feat: add gitea repositories backup

cluster/apps/development/gitea/backup-job.yaml

@@ -0,0 +1,61 @@
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: gitea-repositories-backup
+  namespace: development
+spec:
+  schedule: "@daily"
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          name: gitea-repositories-backup
+        spec:
+          imagePullSecrets:
+            - name: regcred
+          containers:
+            - name: gitea-repositories-backup
+              image: registry.${SECRET_CLUSTER_DOMAIN}/homelab/home-cluster-jobs:1.1.0
+              imagePullPolicy: IfNotPresent
+              command:
+                - "bin/sh"
+                - "-ec"
+                - |
+                  #!/bin/sh
+
+                  set -o nounset
+                  set -o errexit
+
+                  FLAG=false
+                  DATE=`date +%Y%m%d`
+                  ARCHIVE_NAME=gitea-repositories-${DATE}.tar
+                  BACKUP_PATH=/mnt/storage/backups/gitea
+
+                  kubectl exec gitea-0 --namespace development -- bash -c "\
+                    cd /data/git/gitea-repositories && \
+                    tar cvf /tmp/${ARCHIVE_NAME} ./"
+
+                  kubectl cp gitea-0:/tmp/${ARCHIVE_NAME} /tmp/${ARCHIVE_NAME} --container gitea --namespace development
+
+                  zstd --rm /tmp/${ARCHIVE_NAME}
+
+                  echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
+                  cp /opt/id_rsa ~/.ssh/id_rsa
+                  chmod 600 ~/.ssh/id_rsa
+                  scp /tmp/${ARCHIVE_NAME}.zst homelab@truenas:${BACKUP_PATH}/
+
+                  rm /tmp/${ARCHIVE_NAME}.zst
+                  kubectl exec gitea-0 --container gitea --namespace development -- bash -c "rm /tmp/${ARCHIVE_NAME}"
+                  ssh homelab@truenas -C "find ${BACKUP_PATH}/*.tar.zst -mtime +5 -type f -delete"
+
+                  curl -m 10 --retry 5 http://healthchecks.monitoring.svc.cluster.local:8000/ping/f7ff2516-e3b5-41ae-b77f-a9dc09005422
+              volumeMounts:
+                - name: secret
+                  mountPath: /opt/id_rsa
+                  subPath: deployment-rsa-priv-key
+          volumes:
+            - name: secret
+              secret:
+                secretName: drone-pipelines
+          restartPolicy: Never

cluster/apps/development/gitea/kustomization.yaml

@@ -1,5 +1,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+  - backup-job
   - helm-release.yaml
   - volume.yaml

cluster/apps/development/jobs/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - serviceaccount.yaml

cluster/apps/development/jobs/serviceaccount.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: jobs
+  namespace: development
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: jobs-edit
+  namespace: development
+subjects:
+  - kind: ServiceAccount
+    name: jobs
+roleRef:
+  kind: ClusterRole
+  name: edit
+  apiGroup: rbac.authorization.k8s.io

cluster/apps/development/kustomization.yaml

@@ -5,3 +5,4 @@ resources:
   - drone
   - drone-runner-kube
   - gitea
+  - jobs