♻️ homelab

kubernetes/apps/default/homelab/minio/backup/helmrelease.yaml

@@ -0,0 +1,63 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: homelab-minio-backup
+  namespace: default
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 2.2.0
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  maxHistory: 2
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    controllers:
+      main:
+        type: cronjob
+        cronjob:
+          concurrencyPolicy: Forbid
+          schedule: "@daily"
+        containers:
+          main:
+            image:
+              repository: ghcr.io/auricom/rclone
+              tag: 1.62.2@sha256:8d3ae01ed5295974be1b229f7398ce93a03c77a3fdaf301ea35bf929bb19389a
+            command: ["/bin/bash", "/app/minio-rclone.sh"]
+            envFrom:
+              - secretRef:
+                  name: homelab-minio-secret
+            service:
+              main:
+                enabled: false
+    service:
+      main:
+        enabled: false
+    persistence:
+      config:
+        enabled: true
+        type: configMap
+        name: homelab-minio-configmap
+        defaultMode: 0775
+        globalMounts:
+          - path: /app/minio-rclone.sh
+            subPath: minio-rclone.sh
+            readOnly: true
+          - path: /config/rclone.conf
+            subPath: rclone.conf
+            readOnly: true

kubernetes/apps/default/homelab/minio/backup/kustomization.yaml

@@ -0,0 +1,15 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+  - ./helmrelease.yaml
+configMapGenerator:
+  - name: homelab-minio-configmap
+    files:
+      - ./minio-rclone.sh
+      - ./rclone.conf
+generatorOptions:
+  disableNameSuffixHash: true
+

kubernetes/apps/default/homelab/minio/backup/minio-rclone.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+set -o nounset
+set -o errexit
+
+# Replace the placeholders in the file with the environment variables values
+cp /config/rclone.conf /tmp/rclone.conf
+sed -i "s@__RCLONE_ACCESS_ID__@$RCLONE_ACCESS_ID@g" "/tmp/rclone.conf"
+sed -i "s@__RCLONE_SECRET_KEY__@$RCLONE_SECRET_KEY@g" "/tmp/rclone.conf"
+sed -i "s@__PASSWORD__@$GDRIVE_PASSWORD@g" "/tmp/rclone.conf"
+sed -i "s@__PASSWORD2__@$GDRIVE_PASSWORD2@g" "/tmp/rclone.conf"
+sed -i "s@__GDRIVE_CLIENT_ID__@$GDRIVE_CLIENT_ID@g" "/tmp/rclone.conf"
+sed -i "s@__GDRIVE_CLIENT_SECRET__@$GDRIVE_CLIENT_SECRET@g" "/tmp/rclone.conf"
+sed -i "s@__GDRIVE_TOKEN__@$GDRIVE_TOKEN@g" "/tmp/rclone.conf"
+
+echo "Sync minio buckets with encrypted remote gdrive-homelab-backups ..."
+rclone --config /tmp/rclone.conf sync minio: gdrive-homelab-backups:

kubernetes/apps/default/homelab/minio/backup/rclone.conf

@@ -0,0 +1,22 @@
+[minio]
+type = s3
+provider = Minio
+access_key_id = __RCLONE_ACCESS_ID__
+secret_access_key = __RCLONE_SECRET_KEY__
+endpoint = https://minio.${SECRET_DOMAIN}:51515
+acl = private
+
+[gdrive-homelab-backups]
+type = crypt
+remote = gdrive:homelab-backups
+directory_name_encryption = false
+password = __PASSWORD__
+password2 = __PASSWORD2__
+
+[gdrive]
+type = drive
+client_id = __GDRIVE_CLIENT_ID__
+client_secret = __GDRIVE_CLIENT_SECRET__
+scope = drive.file
+token = __GDRIVE_TOKEN__
+team_drive =