homelab/recipes/borg-auth.bash

#!/usr/bin/env bash

set -euo pipefail

get_key() {
  hostname=$1
  ip=$2
  pubkey=$(ssh "admin@$ip" sudo cat '/etc/ssh/ssh_host_ed25519_key.pub')
  echo 'command="mkdir -p /borg/'"$hostname"'; cd /borg/'"$hostname"'; borg serve --restrict-to-path /borg/'"$hostname"'",restrict '"$pubkey"
}

put_key() {
  hostname=$1
  ip=$2
  line=$(get_key "$hostname" "$ip")
  ssh -t robert@xalicas "sudo -u backup mkdir -p ~backup/.ssh; echo '$line' | sudo -u backup tee -a ~backup/.ssh/authorized_keys"
}

manually_debug_borg_command() {
  jobname="$1"
  service="/etc/systemd/system/borgbackup-job-$jobname.service"
  borg_rsh=$(grep BORG_RSH "$service" | cut -d= -f3 | sed 's/"$//')
  borg_repo=$(grep BORG_REPO "$service" | cut -d= -f3 | sed 's/"$//')
  script1=$(grep ExecStart "$service" | cut -d= -f2 | sed 's/ $//')
  script2=$(grep '^exec' "$script1" | cut -d\  -f2)
  set -x
  sudo env BORG_RSH="$borg_rsh" BORG_REPO="$borg_repo" "$script2" || true
  set +x
}

"$@"