feat: benji

cluster/apps/data/bookstack/volumes.yaml

@@ -5,7 +5,7 @@ metadata:
   name: bookstack-config
   namespace: data
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce
@@ -20,7 +20,7 @@ metadata:
   name: bookstack-db
   namespace: data
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/data/freshrss/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: freshrss-config
   namespace: data
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/data/homer/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: homer-config
   namespace: data
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/data/pgadmin/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: pgadmin-config
   namespace: data
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/data/postgresql-kube/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: postgresql-kube
   namespace: data
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/data/recipes/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: recipes-files
   namespace: data
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/data/resilio-sync/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: resilio-sync-config
   namespace: data
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/data/vaultwarden/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: vaultwarden-data
   namespace: data
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/data/vikunja/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: vikunja-files
   namespace: data
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/data/wallabag/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: wallabag-images
   namespace: data
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/development/gitea/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: gitea-config
   namespace: development
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/home-automation/frigate/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: frigate-config
   namespace: home-automation
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/home-automation/home-assistant/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: hass-config
   namespace: home-automation
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/home-automation/zigbee2mqtt/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: zigbee2mqtt-config
   namespace: home-automation
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/home-automation/zwavejs2mqtt/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: zwavejs2mqtt-config
   namespace: home-automation
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/kustomization.yaml

@@ -8,4 +8,5 @@ resources:
   - media
   - monitoring
   - networking
+  - rook-system
   - secret-reflector

cluster/apps/media/bazarr/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: bazarr-config
   namespace: media
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/media/flood/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: flood-config
   namespace: media
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/media/jellyfin/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: jellyfin-config
   namespace: media
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/media/lidarr/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: lidarr-config
   namespace: media
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/media/lychee/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: lychee-files
   namespace: media
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/media/navidrome/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: navidrome-config
   namespace: media
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/media/prowlarr/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: prowlarr-config
   namespace: media
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/media/pyload/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: pyload-config
   namespace: media
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/media/qbittorrent/volumes.yaml

@@ -5,7 +5,7 @@ metadata:
   name: qbittorrent-config
   namespace: media
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/media/radarr/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: radarr-config
   namespace: media
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/media/readarr/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: readarr-config
   namespace: media
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/media/sabnzbd/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: sabnzbd-config
   namespace: media
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/media/sonarr/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: sonarr-config
   namespace: media
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/media/tdarr/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: tdarr-data
   namespace: media
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/monitoring/uptime-kuma/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: uptime-kuma-config
   namespace: monitoring
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/networking/unifi/volume.yaml

@@ -5,7 +5,7 @@ metadata:
   name: unifi-config
   namespace: networking
   labels:
-    kasten-io-snapshots: "enable"
+    benji-backup.me/instance: "benji-k8s"
 spec:
   accessModes:
     - ReadWriteOnce

cluster/apps/rook-system/benji/configmap.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: benji-ceph-etc
+  namespace: rook-ceph
+data:
+  ceph.conf: |
+    [global]
+    mon_host = rook-ceph-mon-b.rook-ceph.svc.cluster.local:6789,rook-ceph-mon-c.rook-ceph.svc.cluster.local:6789,rook-ceph-mon-d.rook-ceph.svc.cluster.local:6789
+
+    [client.admin]
+    keyring = /etc/ceph/keyring

cluster/apps/rook-system/benji/helm-release.yaml

@@ -0,0 +1,105 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: benji
+  namespace: rook-ceph
+spec:
+  releaseName: benji
+  interval: 5m
+  chart:
+    spec:
+      chart: ./charts/benji-k8s
+      version: 0.2.0
+      sourceRef:
+        kind: GitRepository
+        name: benji-charts
+        namespace: flux-system
+      interval: 5m
+  values:
+    timeZone: Europe/Paris
+    benji:
+      configuration:
+        configurationVersion: '1'
+        databaseEngine: postgresql://benji:secret@benji-postgresql-headless:5432/benji
+        defaultStorage: storage-1
+        storages:
+          - name: storage-1
+            storageId: 1
+            module: file
+            configuration:
+              path: /mnt/storage/backups/benji
+        ios:
+          - module: rbdaio
+            name: replicapool
+            configuration:
+              simultaneousReads: 3
+              simultaneousWrites: 3
+              cephConfigFile: /etc/ceph/ceph.conf
+              clientIdentifier: admin
+              newImageFeatures:
+                - RBD_FEATURE_LAYERING
+                - RBD_FEATURE_EXCLUSIVE_LOCK
+                - RBD_FEATURE_STRIPINGV2
+                - RBD_FEATURE_OBJECT_MAP
+                - RBD_FEATURE_FAST_DIFF
+                - RBD_FEATURE_DEEP_FLATTEN
+      cronJob:
+        activeDeadlineSeconds: null
+        startingDeadlineSeconds: null
+      crontab:
+        - name: backup-data
+          schedule: "00 22 * * *"
+          command:
+            - benji-backup-pvc
+            - --selector
+            - 'benji-backup.me/instance=benji-k8s'
+        - name: benji-enforce
+          schedule: "30 22 * * *"
+          command:
+            - benji-command
+            - enforce
+            - days14
+            - 'labels["benji-backup.me/instance"] == "benji-k8s"'
+        - name: cleanup
+          schedule: "00 23 * * *"
+          command:
+            - benji-command
+            - cleanup
+      volumes:
+        - name: ceph-etc
+          configMap:
+            name: benji-ceph-etc
+            defaultMode: 0444
+        - name: ceph-keyring
+          secret:
+            secretName: rook-ceph-admin-keyring
+            defaultMode: 0444
+        - name: nfs-backups-benji
+          persistentVolumeClaim:
+            claimName: nfs-backups-benji
+      volumeMounts:
+        - name: ceph-etc
+          mountPath: /etc/ceph/ceph.conf
+          subPath: ceph.conf
+          readOnly: true
+        - name: ceph-keyring
+          mountPath: /etc/ceph/keyring
+          subPath: keyring
+          readOnly: true
+        - name: nfs-backups-benji
+          mountPath: /mnt/storage/backups/benji
+    fsfreeze:
+      enabled: true
+    postgresql:
+      enabled: true
+      postgresqlUsername: benji
+      postgresqlDatabase: benji
+      postgresqlPassword: secret
+    pushgateway:
+      image:
+        registry: docker.io
+        repository: prom/pushgateway
+        tag: v1.4.1
+        pullPolicy: IfNotPresent
+      nameOverride: pushgateway

cluster/apps/rook-system/benji/kustomization.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - configmap.yaml
+  - volume.yaml
+  - helm-release.yaml
+  - podmonitor.yaml
+  - pgbackups.yaml

cluster/apps/rook-system/benji/pgbackups.yaml

@@ -0,0 +1,60 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pgbackups
+  namespace: rook-ceph
+  labels:
+    app.kubernetes.io/instance: pgbackups
+    app.kubernetes.io/name: pgbackups
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: pgbackups
+      app.kubernetes.io/name: pgbackups
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: pgbackups
+        app.kubernetes.io/name: pgbackups
+    spec:
+      imagePullSecrets:
+        - name: regcred
+      containers:
+        - name: pgbackups
+          #image: prodrigestivill/postgres-backup-local:13
+          image: registry.${SECRET_CLUSTER_DOMAIN}/homelab/postgres-backup-local:1.0.0
+          env:
+            - name: POSTGRES_HOST
+              value: benji-postgresql-headless
+            - name: POSTGRES_DB
+              value: benji
+            - name: POSTGRES_USER
+              value: benji
+            - name: POSTGRES_PASSWORD
+              value: secret
+            - name: POSTGRES_EXTRA_OPTS
+              value: "-Z9 --schema=public --blobs"
+            - name: SCHEDULE
+              value: "@daily"
+            - name: BACKUP_KEEP_DAYS
+              value: "14"
+            - name: HEALTHCHECK_PORT
+              value: "8080"
+            - name: POST_BACKUP_HOOK
+              value: "curl -m 10 --retry 5 http://healthchecks.monitoring.svc.cluster.local:8000/ping/ce94dbce-de51-4823-a54f-a2f960288f4b"
+          resources:
+            requests:
+              cpu: 150m
+              memory: 256Mi
+          ports:
+            - containerPort: 8080
+          volumeMounts:
+            - name: nfs-backups-benji
+              mountPath: /backups
+              subPath: postgresql
+      volumes:
+        - name: nfs-backups-benji
+          persistentVolumeClaim:
+            claimName: nfs-backups-benji

cluster/apps/rook-system/benji/podmonitor.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: benji
+  namespace: rook-ceph
+spec:
+  podMetricsEndpoints:
+    - interval: 10m
+      path: /metrics
+      port: metrics
+      scrapeTimeout: 2m
+  selector:
+    matchLabels:
+      app: pushgateway
+      release: benji

cluster/apps/rook-system/benji/volume.yaml

@@ -0,0 +1,34 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: nfs-backups-benji
+spec:
+  storageClassName: nfs-backups-benji
+  capacity:
+    storage: 1Mi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  nfs:
+    server: ${LOCAL_LAN_TRUENAS}
+    path: /mnt/storage/backups/benji
+  mountOptions:
+    - tcp
+    - intr
+    - hard
+    - noatime
+    - nodiratime
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nfs-backups-benji
+  namespace: rook-ceph
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: nfs-backups-benji
+  resources:
+    requests:
+      storage: 1Mi

cluster/apps/rook-system/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - benji

cluster/base-custom/charts/benji-charts.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+  name: benji-charts
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://github.com/elemental-lf/benji
+  timeout: 3m
+  ref:
+    branch: master
+  ignore: |
+    # exclude all
+    /*
+    # include charts directory
+    !/charts/

cluster/base-custom/charts/kustomization.yaml

@@ -4,6 +4,7 @@ kind: Kustomization
 resources:
   - authelia-charts.yaml
   - authentik-charts.yaml
+  - benji-charts.yaml
   - bitnami-charts.yaml
   - cert-manager-webhook-ovh.yaml
   - drone-charts.yaml