✨ borgserver

2025-10-01 16:05:55 +02:00 · 2022-11-20 22:50:55 +01:00
parent 86c209b6c0
commit 732ef74f65
15 changed files with 151 additions and 285 deletions
--- a/kubernetes/base/config/cluster-settings.yaml
+++ b/kubernetes/base/config/cluster-settings.yaml
@@ -19,6 +19,7 @@ data:
  CLUSTER_LB_EMQX: 192.168.169.109
  CLUSTER_LB_JELLYFIN: 192.168.169.110
  CLUSTER_LB_RESILIOSYNC_HELENE: 192.168.169.111
+  CLUSTER_LB_BORGSERVER: 192.168.169.112
  LOCAL_LAN: 192.168.8.0/22
  LOCAL_LAN_OPNSENSE: 192.168.8.1
  LOCAL_LAN_TRUENAS: 192.168.9.10
--- a/kubernetes/cluster-0/apps/storage/borgserver/helm-release.yaml
+++ b/kubernetes/cluster-0/apps/storage/borgserver/helm-release.yaml
@@ -0,0 +1,84 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app borgserver
+  namespace: default
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.0.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    createNamespace: true
+    remediation:
+      retries: 5
+  upgrade:
+    remediation:
+      retries: 5
+  values:
+    image:
+      repository: ghcr.io/auricom/borgserver
+      tag: 1.2.2@sha256:98b2c7251ecddf41a56211bc878be256d49d77774cef9f9f8213af2cae023c7f
+    env:
+      TZ: "${TIMEZONE}"
+    service:
+      main:
+        enabled: false
+      ssh:
+        enabled: true
+        type: LoadBalancer
+        loadBalancerIP: "${CLUSTER_LB_BORGSERVER}"
+        ports:
+          bittorrent:
+            enabled: true
+            port: 22
+            protocol: TCP
+            targetPort: 22222
+        externalTrafficPolicy: Local
+    probes:
+      liveness: &probe
+        enabled: true
+        custom: true
+        spec:
+          tcpSocket:
+            path: /health
+            port: 22222
+          initialDelaySeconds: 10
+          periodSeconds: 60
+          timeoutSeconds: 2
+          failureThreshold: 3
+      readiness: *probe
+      startup: *probe
+    persistence:
+      keys-clients:
+        enabled: true
+        type: secret
+        name: borgserver-clients
+        mountPath: /config/clients
+        readOnly: true
+      keys-host:
+        enabled: true
+        type: secret
+        name: borgserver-host
+        mountPath: /config/host
+        readOnly: true
+      borgrepo:
+        enabled: true
+        type: nfs
+        server: "${LOCAL_LAN_TRUENAS}"
+        path: /mnt/storage/backups/borgserver
+        mountPath: /app
+    podAnnotations:
+      configmap.reloader.stakater.com/reload: *app
+    resources:
+      requests:
+        cpu: 50m
+        memory: 200Mi
+      limits:
+        memory: 2Gi
--- a/kubernetes/cluster-0/apps/storage/borgserver/kustomization.yaml
+++ b/kubernetes/cluster-0/apps/storage/borgserver/kustomization.yaml
@@ -2,5 +2,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - kopia-kube
-  - kopia-workstations
+  - helm-release.yaml
+  - secret-clients.sops.yaml
+  - secret-host.sops.yaml
--- a/kubernetes/cluster-0/apps/storage/borgserver/secret-clients.sops.yaml
+++ b/kubernetes/cluster-0/apps/storage/borgserver/secret-clients.sops.yaml
@@ -0,0 +1,30 @@
+kind: Secret
+apiVersion: v1
+type: Opaque
+metadata:
+    name: borgserver-clients
+    namespace: default
+stringData:
+    claude-fixe-fedora: ENC[AES256_GCM,data:o3xhEfxuZvFQhMglcUx+4lLDu0PpKQ+glpdmPavBKOL4BnoeiZHpdKc1Ef9TVXoydwy+8bcGLoSKVcGClus68sD3GbTlEFnZKPmkaQ8Gc3QJ8Fb0a1S7ROBHSwq7XKIDCy6PQv9+rqPUMK0=,iv:GcAM6uIkJuYNZaDGwhTzWqTnFOl74/ztF7fyKfzr+Fc=,tag:cA54SNGb1FRUmpoAQPsJdg==,type:str]
+    claude-thinkpad-fedora: ENC[AES256_GCM,data:15O6nkrLPiugZm10I4Wd2A3sEEJNU3kHVK5QjGDoc7ibOdcALv2phPpChPMFqt85hRXhLZ1bknZfVlYT83XyyvA6d84nUaZAEsPqTlyvF4ux10qlm1XD/5PXE4+M/9G9NzTKzskxk677YIem20ny,iv:kh8uuwWGdA99iVW+BfufPStkITWNEfC4Ym/w0M6IGRc=,tag:fgt/WuKgcos7r6ZyyypTkQ==,type:str]
+    work-ledger: ENC[AES256_GCM,data:gvIO7BGIiqPBjgjRxyFQd6tMgYY7vAbVNPjb7uB262pcWRFOwU5Twt81Nk4/Ehe8M75i2NC569MQoxJU8cmBFbhkyQ2y/uSExeGf/q3dgpasbZGBeKrgjJKliEyHiiUoX/E=,iv:9sD4YcQVMlA9+LHxkD0pokqVpfQKu/Xtmd7UF5Z7d1w=,tag:v5rZZwDqRz7D9qw1vsV4Sw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSd2h2N2RELzkvODM0WE1p
+            c1M3bEQxdDZkZ3Zlcm9uKzFWYklLWWpUYXhvCkN1bXU3YmNrY255RmkwSXFDWmt1
+            dHExaGZRODhKdm1NR2xYV29CeE5vbk0KLS0tIHpBUGVaNUhKaE5UOU1hM3c0akxX
+            ZWRhWnBrY1FBNVQyOU0yVGFXb0QrVnMK26Nc5Bw/jOzuxXcufHcxnugG1bzqO9T8
+            LNIau17zdWX5bfWGDj++ipnm8x1sPswEULal4U2Muc2Iy7GuZPhVyg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-11-20T18:09:33Z"
+    mac: ENC[AES256_GCM,data:sV/hzCjbPOzIb7tz++UFRYC6sSXFIGAYVrSUMSQEj662E/vSYIct/6YsL2736cJlNm1OuCSaqPAYWN+wDc8nJeoj/sV6jbmtG2S6v9y12XpCStGFtdC551Jf73PKAO3T0xQrqDggX5TVO0aveI9iFfusOxNDosXU+YgiMylU3vw=,iv:ygU2bXZvAPesWe7O+1FboU9DL5JeN6G/eFDT4YHW0ng=,tag:3B0MohH+EW2MUFChFj8ssg==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.3
--- a/kubernetes/cluster-0/apps/storage/borgserver/secret-host.sops.yaml
+++ b/kubernetes/cluster-0/apps/storage/borgserver/secret-host.sops.yaml
@@ -0,0 +1,31 @@
+kind: Secret
+apiVersion: v1
+type: Opaque
+metadata:
+    name: borgserver-host
+    namespace: default
+stringData:
+    ssh_host_ed25519_key: ENC[AES256_GCM,data:FeWPg7LWcnrFm7DXdizGgxSwN4UVwl39XdQCQv8JeizTqmr9OJQLQzfLW5ExE7UD/bdHs6CvNKDOVBpcicc/Drmio6272WIQk5XcoyfyWaZQfmjKLj7Qfh3UCWi0b59uFXwfvoAEzeBbG+L530bTDyPqiIQxO9m/QVFTsBfZCg0QDJNUbQV/5a4jK5nJXIYrfE+VezbknzZtTvHVCr65ftN+ZWEjHBtClRdmnNjTaDUnCKqu+n8UKw756V5+a5+4MGUiWmwib4fYZnYFquajndvHk+73bd4mo8mO+s7zyl9txcXUJX39qGiSUmY2ABznbpP+nDMwvgHggGV/jsXAzSmhA17SVidWImyPz+vNy8oNIkkM/IviCIYiDmDFyqRGBUxjL/cc3UwtmO40QuJl3TCR8ztLkO7paYmNvwCbfHInygSlR8etao8qKzhh3EE0dTageuKKp8anCrwDeceSQ6kZsNk4zhQTXxhamNni77BcxwFNGJOGdDhXsz9/hxfAgaAPO4PwHo9jxDopX6DEV+VEQZ4vePJVMzyLaBXvgdZQSZqMWndPbbHRsbIC8YIV,iv:A1aZEhL6xK5rnbjoUNByufnpoJRO559KPwF4PlZGRsc=,tag:rtEQIRldBanayzitxHgRiA==,type:str]
+    ssh_host_ed25519_key.pub: ENC[AES256_GCM,data:C5+/1cNsWoshxXCkJJBofn47qBbz0TaQlHRCUt3zJbfb2T6kne3vVOYA6sEs0Kcr5Ecj6QAINwJlnmWsPsET36m6lHhcFKJeUaAQWVybOxP0eg+NBuuYoZILzdqv6xXGRCiAED+ZhEWsTgcsIjLS4Hsq,iv:yHGTQLc0Wwmc2xtOIHl8kbgInRKFwxk4wlx0UO+Jz6c=,tag:1rmWNdUgNcXGOYElMhx5xQ==,type:str]
+    ssh_host_rsa_key: ENC[AES256_GCM,data:a99N0mPtEbZK5Nawlj+MycuObFxz5Tn0tspdfBWC18FbUUQNqS6+DYGHJ68KU9o1eT9sVpdMO4jDhoxZNP8JqSuwv0GL6j3OhXM6xdLCO795HeaH/eeJpIjNooEhIImhRnbrz4Z/cKhNmyuHVOj7Nbo6pBJOtQTiPs3YHRRytMMfUe1UByXzA9YZPWYht7OkMOQWXXqhsuXF3JezQnzhRo8SfO2LlSX4H/5Kb444h12VCc4NIHr+ds3R3Z99wTkYcY3WKXAd6P57wAX7G/eSv9iSRKanG7NoyUoimXvTZYKcz3Il6UIZGaCS6ntwJBeBqdZjgf/3gXxyim8I90wmtDpDbqxpOF2K3EmY7DXSHud5SA7d7xvrzDnAiEPaW8GcFnlPtsTbn7DnCQ0uomf3aM8TS/NooRj2M5oufdZ2rq692h+w7q6LFB+rCdNrcttv4IDLmGd7jV7biWHvxyXgYC1DXskJArYnKzZfzNV3Yzdyg4GzKPstV8BhjtKgYTMU9OVVqK84AptGNdYfcBCB1GaNYG5vl/LP3eEjBSLubdC3JUucV5n9p9fBDf41QaCg+DrWs2xFybEM/JoBJt9DQOX4FznXJr7Qc/+FbeKZbZuqNDLReI0oTpp610DSta/Y1rlw0c6NLADA2WZzsodatUgzYfpstZ5cLl4B/i61M+928Wx4P+PrHI7IXRW4j3usNRIS7a6BF1VBdOSQn5H5lLdpDpy8IhhfAvEj1E4eSvG8s3Qp76oS7uSotyecBkCIxiu4HhGN8QGOj/2tjq6sxh05iX4YHg7C4vtmITIP6I3h8ewOP42lo6NxZp+NJKC+lryNcCqMrQuIUK5AKXqO5K1OYa6pWIUXgIssHyt+OpjaJ6VvN1VkXRioGIigg597+0AABDajLefLpFgDIMGLOWw6Mz1LaU4jg2mgfiqdSatrD9whi6TGyMFCwR4oWPZNMjw8udr3LWXj6GgnfNu6VVuLEj6e1qnEdZpywrTEM9pDGLeexvbFv0Ipexyd5OgTbMisvYCUO6nXs7FwxTIsrnjmai16whLBWa+TrChxQDOL5XJZjHZRcT+8DOl4AX9FyffIy7tdS8D2IFhk7ffernFGf/2TUGLREyw1bkAGVZjBRRJ/9y///sRal1dDp52k4OH3QZlHmjjTMExGAjn55K/fDhqdlNRdAVwFylBa83E9ci+RUW1DEJQ8t+WimS55CevwMPRjcABHm3TFgxM4gS2vySwG/+3plACqoTp7IwniTNs9hjMbU24X8FqdTxLLn5VvHjb/NzuAGhcBd/GoRg4sjDB97TWXoRRFjh2UjApUqdoU2XWW1/qkFRxYh1l9ahQy1+nRqWzo0+nVzF9KKtbubNRH9xhDcGtz/R4xep8Bxqg1Mq/wF3So/vGGGCYJ+K6eIBLdnoaq4M/WzlYRSAW94mp2WrIAAZSc+2CO14Hwnf6qyeLWJtAFSh7FBsoEmqkI1kojmI4j8MO/mzouYvaybejpOAe8p0xQ27J1I1cG0ceb5ZPrjpAsaGP3bJDu78JUYfnSHEuFOfXAXny64pFayzPOE6+F0QIK3nL3s+XO4Nj9ySJzn5iL9nGZit49nUvhp/fB+7KCNyPCMF/5+NveMYgerjvvfq+tmCS+TvWjKCrvO2fHBTVcB4XHyTuMu5BC/Vmd6qhOnpJuUt1uHpCkIlZs9tJsXzuKJ/X6Ym2UOXspzTpztzmsmQiqxIrBZ2TP2PdPCL210loK0FSRRS/FAs5/Krna/HcdzLtMhHgFlZNALpti/tHGYOuLI0sDXtdbJhxz99H/onXHTHDHoGM8auvnQCObcAp0eFiyMiEzAl2Y5S0lbGun3xbX19xuOOmn3AN2wkQ46Lcu59Bl3YPBh+ORMhyG8gTJRyS5rXq3/FvSeQbIMMy9dGru5YCu/MKOJ9IeBwyDcN4rissplAljesclZ+yaaVyFTbMgOniEQt4aRt3yuUJKWesuKmsnMXGHSxKkDSLpS3svUMBcC3yuDTONjXe7NPwQgGdqrC1nUPlIHZ6FGc0lfD6lPh0BpdpZHuFaxiHuI1kIi0VLOB05iO5Rw+QJt6oCjxiVzI0HdeKJ8WTrd8OO4XS3L0/MlEsjJO8VHBZ4UfF3jWB74mrjqvyhoOWOaqv5dZJZwtWGO5yrgqilD4MkludWMhrGGREcj5KL3EoT71+3pBUO1gqytE4UQCrPG9n2Jwb0Vb9xvaqiJfsm5tQ7BvqKysnHI4obhO57XYc9bjEwzCpKQa2AMBM2NEa8desa3fmA7JrGUbD463Zu4Cbq0cnX/5bmfPkVYgcvZgGpW++bvEZAH/TWwV8IhEoof3tNRuGs4aWkuebCqULcnspaq0zIjagJLhzVWFp0uSlyn2LUfJm6JCv09aX7nSOVXWRmh/stmxCmzFB/8oSmiTEB3O/evN6c3AzAPz+4hTleoUuIPnd+R59s0S6mm0Kdr7d+AVBOWUMfuRin+yfTXE4Ud5JT1wmTSWzaEshDx3MMH650d7gaYU0f38w7adZpB88uii/iA0SlQ+ucIEMR4UR2R6pFya515u5AVnygS6Xm4sVroEw/8H0ZE2KzdCfY6oBI9Y2Tcc3IDe0D0TNIu0d7GPgjWZPAPDV10Dm/IxHEB4RZoGwj32NqLSplEcTl1JjYg8H90AuUzfDjCV04neUiN0IROVnYYoz37PhaMFV5mSsNiQjoohmAgS3lsb4/Y9n3GfR6OHvwDpCmrA1WpM5eM/W4yzRao7t4f7EYVy1fkNdqfdUJ9IJzsK6iKux0BwE0s7uxbYWJsZwdaaoE7NuhQi0+PyltDEDrELa2tf0fFQ89PJuXiIHo6zaOomTQcqhTpte7I1nr35F3nlHWjdNp/pbYAax53owp0WY8N/Tp5Nwxg7f90KWyiAqPLpLpSi8PkNOk+hyI4Gw+QT86KjRO1P1szLDGqAy1WS02mkSvcmBF/ax3mrBrEs2aqkYTjz9jPma7vL1/VzIKuyx6j0QJWbbOTdjZBUQJjgPfWVWYPR+HjBqXX6QPF3Qo13g8BeMz2ZVsqGaTO+H/HEeX8C1i/U13+ZA3oAxAJLgbH7b2oBb3ja35Df2pBg8orCSnS8ay5yDSPOFO2UIJERuJzqHdyLlSOrgp8avEVK3U3CFbjjE1dOI7krqeKwYXoUsROSDbNTzstYBjW4zlhoK/e9P79xMmTcGaE8B0CswTcJdRH3btT0Qao+BL8s0lB4yX0rvFVvRNVNuG214/WTLll9mTs7MJZuQeX2zaC32aJ5RmGwzoBZDSik/3ZSsKr1Uyc6rOrdgrflHrDWb/a1SXuGatLfqWHUiQmyeXQjxebWcGVEset6Pby7QMwXD75HhzgCSjdP+fef9KI/Hkgt0GJJ0tzbnf277VJVgl3p1US1BiHbdzVn9wmWn4a1Wy/OqnwU571sE8QKQRCz6D8tDfm3VfBY2avxdYBMqAXttdrvaHZo5w6k4yX+qWwiQBbh4URrnsH8mZ,iv:AX/hwSuHPNe8BMFiM0n9j21SwEw3gNPP3Azq1QFkddo=,tag:kI7F5Xbmk8RE/jMIxkIkOw==,type:str]
+    ssh_host_rsa_key.pub: ENC[AES256_GCM,data:qXkMPzaXNnvnrmus0nALNxLH1jEqew0MS2YJ5jhDIB3Z1zfwMha/Jd+bslwDuuNeIOo+BBtNgYvvmNKAAefKbbbMFsJo9o5Yi1Y3En3xek/v3COqS/AQ7iDRkTvvrMKtKtXsPChDSsDE5xS9+cRVFlxPkNIne69bqmTdz+WImj8let9YBB6HYg7jpsnOE7CcJ2Jqw9qGJqH5cIFQoNOSWTvd//v7CcXkE0t+eAqAQDYo01y9bcTzow4qRX5RRXx6qNC7KzSDGwtBnUe1A3Z68GmlsZaSpGrGyKQTCBJ/fod+WmbsfbfDZBorJiFrVfA+nU6JfowRkWC5Bt4gg4ArcR7uW6qN7Hg6EcEZf+GPG8Isdg7Bim41JijTedD6GuPvrpxTf7klLLgKcgRjjw4vjAMa1gzl9lYdMCxVrarD61Ex1z2lvmQqvpKDpTlbnXGqbYNUYq86TsN8/PyrxzquYS21j8je8b31IgAUysnOjOVwbtegbCn6EkfisDZdQTv1vJ6Ey1SShV4udk9TT5WRaKKGDELKp94CWFdHsRHClAdCUkltqBRkQHZZC2GOCO1kROiQVbKT5TAhd96uuvAG5U+GH+CokZn7PgTVzLStIxVItueFWV2/oKxpaACEiLNwPQnXAXqqL/ArGkeQN3lWZVRUBpzNKv71vIowRA48+qHt8JqRLKqfFcUzwJaiGRCfn4g7amSvqTGOKGQ/LsZAsdSIt71//wk6zJE8/ZIfSN3rqE6WSu4RC150lJI5MF6teQ0Mz+S+AyBuUw==,iv:zUoqq6FDBMas2fkWNz3zhnM+wvxBGAb2MeI1PRzmw+8=,tag:oAN/GvXfjOYwXP4uXzts4Q==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSd2h2N2RELzkvODM0WE1p
+            c1M3bEQxdDZkZ3Zlcm9uKzFWYklLWWpUYXhvCkN1bXU3YmNrY255RmkwSXFDWmt1
+            dHExaGZRODhKdm1NR2xYV29CeE5vbk0KLS0tIHpBUGVaNUhKaE5UOU1hM3c0akxX
+            ZWRhWnBrY1FBNVQyOU0yVGFXb0QrVnMK26Nc5Bw/jOzuxXcufHcxnugG1bzqO9T8
+            LNIau17zdWX5bfWGDj++ipnm8x1sPswEULal4U2Muc2Iy7GuZPhVyg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-11-20T18:08:09Z"
+    mac: ENC[AES256_GCM,data:ztMF0JW6BZfpXitcdFy6wG8cIvsEGB6jVY25xijONz2qhi0F9Lw4IiJwumfJ+3hFqMJUznI3IoEjhUIR54YNpmzVwn60CJIK0nVw4WrsGDg0728fuZmA4UlLi8Paynksn3ulGjaal9+K9ML266Xmo+12lf/13Q73yA9XsVy3nRk=,iv:suhFmkdB0UprQOpR6BuJZ9K1XHaDBxzTr7ViFNOCENE=,tag:nwYdO/cYPQM2GMNI4d+GEg==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.3
--- a/kubernetes/cluster-0/apps/storage/kopia-kube/config/repository.config
+++ b/kubernetes/cluster-0/apps/storage/kopia-kube/config/repository.config
--- a/kubernetes/cluster-0/apps/storage/kopia-kube/helm-release.yaml
+++ b/kubernetes/cluster-0/apps/storage/kopia-kube/helm-release.yaml
--- a/kubernetes/cluster-0/apps/storage/kopia-kube/kustomization.yaml
+++ b/kubernetes/cluster-0/apps/storage/kopia-kube/kustomization.yaml
--- a/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/config/repository.config
+++ b/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/config/repository.config
@@ -1,20 +0,0 @@
-{
-  "storage": {
-    "type": "filesystem",
-    "config": {
-      "path": "/snapshots",
-      "dirShards": null
-    }
-  },
-  "caching": {
-    "cacheDirectory": "cache",
-    "maxCacheSize": 5242880000,
-    "maxMetadataCacheSize": 5242880000,
-    "maxListCacheDuration": 30
-  },
-  "hostname": "cluster",
-  "username": "root",
-  "description": "Cluster",
-  "enableActions": false,
-  "formatBlobCacheDuration": 900000000000
-}
--- a/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/helm-release.yaml
+++ b/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/helm-release.yaml
@@ -1,109 +0,0 @@
---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: &app kopia-kube
-  namespace: default
-spec:
-  interval: 15m
-  chart:
-    spec:
-      chart: app-template
-      version: 1.0.1
-      sourceRef:
-        kind: HelmRepository
-        name: bjw-s
-        namespace: flux-system
-  install:
-    createNamespace: true
-    remediation:
-      retries: 5
-  upgrade:
-    remediation:
-      retries: 5
-  values:
-    initContainers:
-      wait-for-repo:
-        image: ghcr.io/onedr0p/kopia:0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063
-        command:
-          - /bin/bash
-          - -c
-          - |-
-            until [ -f /snapshots/kopia.repository.f ]; do
-                printf "\e[1;32m%-6s\e[m\n" "Waiting for the Kopia repo to become ready ..."
-                sleep 1
-            done
-        volumeMounts:
-          - name: snapshots
-            mountPath: /snapshots
-    image:
-      repository: ghcr.io/onedr0p/kopia
-      tag: 0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063
-    env:
-      TZ: "${TIMEZONE}"
-      KOPIA_PASSWORD: "none"
-    command: kopia
-    args:
-      - server
-      - --insecure
-      - --address
-      - 0.0.0.0:80
-      - --metrics-listen-addr
-      - 0.0.0.0:8080
-      - --without-password
-      - --log-level
-      - debug
-    service:
-      main:
-        ports:
-          http:
-            port: 80
-          metrics:
-            enabled: true
-            port: 8080
-    serviceMonitor:
-      main:
-        enabled: true
-        endpoints:
-          - port: metrics
-            scheme: http
-            path: /metrics
-            interval: 1m
-            scrapeTimeout: 10s
-    ingress:
-      main:
-        enabled: true
-        ingressClassName: "nginx"
-        hosts:
-          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
-            paths:
-              - path: /
-                pathType: Prefix
-        tls:
-          - hosts:
-              - *host
-    podSecurityContext:
-      supplementalGroups:
-        - 100
-    persistence:
-      config:
-        enabled: true
-        type: configMap
-        name: *app
-        subPath: repository.config
-        mountPath: /config/repository.config
-        readOnly: true
-      snapshots:
-        enabled: true
-        type: nfs
-        server: "${LOCAL_LAN_TRUENAS}"
-        path: /mnt/storage/backups/kubernetes
-        mountPath: /snapshots
-    podAnnotations:
-      configmap.reloader.stakater.com/reload: *app
-    resources:
-      requests:
-        cpu: 10m
-        memory: 100Mi
-      limits:
-        memory: 500Mi
--- a/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/kustomization.yaml
+++ b/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/kustomization.yaml
@@ -1,12 +0,0 @@
---
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - helm-release.yaml
-namespace: default
-configMapGenerator:
-  - name: kopia-kube
-    files:
-      - ./config/repository.config
-generatorOptions:
-  disableNameSuffixHash: true
--- a/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/config/repository.config
+++ b/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/config/repository.config
@@ -1,20 +0,0 @@
-{
-  "storage": {
-    "type": "filesystem",
-    "config": {
-      "path": "/snapshots",
-      "dirShards": null
-    }
-  },
-  "caching": {
-    "cacheDirectory": "cache",
-    "maxCacheSize": 5242880000,
-    "maxMetadataCacheSize": 5242880000,
-    "maxListCacheDuration": 30
-  },
-  "hostname": "cluster",
-  "username": "root",
-  "description": "Cluster",
-  "enableActions": false,
-  "formatBlobCacheDuration": 900000000000
-}
--- a/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/helm-release.yaml
+++ b/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/helm-release.yaml
@@ -1,109 +0,0 @@
---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: &app kopia-workstations
-  namespace: default
-spec:
-  interval: 15m
-  chart:
-    spec:
-      chart: app-template
-      version: 1.0.1
-      sourceRef:
-        kind: HelmRepository
-        name: bjw-s
-        namespace: flux-system
-  install:
-    createNamespace: true
-    remediation:
-      retries: 5
-  upgrade:
-    remediation:
-      retries: 5
-  values:
-    initContainers:
-      wait-for-repo:
-        image: ghcr.io/onedr0p/kopia:0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063
-        command:
-          - /bin/bash
-          - -c
-          - |-
-            until [ -f /snapshots/kopia.repository.f ]; do
-                printf "\e[1;32m%-6s\e[m\n" "Waiting for the Kopia repo to become ready ..."
-                sleep 1
-            done
-        volumeMounts:
-          - name: snapshots
-            mountPath: /snapshots
-    image:
-      repository: ghcr.io/onedr0p/kopia
-      tag: 0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063
-    env:
-      TZ: "${TIMEZONE}"
-      KOPIA_PASSWORD: "none"
-    command: kopia
-    args:
-      - server
-      - --insecure
-      - --address
-      - 0.0.0.0:80
-      - --metrics-listen-addr
-      - 0.0.0.0:8080
-      - --without-password
-      - --log-level
-      - debug
-    service:
-      main:
-        ports:
-          http:
-            port: 80
-          metrics:
-            enabled: true
-            port: 8080
-    serviceMonitor:
-      main:
-        enabled: true
-        endpoints:
-          - port: metrics
-            scheme: http
-            path: /metrics
-            interval: 1m
-            scrapeTimeout: 10s
-    ingress:
-      main:
-        enabled: true
-        ingressClassName: "nginx"
-        hosts:
-          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
-            paths:
-              - path: /
-                pathType: Prefix
-        tls:
-          - hosts:
-              - *host
-    podSecurityContext:
-      supplementalGroups:
-        - 100
-    persistence:
-      config:
-        enabled: true
-        type: configMap
-        name: *app
-        subPath: repository.config
-        mountPath: /config/repository.config
-        readOnly: true
-      snapshots:
-        enabled: true
-        type: nfs
-        server: "${LOCAL_LAN_TRUENAS}"
-        path: /mnt/storage/backups/kopia-workstations
-        mountPath: /snapshots
-    podAnnotations:
-      configmap.reloader.stakater.com/reload: *app
-    resources:
-      requests:
-        cpu: 10m
-        memory: 100Mi
-      limits:
-        memory: 500Mi
--- a/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/kustomization.yaml
+++ b/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/kustomization.yaml
@@ -1,12 +0,0 @@
---
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - helm-release.yaml
-namespace: default
-configMapGenerator:
-  - name: kopia-workstations
-    files:
-      - ./config/repository.config
-generatorOptions:
-  disableNameSuffixHash: true
--- a/kubernetes/cluster-0/apps/storage/kustomization.yaml
+++ b/kubernetes/cluster-0/apps/storage/kustomization.yaml
@@ -2,7 +2,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - kopia
+  - borgserver
+  - kopia-web
  - resilio-sync
  - smartctl-exporter
  - truecommand