From f9e2e37ad03b05eb198a05de3e096218e4594092 Mon Sep 17 00:00:00 2001
From: Jens Beckmann <jens@ljh31.de>
Date: Sun, 31 May 2026 12:47:18 +0000
Subject: [PATCH] setup.sh aktualisiert

---
 setup.sh | 65 ++++++++++++++++++++++++++++++++++++++++----------------
 1 file changed, 47 insertions(+), 18 deletions(-)

diff --git a/setup.sh b/setup.sh
index bc374d1..8e44589 100644
--- a/setup.sh
+++ b/setup.sh
@@ -5,8 +5,9 @@
 set -euo pipefail
 
 REMOTE_HOST="${1:-docker-host}"   # IP oder Hostname als Argument übergeben
-REMOTE_USER="borgbackup"
-SSH_KEY="/home/pi/.ssh/borg_pull"
+REMOTE_USER="borgbackup"          # SSH-User auf dem Docker-Host
+LOCAL_USER="borg"                 # Lokaler User auf dem Pi
+SSH_KEY="/home/${LOCAL_USER}/.ssh/borg_pull"
 MOUNT_BASE="/mnt/borg-pull"
 BORG_REPO_BASE="/media/backup/borg"
 BACKUP_SCRIPT="/usr/local/bin/borg-pull-backup.sh"
@@ -14,7 +15,7 @@ BACKUP_SCRIPT="/usr/local/bin/borg-pull-backup.sh"
 echo "=== BorgBackup Pull-Setup für ${REMOTE_HOST} ==="
 
 # --- Pakete installieren ---
-echo "[1/6] Installiere Pakete..."
+echo "[1/7] Installiere Pakete..."
 apt-get update -qq
 apt-get install -y borgbackup sshfs fuse
 
@@ -24,10 +25,29 @@ if ! grep -q "^user_allow_other" /etc/fuse.conf; then
     echo "     user_allow_other in /etc/fuse.conf aktiviert."
 fi
 
-# --- SSH-Key erzeugen ---
-echo "[2/6] Erzeuge SSH-Key..."
+# --- Lokalen borg-User anlegen ---
+echo "[2/7] Lege lokalen User '${LOCAL_USER}' an..."
+if id "$LOCAL_USER" &>/dev/null; then
+    echo "     User existiert bereits."
+else
+    useradd \
+        --system \
+        --create-home \
+        --home-dir "/home/${LOCAL_USER}" \
+        --shell /bin/bash \
+        --comment "BorgBackup Pull User" \
+        "$LOCAL_USER"
+    echo "     User '${LOCAL_USER}' angelegt."
+fi
+
+# --- SSH-Verzeichnis und Key erzeugen ---
+echo "[3/7] Erzeuge SSH-Key..."
+mkdir -p "/home/${LOCAL_USER}/.ssh"
+chmod 700 "/home/${LOCAL_USER}/.ssh"
+chown "${LOCAL_USER}:${LOCAL_USER}" "/home/${LOCAL_USER}/.ssh"
+
 if [ ! -f "${SSH_KEY}" ]; then
-    sudo -u pi ssh-keygen -t ed25519 -f "${SSH_KEY}" -N "" \
+    sudo -u "${LOCAL_USER}" ssh-keygen -t ed25519 -f "${SSH_KEY}" -N "" \
         -C "borg-pull-backup@$(hostname)"
     echo "     Key erzeugt: ${SSH_KEY}"
 else
@@ -42,11 +62,15 @@ echo "    ssh-copy-id -i ${SSH_KEY}.pub ${REMOTE_USER}@${REMOTE_HOST}"
 echo ""
 echo "    ODER manuell in ~/.ssh/authorized_keys auf dem Docker-Host einfügen."
 echo ""
+cat "${SSH_KEY}.pub"
+echo ""
 read -rp "    Drücke ENTER wenn erledigt..."
 
 # --- Verbindung testen ---
-echo "[3/6] Teste SSH-Verbindung..."
-if ssh -i "${SSH_KEY}" -o BatchMode=yes \
+echo "[4/7] Teste SSH-Verbindung..."
+if sudo -u "${LOCAL_USER}" ssh \
+       -i "${SSH_KEY}" \
+       -o BatchMode=yes \
        -o StrictHostKeyChecking=no \
        "${REMOTE_USER}@${REMOTE_HOST}" "echo OK" &>/dev/null; then
     echo "     Verbindung erfolgreich!"
@@ -56,13 +80,13 @@ else
 fi
 
 # --- Verzeichnisse anlegen ---
-echo "[4/6] Lege Verzeichnisse an..."
+echo "[5/7] Lege Verzeichnisse an..."
 mkdir -p "${MOUNT_BASE}/${REMOTE_HOST}"
 mkdir -p "${BORG_REPO_BASE}"
-chown pi:pi "${MOUNT_BASE}" "${BORG_REPO_BASE}"
+chown "${LOCAL_USER}:${LOCAL_USER}" "${MOUNT_BASE}" "${BORG_REPO_BASE}"
 
 # --- Borg-Repo initialisieren ---
-echo "[5/6] Initialisiere Borg-Repository..."
+echo "[6/7] Initialisiere Borg-Repository..."
 REPO="${BORG_REPO_BASE}/${REMOTE_HOST}"
 
 if [ ! -d "${REPO}/data" ]; then
@@ -70,7 +94,7 @@ if [ ! -d "${REPO}/data" ]; then
     echo "     Repository wird unter ${REPO} erstellt."
     echo "     Du wirst nach einem Passwort gefragt – SICHER AUFBEWAHREN!"
     echo ""
-    sudo -u pi borg init --encryption=repokey "${REPO}"
+    sudo -u "${LOCAL_USER}" borg init --encryption=repokey "${REPO}"
 
     echo ""
     echo "     >>> Exportiere den Repokey als Backup:"
@@ -81,22 +105,27 @@ else
 fi
 
 # --- Backup-Skript installieren ---
-echo "[6/6] Installiere Backup-Skript..."
+echo "[7/7] Installiere Backup-Skript..."
 cp "$(dirname "$0")/borg-pull-backup.sh" "${BACKUP_SCRIPT}"
 chmod +x "${BACKUP_SCRIPT}"
 
-# Passwort im Skript eintragen
+# Variablen im Skript eintragen
+sed -i "s|REMOTE_HOST=\"docker-host\"|REMOTE_HOST=\"${REMOTE_HOST}\"|g" "${BACKUP_SCRIPT}"
+sed -i "s|SSH_KEY=\"/home/borg/|SSH_KEY=\"/home/${LOCAL_USER}/|g" "${BACKUP_SCRIPT}"
+
 echo ""
 read -rsp "     Borg-Passwort für das Skript eingeben: " BORG_PASS
 echo ""
 sed -i "s|HIER-DEIN-PASSWORT|${BORG_PASS}|g" "${BACKUP_SCRIPT}"
-sed -i "s|REMOTE_HOST=\"docker-host\"|REMOTE_HOST=\"${REMOTE_HOST}\"|g" "${BACKUP_SCRIPT}"
 
 echo ""
 echo "=== Setup abgeschlossen! ==="
 echo ""
 echo "Nächste Schritte:"
 echo "  1. Passe BACKUP_PATHS in ${BACKUP_SCRIPT} an"
-echo "  2. Systemd-Timer aktivieren:  sudo systemctl enable --now borg-pull-backup.timer"
-echo "  3. Testlauf:                  sudo ${BACKUP_SCRIPT}"
-echo ""
+echo "  2. Systemd-Units kopieren und Timer aktivieren:"
+echo "     cp borg-pull-backup.service borg-pull-backup.timer /etc/systemd/system/"
+echo "     systemctl daemon-reload"
+echo "     systemctl enable --now borg-pull-backup.timer"
+echo "  3. Testlauf: bash ${BACKUP_SCRIPT}"
+echo ""
\ No newline at end of file