-
Notifications
You must be signed in to change notification settings - Fork 1
/
ssh-wrapper-server
executable file
·64 lines (56 loc) · 3.03 KB
/
ssh-wrapper-server
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/usr/bin/env bash
# Serve parameters
#BORGW_RESTRICT_PATH
#BORGW_RESTRICT_REPOSITORY
#BORGW_APPEND_ONLY
#BORGW_STORAGE_QUOTA
# Other
#BORGW_DRYRUN: set to 1 to only print commands
#SSH_ARGS: arguments passed to ssh (as single quoted arg actually)
#ssh port can be placed with '"host -p 22"' instead of 'host', which will be passed as multiple args (unlike $SSH_ARGS)
bbbs_user_name=borg
print_args_exec() {
# Allow to test space quoting
[ $(command -v python) ] && python -c "import sys; print(sys.argv[1:])" "$@" || echo "$@"
[ "$BORGW_DRYRUN" == "1" ] || "$@"
}
if [ "$(id --user --name)" != "$bbbs_user_name" -o $# -lt 6 ]; then
echo "$0 must be run as $bbbs_user_name"
echo "usage: sudo -u $bbbs_user_name [env vars] $0 [-s|--socket] local-listening-uds.sock remote-connecting-uds.sock target-wrapper host <borg command>"
echo "usage: sudo -u $bbbs_user_name [env vars] $0 [-t|--tcp] local-listening-port remote-connecting-port target-wrapper host <borg command>"
echo
echo "example: sudo -u $bbbs_user_name BORGW_RESTRICT_PATH=/path/to/repos $0 -s /tmp/local.sock /tmp/remote.sock /opt/bbbs/ssh-wrapper-client"\
"\"backuped-server -p 22\" sudo /opt/bbbs/bbbs-client create ssh://backup-server/./my-repo::{hostname}_{utcnow} paths to backup"
echo "example: sudo -u $bbbs_user_name SSH_ARGS=\"-o ProxyCommand=ssh -W %h:%p gateway-server -p 22\" BORGW_RESTRICT_REPOSITORY=/path/to/repos/repo"\
"$0 -t 12345 12345 /opt/bbbs/ssh-wrapper-client backuped-server sudo /opt/bbbs/bbbs-client"\
"create ssh://backup-server/./::{hostname}_{utcnow} paths to backup"
else
# Borg serv parameters
bbbs_opt_path=$(cd -P -- "$(dirname -- "$0")" && pwd -P)
serve_cmd="${bbbs_opt_path}/borg.bin serve --umask 077"
[ "$BORGW_APPEND_ONLY" == '1' -o "$BORGW_APPEND_ONLY" == 'y' -o "$BORGW_APPEND_ONLY" == 'yes' ] && serve_cmd="${serve_cmd} --append-only"
[ -n "$BORGW_STORAGE_QUOTA" ] && serve_cmd="${serve_cmd} --storage-quota ${BORGW_STORAGE_QUOTA}"
if [ -n "$BORGW_RESTRICT_REPOSITORY" ]; then
serve_cmd="${serve_cmd} --restrict-to-repository ${BORGW_RESTRICT_REPOSITORY}"
cd $BORGW_RESTRICT_REPOSITORY
elif [ -n "$BORGW_RESTRICT_PATH" ]; then
serve_cmd="${serve_cmd} --restrict-to-path ${BORGW_RESTRICT_PATH}"
cd $BORGW_RESTRICT_PATH
fi
# Start listener & launch on client
[ -z "$SSH_ARGS" ] && SSH_ARGS=-- # To avoid passing an empty argument
if [ "$1" == '-s' -o "$1" == '--socket' ]; then
print_args_exec socat UNIX-LISTEN:"$2" "EXEC:${serve_cmd}" &
socat_pid=$!
print_args_exec ssh -R "$2":"$3" $5 "$SSH_ARGS" export "BORG_RSH=\"$4 -s $3\"" "BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes" ";" "${@:6}"
[ "$BORGW_DRYRUN" == "1" ] || kill "$socat_pid" 2>/dev/null
elif [ "$1" == '-t' -o "$1" == '--tcp' ]; then
host=localhost
print_args_exec socat TCP-LISTEN:"$2" "EXEC:${serve_cmd}" &
socat_pid=$!
print_args_exec ssh -R "$2":"$host":"$3" $5 "$SSH_ARGS" export "BORG_RSH=\"$4 -t $3\"" "BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes" ";" "${@:6}"
[ "$BORGW_DRYRUN" == "1" ] || kill "$socat_pid" 2>/dev/null
else
echo "$0: unknown method"
fi
fi