diff --git a/cluster/apps/data/bookstack/export-job.yaml b/cluster/apps/data/bookstack/export-job.yaml new file mode 100644 index 000000000..941d7d57a --- /dev/null +++ b/cluster/apps/data/bookstack/export-job.yaml @@ -0,0 +1,66 @@ +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: bookstack-books-export + namespace: data +spec: + schedule: "@daily" + jobTemplate: + spec: + template: + metadata: + name: bookstack-books-export + spec: + serviceAccountName: jobs + imagePullSecrets: + - name: regcred + containers: + - name: gitea-repositories-backup + image: registry.${SECRET_CLUSTER_DOMAIN}/homelab/home-cluster-jobs:1.2.0 + imagePullPolicy: IfNotPresent + command: + - "bin/sh" + - "-ec" + - | + #!/bin/bash + + set -o nounset + set -o errexit + + mkdir -p ~/.ssh + cp /opt/id_rsa ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + + ssh -o StrictHostKeyChecking=no homelab@${LOCAL_LAN_TRUENAS} << 'EOF' + + set -x + + WORK_DIR="/mnt/storage/backups/apps/bookstack" + + SHELVES=$(curl --silent --location --request GET "https://bookstack.${SECRET_CLUSTER_DOMAIN}/api/shelves" --header "Authorization: Token ${SECRET_BOOKSTACK_TOKEN_ID}:${SECRET_BOOKSTACK_TOKEN_SECRET}" | jq --raw-output .data[].id) + + for shelf in $SHELVES + do + shelf_slug=$(curl --silent --location --request GET "https://bookstack.${SECRET_CLUSTER_DOMAIN}/api/shelves/$shelf" --header "Authorization: Token ${SECRET_BOOKSTACK_TOKEN_ID}:${SECRET_BOOKSTACK_TOKEN_SECRET}" | jq --raw-output .slug) + mkdir -p $WORK_DIR/$shelf_slug + BOOKS=$(curl --silent --location --request GET "https://bookstack.${SECRET_CLUSTER_DOMAIN}/api/shelves/$shelf" --header "Authorization: Token ${SECRET_BOOKSTACK_TOKEN_ID}:${SECRET_BOOKSTACK_TOKEN_SECRET}" | jq --raw-output .books[].id) + for book in $BOOKS + do + book_slug=$(curl --silent --location --request GET "https://bookstack.${SECRET_CLUSTER_DOMAIN}/api/books/$book" --header "Authorization: Token ${SECRET_BOOKSTACK_TOKEN_ID}:${SECRET_BOOKSTACK_TOKEN_SECRET}" | jq --raw-output .slug) + echo "INFO: export book $book_slug..." + curl --silent --location --request GET "https://bookstack.${SECRET_CLUSTER_DOMAIN}/api/books/$book/export/html" --header "Authorization: Token ${SECRET_BOOKSTACK_TOKEN_ID}:${SECRET_BOOKSTACK_TOKEN_SECRET}" --output $WORK_DIR/$shelf_slug/$book_slug.html + done + done + EOF + + curl -m 10 --retry 5 http://healthchecks.monitoring.svc.cluster.local:8000/ping/d671a835-0731-448a-b20b-284500e5753a + volumeMounts: + - name: secret + mountPath: /opt/id_rsa + subPath: deployment-rsa-priv-key + volumes: + - name: secret + secret: + secretName: drone-pipelines + restartPolicy: Never diff --git a/cluster/apps/data/bookstack/helm-release.yaml b/cluster/apps/data/bookstack/helm-release.yaml new file mode 100644 index 000000000..52c0f6458 --- /dev/null +++ b/cluster/apps/data/bookstack/helm-release.yaml @@ -0,0 +1,71 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: bookstack + namespace: data +spec: + interval: 5m + chart: + spec: + # renovate: registryUrl=https://k8s-at-home.com/charts/ + chart: bookstack + version: 3.0.0 + sourceRef: + kind: HelmRepository + name: k8s-at-home-charts + namespace: flux-system + interval: 5m + values: + image: + repository: ghcr.io/linuxserver/bookstack + pullPolicy: IfNotPresent + tag: "version-v21.12.5" + + env: + APP_URL: https://bookstack.${SECRET_CLUSTER_DOMAIN}/ + DB_HOST: bookstack-mariadb + DB_DATABASE: bookstack + DB_USERNAME: bookstack + DB_PASSWORD: ${SECRET_BOOKSTACK_DB_PASSWORD} + + persistence: + config: + enabled: true + mountPath: /config + existingClaim: bookstack-config + + mariadb: + enabled: true + image: + repository: bitnami/mariadb + tag: "10.6.5" + auth: + database: bookstack + username: bookstack + password: ${SECRET_BOOKSTACK_DB_PASSWORD} + rootPassword: ${SECRET_BOOKSTACK_DB_ROOT_PASSWORD} + primary: + persistence: + enabled: true + existingClaim: bookstack-db + + service: + main: + annotations: + prometheus.io/probe: "true" + prometheus.io/protocol: http + + ingress: + main: + enabled: true + ingressClassName: "nginx" + hosts: + - host: bookstack.${SECRET_CLUSTER_DOMAIN} + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - "bookstack.${SECRET_CLUSTER_DOMAIN}" + secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}" diff --git a/cluster/apps/data/bookstack/kustomization.yaml b/cluster/apps/data/bookstack/kustomization.yaml new file mode 100644 index 000000000..4979e1d3c --- /dev/null +++ b/cluster/apps/data/bookstack/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - export-job.yaml + - helm-release.yaml + - volumes.yaml diff --git a/cluster/apps/data/bookstack/volumes.yaml b/cluster/apps/data/bookstack/volumes.yaml new file mode 100644 index 000000000..8d5bfbb6b --- /dev/null +++ b/cluster/apps/data/bookstack/volumes.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: bookstack-config + namespace: data + labels: + kasten-io/backup: "true" +spec: + accessModes: + - ReadWriteOnce + storageClassName: rook-ceph-block + resources: + requests: + storage: 5Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: bookstack-db + namespace: data + labels: + kasten-io/backup: "true" +spec: + accessModes: + - ReadWriteOnce + storageClassName: rook-ceph-block + resources: + requests: + storage: 5Gi diff --git a/cluster/apps/data/kustomization.yaml b/cluster/apps/data/kustomization.yaml index 58e384144..616672e98 100644 --- a/cluster/apps/data/kustomization.yaml +++ b/cluster/apps/data/kustomization.yaml @@ -3,6 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespace.yaml + - bookstack - freshrss - hajimari - homer