://taskfile.dev
+
+version: '3'
+
+vars:
+  IMAGE: gitea.ceperka.net/cx/borg-server
+  TAG: dev
+
+tasks:
+  build:
+    cmds:
+    - docker build -t {{ .IMAGE }}:{{ .TAG }} .
+  tag-latest:
+    cmds:
+    - docker tag {{ .IMAGE }}:{{ .TAG }} {{ .IMAGE }}:latest
+  push:
+    cmds:
+    - docker push {{ .IMAGE }}:{{ .TAG }}
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 0000000..1beffb7
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+if [ -z "$SSH_PASSWORD" -a -z "$SSH_PRIVATE_KEY" ]; then
+  echo "No SSH_PASSWORD or SSH_PRIVATE_KEY provided. Exiting."
+  exit 1
+fi
+
+echo "Setting up SSH configuration..."
+
+mkdir -p /srv/.ssh
+chmod 700 /srv/.ssh
+
+if [ -n "$SSH_PASSWORD" ]; then
+  echo "Setting up SSH password authentication..."
+  echo "borg:$SSH_PASSWORD" | chpasswd
+fi
+
+if [ -n "$SSH_PRIVATE_KEY" ]; then
+  echo "Setting up SSH private key authentication..."
+  echo "$SSH_PRIVATE_KEY" > /srv/.ssh/authorized_keys
+fi
+
+if [ -e /srv/.ssh-host-keys/ssh_host_ecdsa_key ]; then
+    for key in ssh_host_ecdsa_key ssh_host_rsa_key ssh_host_ed25519_key; do
+        if [ -e /srv/.ssh-host-keys/$key ]; then
+            cp /srv/.ssh-host-keys/$key /etc/ssh/
+            cp /srv/.ssh-host-keys/${key}.pub /etc/ssh/
+            chmod 600 /etc/ssh/$key
+            chmod 644 /etc/ssh/${key}.pub
+        fi
+    done
+fi
+
+if [ ! -e /etc/ssh/ssh_host_ecdsa_key ] ; then
+  ssh-keygen -A
+
+fi
+
+/usr/sbin/sshd -D -e