backup-server/start_backup.sh

#!/bin/sh

SSH_HOST=${SSH_HOST:-"localhost"}
SSH_PORT=${SSH_PORT:-20022}
SSH_USER=${SSH_USER:-"backup"}
SSH_PASSWORD=${SSH_PASSWORD:-"backup"}
HOME="/home/$SSH_USER"
SSH_DIR="$HOME/.ssh"
key_type="ed25519"

BACKUP_COMPRESSION=${BACKUP_COMPRESSION:-"zstd"}
BACKUP_PASSWORD=${BACKUP_PASSWORD:-""}

if ! id -u "$SSH_USER" >/dev/null 2>&1; then
    echo "Creating user $SSH_USER..."
    adduser -D -s /bin/sh -h "/home/$SSH_USER" "$SSH_USER"
    # Ensure the user is properly initialized in shadow database
    passwd -u "$SSH_USER" 2>/dev/null || true

fi

if [ ! -d "$SSH_DIR" ]; then                                    
    # Generate host keys if they don't exist                    
    mkdir -p $SSH_DIR                                     
    echo "Generating $key_type host key..."                
    ssh-keygen -t "$key_type" -f "$SSH_DIR"/"id_$key_type" -N "" -q
    chmod 600 $SSH_DIR/id_$key_type                                
                                                                   
    # Add default ssh password if not set                          
    echo "$SSH_USER:$SSH_PASSWORD" | chpasswd                      
    chown -R $SSH_USER:$SSH_USER "/home/$SSH_USER"                 
                                                                   
    echo "Host '$SSH_HOST'                                         
    HostName '$SSH_HOST'                                           
    Port '$SSH_PORT'                                               
    User '$SSH_USER'                                               
    PreferredAuthentications publickey                             
    IdentityFile '$SSH_DIR'/id_'$key_type'        
    IdentitiesOnly yes
    StrictHostKeyChecking no                        
    ">> $SSH_DIR/config                           
                                                  
fi                                                

cd $SSH_DIR
rm /root/.ssh/config 2>/dev/null || true
rm /root/.ssh/known_hosts 2>/dev/null || true
echo "Host *                                                               
    IdentityFile '$SSH_DIR'/id_'$key_type'        
    IdentitiesOnly yes
    StrictHostKeyChecking no                        
"> /root/.ssh/config

if [ "$SSH_HOST" != "localhost" ]; then
    SSH_HOST="$(echo $SSH_HOST | base64 -d | jq -r '.[]')"
fi
# creating cycle for backup services
for BACKUP in $( echo -n $SSH_HOST) ; do      
    # check backup client availability
    RESPONSE=$(ssh -o StrictHostKeyChecking=no -o PreferredAuthentications=password -o ConnectTimeout=5 -o BatchMode=yes  -p $SSH_PORT $SSH_USER@$BACKUP  /bin/true 2>&1)

    if [ "$(echo $RESPONSE | grep -o resolve)" != "" ]; then
        echo "Expected backup client $BACKUP on port $SSH_PORT currently not available"
        continue
    fi
    # set backup client IP addresses and ports                                         
    RESPONSE=$(ssh -o StrictHostKeyChecking=no -o PreferredAuthentications=password -o ConnectTimeout=5 -o BatchMode=yes  -p $SSH_PORT $SSH_USER@$BACKUP  /bin/true 2>&1)

    if [ "$(echo $RESPONSE | grep -o password)" != "" ]; then
        echo "SSH password authentication enabled"
        sshpass -p "$SSH_PASSWORD" ssh -p $SSH_PORT -i $SSH_DIR/id_$key_type $SSH_USER@$BACKUP "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys" < $SSH_DIR/id_$key_type.pub
        ssh -i $SSH_DIR/id_$key_type -p $SSH_PORT $SSH_USER@$BACKUP sed -i "s/PasswordAuthentication\ yes/PasswordAuthentication\ no/g" .ssh/server/sshd_config
        sleep 2
    fi
    RESPONSE=$(ssh -o StrictHostKeyChecking=no -o PreferredAuthentications=password -o ConnectTimeout=5 -o BatchMode=yes  -p $SSH_PORT $SSH_USER@$BACKUP  /bin/true 2>&1)

    if [ "$(echo $RESPONSE | grep -o password)" == "" ]; then
        echo "SSH password authentication is disabled on the server."

        # check borg backup state
        export $BACKUP_PASSWORD        # Replace your current borg check section with:
        # check borg backup state
        CHECK_BACKUP_STATE=$(ssh -i $SSH_DIR/id_$key_type -p $SSH_PORT $SSH_USER@$BACKUP "BORG_PASSPHRASE='$BACKUP_PASSWORD' borg info /backup/ 2> /dev/null")
        if [ -z "$CHECK_BACKUP_STATE" ]; then
            echo "Ready to init borg backup"
            # Initialize borg repository with encryption
            if [ -z "$BACKUP_COMPRESSION" ]; then
                    COMPRESSION=$(echo "--compression $BACKUP_COMPRESSION")
            else
                    COMPRESSION=""
            fi

            ssh -i $SSH_DIR/id_$key_type -p $SSH_PORT $SSH_USER@$BACKUP "BORG_PASSPHRASE='$BORG_PASSPHRASE' borg init --encryption=repokey-blake2 $SSH_DIR/backup/"
            echo "Borg repository initialized with encryption"
        else
            # start backup
            echo "Borg backup is already initialized. Starting backup..."
            # Your backup command here with passphrase
            ssh -i $SSH_DIR/id_$key_type -p $SSH_PORT $SSH_USER@$BACKUP "BACKUP_PASSWORD='$BACKUP_PASSWORD' borg create $COMPRESSION  /backup/::{hostname}-{now} $SSH_DIR/backup/"
        fi
    fi
done