shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: update gitea backup job

Browse Source
This commit is contained in:
auricom
2021-07-27 11:25:17 +02:00
parent 4f22a957ec
commit e2cc8d5546
2 changed files with 169 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
cluster/apps/development/gitea/backup-job.yaml
View File

@@ -23,27 +23,55 @@ spec:
- "bin/sh"
- "-ec"
- |
#!/bin/sh
#!/bin/bash
set -o nounset
set -o errexit
kubectl exec gitea-0 --container gitea --namespace development -- bash -c "\
cd /data/git/gitea-repositories && \
tar cvf /tmp/gitea-repositories-$(date +%Y%m%d).tar ./"
kubectl cp gitea-0:/tmp/gitea-repositories-$(date +%Y%m%d).tar /tmp/gitea-repositories-$(date +%Y%m%d).tar --container gitea --namespace development
zstd --rm /tmp/gitea-repositories-$(date +%Y%m%d).tar
mkdir -p ~/.ssh
cp /opt/id_rsa ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
scp -o StrictHostKeyChecking=no /tmp/gitea-repositories-$(date +%Y%m%d).tar.zst homelab@truenas:/mnt/storage/backups/gitea/
rm /tmp/gitea-repositories-$(date +%Y%m%d).tar.zst
kubectl exec gitea-0 --container gitea --namespace development -- bash -c "rm /tmp/gitea-repositories-$(date +%Y%m%d).tar"
ssh -o StrictHostKeyChecking=no homelab@truenas -C "find /mnt/storage/backups/gitea/*.tar.zst -mtime +5 -type f -delete"
ssh -o StrictHostKeyChecking=no homelab@truenas << 'EOF'
WORK_DIR="/mnt/storage/backups/gitea"
ORGANISATIONS=$(curl --silent --location --request GET "https://gitea.${SECRET_CLUSTER_DOMAIN}/api/v1/orgs" --header "Authorization: Bearer ${SECRET_GITEA_API_TOKEN}" | jq --raw-output .[].username)
ORGANISATIONS+=" auricom"
for org in $ORGANISATIONS
do
mkdir -p $WORK_DIR/$org
if [ $org == "auricom" ]; then
keyword="users"
else
keyword="orgs"
fi
REPOSITORIES=$(curl --silent --location --request GET "https://gitea.${SECRET_CLUSTER_DOMAIN}/api/v1/$keyword/$org/repos?limit=1000" --header "Authorization: Bearer ${SECRET_GITEA_API_TOKEN}" | jq --raw-output .[].name)
for repo in $REPOSITORIES
do
if [ -d "$WORK_DIR/$org/$rep" ]; then
echo "INFO: pull $org/$repo..."
cd $WORK_DIR/$org/$repo
git reset --hard HEAD
git pull
test $? -ne 0 && exit 1
echo "INFO: clean $org/$repo..."
git fetch --prune
for branch in $(git branch -vv | grep ': gone]' | awk '{print $1}')
do
git branch -D $branch
done
else
echo "INFO: clone $org/$repo..."
cd $WORK_DIR/$org
git clone git@gitea.${SECRET_CLUSTER_DOMAIN_ROOT}:$org/$repo.git
test $? -ne 0 && exit 1
fi
done
done
echo "INFO: Backup done"
EOF
curl -m 10 --retry 5 http://healthchecks.monitoring.svc.cluster.local.:8000/ping/f7ff2516-e3b5-41ae-b77f-a9dc09005422
volumeMounts:

7
cluster/base-custom/secrets/cluster-secrets.yaml
View File

@@ -39,6 +39,7 @@ stringData:
SECRET_EMQX_ADMIN_PASSWORD: ENC[AES256_GCM,data:b0/u6/1y876hIoSfC8yZ1+Gi1A260sVW,iv:WN9hOX+S4fR9tAQlUnzmwjcwEthPL/dTk9vLD/K4nns=,tag:O3fBty7qDl2cO+L9viQ2YA==,type:str]
SECRET_GITEA_ADMIN_EMAIL: ENC[AES256_GCM,data:zAjKU2CZ2m4VpPg6R63LbCiEP9+j,iv:Oq9LzxojK1r5MTXCqa1KAyj0RyKsROhZqyM6I+V5f+8=,tag:h+BsjDLI3yHv+Uj6yyGMGA==,type:str]
SECRET_GITEA_ADMIN_PASSWORD: ENC[AES256_GCM,data:jaK0aOfEI0+bRLfgACg=,iv:aesMs89p3vFNJ8fgU9R+wrPXAE39W+g3Qm5NdpJyKzE=,tag:eN01mNN5lVMxra0F0UyooA==,type:str]
SECRET_GITEA_API_TOKEN: ENC[AES256_GCM,data:jJTYM2FZKJxG3GBnwCCo3ZGLk6hQ29/AJMhidXgkNkFaALWYN79tYA==,iv:Jn+Z9xD7Mvn9MJ4T5GDEMXjNnxyor93vO9wpenuaaLc=,tag:3RgkpunMwXVSi9iP2tudNw==,type:str]
SECRET_GITEA_DB_PASSWORD: ENC[AES256_GCM,data:+aqidk0Z2PiPwN09Ckc=,iv:AlFT8G1vMVW7h3CY0CkBD66ntS0NFNf96FLuBrkUkwI=,tag:fC1iqr/CKaGf9H2HcHOVSA==,type:str]
SECRET_HASS_DB_URL: ENC[AES256_GCM,data:qr821aPZG0T3HHO+V3Gkgqg9ZiRBVHz2YVtGg7wBGFFrbYUjxp+EWY2+KEjIevWvhXZPjIYZfJQkD5dQ5rdq7RMJpcHTP1sjqbrx7lL9bw==,iv:jtjLYgcyP1N80EQafy4df0jdfQyQ/iMqVLJc/LJAK/g=,tag:pVmzgdhui0hfPCHG/wijRg==,type:str]
SECRET_HASS_LATITUDE: ENC[AES256_GCM,data:ik+tndAS+JtYhQbddiWvkZc=,iv:mEuA19JFIHaJvQe5CWXS7krxIPYjcw+qh7gQJGaOTlQ=,tag:/u/QPonVyG8yqh01cIUr+A==,type:str]
@@ -58,7 +59,7 @@ stringData:
SECRET_LYCHEE_DB_PASSWORD: ENC[AES256_GCM,data:qmYKRlqo+Pm5ug+TuEU=,iv:OPGmszHF4qtJ9Pz0mtxwa6IOKu14OZmOELgaFacpbog=,tag:gxaqfwAporp6lfoh5zcD0A==,type:str]
SECRET_MINIO_ACCESS_KEY: ENC[AES256_GCM,data:QHq4tb8=,iv:OP7QThklBqHxAYvdnVRBUOoj5RDvFmbQRl8HNK+ACSw=,tag:4xWWSCQfAVg8HZ232YnHbQ==,type:str]
SECRET_MINIO_SECRET_KEY: ENC[AES256_GCM,data:BPaiA5Y37VeV1aEjrdxI/ujhwt4=,iv:6bEYn4z5dAPMln8RDMsKaA6SVB48WhohIgUfai3AsUg=,tag:wBoefzlDxIygHAWCHma9Rw==,type:str]
SECRET_MINIO_ENDPOINT: ENC[AES256_GCM,data:XKihtaLPV50ScBfV+2pdSeLbNZqf3KHL,iv:m2CYn9let+IpuD/xLieRHZ8ld2NJ7QoICOyDPxG5dMQ=,tag:makEf1Yh9Y8KtRBP5gaK2Q==,type:str]
SECRET_MINIO_ENDPOINT: ENC[AES256_GCM,data:oyGmjbL1AMQsYPjHWjiiChTt1RSD0BV66A==,iv:vmDBNKtQKo4BSvk196jAg0CkrIrF9gsfWU+erFPXpZM=,tag:IgqCl16vDbOIy0irhVTwkw==,type:str]
SECRET_MQTT_USERNAME: ENC[AES256_GCM,data:Sw3dg2LQgNWZ6wJN/A==,iv:PSjlmpDdMekx2PahJbcpOgeecE7/rJqufOeCSvItVjo=,tag:RUeWs45akbTHKlRAcHgI/A==,type:str]
SECRET_MQTT_PASSWORD: ENC[AES256_GCM,data:Q+jlj+0z4BymdWnwScQg5E6urg==,iv:uztQpYBn4vEuKS7+jFB/ZPq3itl7pwQn3tON4cz1E90=,tag:CISfAZBUgzUSvJPOm6G3GQ==,type:str]
SECRET_PGADMIN_EMAIL: ENC[AES256_GCM,data:QXuCKeIR095bH+GfdnhXAodyqYUBuQ==,iv:9j+xs+3CkOXRcFyt18eBppCFGxNRR14ykaF1SWpt630=,tag:8sFXWDBDZjm2fA7TR+ZD1A==,type:str]
@@ -87,8 +88,8 @@ sops:
azure_kv: []
hc_vault: []
age: []
lastmodified: "2021-07-17T21:14:35Z"
mac: ENC[AES256_GCM,data:odjjxE0GdDu6Sv+EYmfjC+LUGzrIMExoc5saj0rVVPiksEGtyWUpwJU6vcqPMHAEbMsqK7aB8mZ1A8/MRda/WyrbDPxnF9bBCoJ+TDetJayOkbPgJzq7uHpXybi5wysedxrd9ijT2auI6G+gzNntjritg3OU05GlC2KxiJ6xMXA=,iv:6jqdPlXjIwCLoaExIt/rrnJ0SbnWoBGOYnX0lPsTHfE=,tag:MPvJQcE8GSWIC/8ckuV/nQ==,type:str]
lastmodified: "2021-07-27T08:52:35Z"
mac: ENC[AES256_GCM,data:wEB0cjZN5def3YJkJMDiQk3yWCuYBQV8ahA5oIn3UKSQPSOeyeXdXr1FPIZojPi4J/EueZSE5YNhVydeQ8GYgT+uc8N6sVl9ysrpNwSnpEHjkR266lZiST5t3k8BPEb80jQ4OjLK8ZzTvdLY5bc3eYRVpStlhqGihx7Qjv9j+/8=,iv:QqHKL4DRUnKHUIlZR5M7A0GXG9HT1JocfkUIlFHYFnM=,tag:6bvjVJFyhoZUTWs4FSnQ+A==,type:str]
pgp:
- created_at: "2021-07-17T21:14:34Z"
enc: |