added readme

README.md

@@ -0,0 +1,37 @@
+# docker: borgbackup-sshd 💾 🐳 🐙
+
+Single-user [OpenSSH server](https://www.openssh.com/) restricted to [BorgBackup](https://www.borgbackup.org/) backend
+
+```sh
+$ sudo docker run --name borgbackup_sshd \
+    -v ssh_host_keys:/etc/ssh/host_keys:rw \
+    -v /somewhere:/repository:rw \
+    --tmpfs /home/borg/.ssh:mode=1777,size=16k \
+    --tmpfs /tmp:mode=1777,size=1M \
+    -p 2200:2200 \
+    -e SSH_CLIENT_PUBLIC_KEYS="$(cat ~/.ssh/id_*.pub)" \
+    -e SSH_CLIENT_PUBLIC_KEYS_APPEND_ONLY="$(cat optional-append-only-keys.pub)" \
+    --read-only --security-opt=no-new-privileges --cap-drop=ALL \
+    docker.io/fphammerle/borgbackup-sshd
+
+$ borg init --encryption=editme ssh://borg@127.0.0.1:2200//repository
+
+$ borg create --stats ssh://borg@127.0.0.1:2200//repository::{hostname}-{utcnow} \
+    ~/documents ~/photos ...
+```
+
+`sudo docker` may be replaced with `podman`.
+
+Pre-built docker images are available at https://hub.docker.com/r/fphammerle/borgbackup-sshd/tags
+(mirror: https://quay.io/repository/fphammerle/borgbackup-sshd?tab=tags)
+
+Annotation of signed git tags `docker/*` contains docker image digests: https://github.com/fphammerle/docker-borgbackup-sshd/tags
+
+Detached signatures of images are available at https://github.com/fphammerle/container-image-sigstore
+(exluding automatically built `latest` tag).
+
+### Docker Compose 🐙
+
+1. `git clone https://github.com/fphammerle/docker-borgbackup-sshd`
+2. Add public keys to [docker-compose.yml](docker-compose.yml)
+3. `docker-compose up --build`