From 8e6b97df341dcdacbd3e17061b7c27b96a56a228 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Paulon?= <paulon@crans.org>
Date: Tue, 28 Sep 2021 11:59:34 +0000
Subject: [PATCH] [borgbackup-server] Use restrict directive for authorized_key
 As documented in
 https://borgbackup.readthedocs.io/en/stable/usage/serve.html, openssh-server
 > 7.2 is available in debian since at least stretch (7.4) so no risk of
 compatibility issues.

---
 roles/borgbackup-server/templates/authorized_keys.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/borgbackup-server/templates/authorized_keys.j2 b/roles/borgbackup-server/templates/authorized_keys.j2
index 184dde9b..3504fcf9 100644
--- a/roles/borgbackup-server/templates/authorized_keys.j2
+++ b/roles/borgbackup-server/templates/authorized_keys.j2
@@ -1,3 +1,3 @@
 {{ ansible_header | comment }}
 
-command="borg serve --restrict-to-path {{ borg.path }}",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding {{ vault.borgbackup_ssh_pubkey }}
+command="borg serve --restrict-to-path {{ borg.path }}",restrict {{ vault.borgbackup_ssh_pubkey }}