docker-entrypoint.sh

#!/bin/sh

echo "${CRON_TIME} /backup.sh" > /crontab.conf
crontab /crontab.conf

# Get SSH keys somehow. Alternatives:
# 1. Generate in container
#     1. Print on first start
#     2. Mount a volume exposing the public key
# 2. Take private key from a mounted volume. Generated by Ansible before.
# 3. Ability to choose from the above. (Only generate if non-existent)

# Solution:
# Allow manual key specification with ENV SSH_IDENTITY_FILE, can be from
# mounted volume. If SSH_IDENTITY_FILE is not a file, generate it and print
# on first boot.

# Generate ssh keys if needed
if [ ! -f "${SSH_IDENTITY_FILE}" ]; then
  install -d "$(dirname "${SSH_IDENTITY_FILE}")"
  ssh-keygen -q -trsa -b2048 -N "" -f "${SSH_IDENTITY_FILE}"
  printf "\nSSH keys generated at %s. Public key:\n\n" "${SSH_IDENTITY_FILE}"
  cat "${SSH_IDENTITY_FILE}.pub"
  printf "\n"
fi

# Allow remote SSH fingerprint. Alternatives:
# 1. Disable key checking (insecure)
# 2. Add as ENV option
# 3. Add script that connects to host once just to verify it (run manually)
# 4. Get from mounted volume
#
# 'ssh-keyscan -p2222 borta.swetzen.com 2>/dev/null 1>>/root/.ssh/known_hosts'
# can be used to add the key from a known host. Can be done at init based on
# ENV vars.
# Limitation: only allow one host to be added automatically in this way. It's only supposed to backup one host anyway.

# Scan $REMOTE_HOSTNAME for SSH fingerprint and add it to known_hosts
if [ "${REMOTE_HOSTNAME}" ]; then
  install -d /root/.ssh
  ssh-keyscan -p"${SSH_PORT}" "${REMOTE_HOSTNAME}" 2>/dev/null 1>>/root/.ssh/known_hosts
  echo "Added SSH fingerprint for ${REMOTE_HOSTNAME} to /root/.ssh/known_hosts"
fi

# Create backup excludes file by splitting the EXCLUDES variable
touch /backup_excludes
IFS=';'
for exclude in ${EXCLUDES}; do
  echo "${exclude}" >> /backup_excludes
done

exec "$@"