borg-reverse/server-wrap.sh

#!/bin/bash

if [ -z ${BORG_REPO_PATH} ]; then
  echo "BORG_REPO_PATH is empty or unset. Please set and try again."
  exit 1
fi

# Temporarilly disallow glob
set -o noglob

SOCK_SRV="$2"
SOCK_CLI="$3"
CLIENT_SOCAT="'bash -c \"exec socat STDIO UNIX-CONNECT:$SOCK_CLI\"'"
MODE="$4"
REPO="$5"
BORG_CMD="${@:6}"
# Add some cleanup to the command
BORG_CMD+=" && rm $SOCK_CLI"

# Make command more robust from premature expansion
BORG_CMD=`echo $BORG_CMD | sed "s/--exclude\s\(\S\+\)/--exclude \'\1\'/g"`

echo $BORG_CMD

if [ $MODE == "extract" ]; then
    SH_CMD="cd /mnt"
fi

#user_name="borg"

#if [ "$(id --user --name)" != "$user_name" -o $# -lt 6 ]; then
if [ $# -lt 6 ]; then
  echo "$0 must be run as $user_name"
  echo "usage: sudo -u $user_name [env vars] $0 [-s|--socket] path-to/local-listening.sock path-to/remote-connecting.sock path-to/socat-wrapper user@sourcehost <client borg command>"
  echo "usage: sudo -u $user_name [env vars] $0 [-t|--tcp] local-listening-port remote-connecting-port path-to/socat-wrapper user@sourcehost <client borg command>"
  echo

  echo "example: sudo -u $user_name BORGW_RESTRICT_PATH=/path/to/repos $0 -s /tmp/local.sock /tmp/remote.sock /opt/borg/client-wrap"\
    "\"backuped-server -p 22\" sudo borg create ssh://backup-server/./my-repo::{hostname}_{utcnow} paths to backup"

  echo "example: sudo -u $user_name SSH_ARGS=\"-o ProxyCommand=ssh -W %h:%p gateway-server -p 22\" BORGW_RESTRICT_REPOSITORY=/path/to/repos/repo"\
    "$0 -t 12345 12345 /opt/borg/client-wrap backuped-server sudo borg"\
    "create ssh://backup-server/./::{hostname}_{utcnow} paths to backup"
  echo

  echo "Note: \"backup-server\" is arbitrary and can be anything - the socat-wrapper will ignore it"
else
  exec socat UNIX-LISTEN:"$SOCK_SRV" \
    "EXEC:borg serve --append-only --restrict-to-path $BORG_REPO_PATH --umask 077" &

  ssh -t -R "$SOCK_CLI":"$SOCK_SRV" $REPO sudo BORG_RSH="$CLIENT_SOCAT" "$BORG_CMD"
fi

# Re-allow glob
set +o noglob