flux: add backups
This commit is contained in:
Márcio Fernandes
@@ -6,8 +6,6 @@ Using [gitea](https://git.limbosolutions.com/kb/gitea) as git server.
|
||||
|
||||
- [SSO](#sso)
|
||||
- [Deploy](#deploy)
|
||||
- [Continuous Deploy](#continuous-deploy)
|
||||
- [App](#app)
|
||||
- [Backups](#backups)
|
||||
|
||||
## SSO
|
||||
@@ -46,29 +44,6 @@ sops -e deploy/app/helm-values.private.dec.yaml > deploy/app/helm-values.private
|
||||
sops -e deploy/backups/secrets.dec.yaml > deploy/backups/secrets.yaml
|
||||
```
|
||||
|
||||
### Continuous Deploy
|
||||
|
||||
Executes [App Deploy](#app) using [Gitea workflow](./.gitea/workflows/app-continous-deploy.yaml).
|
||||
|
||||
### App
|
||||
|
||||
**Environment files:**
|
||||
|
||||
- ./deploy/backups/cronjobs/.env.d/secrets [Example](./deploy/backups/.env.d/secrets.example)
|
||||
- ./deploy/backups/cronjobs/.env.d/borg_key [Example](./deploy/backups/.env.d/borg_key.example)
|
||||
- ./deploy/backups/cronjobs/.env.d/id_rsa [Example](./deploy/backups/.env.d/id_rsa.example)
|
||||
- ./deploy/app/.env [Example](./deploy/app/.env.example)
|
||||
|
||||
Deploy App
|
||||
|
||||
```bash
|
||||
./ops-scripts/apply-app.sh
|
||||
```
|
||||
|
||||
- [backups-kustomization](/deploy/app/kustomization.yaml)
|
||||
|
||||
|
||||
|
||||
## Backups
|
||||
|
||||
for more information [check readme](./docs/backups.md).
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
APP_HELM_VALUE_VALKEY_GLOBAL_PASSWORD="????"
|
||||
APP_HELM_VALUE_POSTGRESQL_AUTH_POSTGRESPASSWORD="????"
|
||||
APP_HELM_VALUE_POSTGRESQL_AUTH_PASSWORD="????"
|
||||
APP_HELM_VALUE_POSTGRESQL_AUTH_DATABASE="????"
|
||||
APP_HELM_VALUE_POSTGRESQL_AUTH_USERNAME="????"
|
||||
APP_HELM_VALUE_GITEA_ADMIN_USERNAME="????"
|
||||
APP_HELM_VALUE_GITEA_ADMIN_PASSWORD="????"
|
||||
APP_HELM_VALUE_GITEA_ADMIN_EMAIL="????"
|
||||
APP_HELM_VALUE_GITEA_CONFIG_OAUTH2_JWT_SECRET="????"
|
||||
APP_HELM_VALUE_GITEA_CONFIG_SERVER_LFS_JWT_SECRET="????"
|
||||
APP_HELM_VALUE_GITEA_CONFIG_SECURITY_SECRET_KEY="????"
|
||||
APP_HELM_VALUE_GITEA_CONFIG_SECURITY_REVERSE_PROXY_TRUSTED_PROXIES="????"
|
||||
APP_HELM_VALUE_GITEA_CONFIG_SECURITY_INTERNAL_TOKEN="????"
|
||||
APP_HELM_VALUE_GITEA_CONFIG_SECURITY_PASSWORD_HASH_ALGO="????"
|
||||
APP_HELM_VALUE_GITEA_CONFIG_SERVICE_OAUTH2_JWT_SECRET="????"
|
||||
@@ -1,3 +0,0 @@
|
||||
**
|
||||
!.gitignore
|
||||
!*.example
|
||||
@@ -1 +0,0 @@
|
||||
BORG_KEY an valid borg key
|
||||
@@ -1,3 +0,0 @@
|
||||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
AND VALID PRIVATE SSH KEY WITH ACCESS TO SSH SERVER
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
@@ -1,7 +0,0 @@
|
||||
PBS_REPOSITORY=xxx@pbs@server_address:collection
|
||||
PBS_PASSWORD=pbs access password
|
||||
PBS_FINGERPRINT=00:00:00:00:00 # pbs server fingerprint
|
||||
BORG_REPO="ssh://user@server/path" # required by offsite backup
|
||||
BORG_PASSPHRASE="borg passphrase" # required by offsite backup
|
||||
OFFSITE_TARGET_FOLDER="test:target_path" # follow rclone naming convention
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: vaultwarden-app
|
||||
name: backups
|
||||
namespace: vault-limbosolutions-com
|
||||
spec:
|
||||
interval: 1m
|
||||
|
||||
@@ -4,6 +4,7 @@ resources:
|
||||
- git-repo.yaml
|
||||
- infra-sync.yaml
|
||||
- gitea-sync.yaml
|
||||
- backups-sync.yaml
|
||||
secretGenerator:
|
||||
- name: flux-repo-ssh-credentials
|
||||
files:
|
||||
|
||||
@@ -1,40 +0,0 @@
|
||||
#/bin/bash
|
||||
|
||||
# load environment variables from file
|
||||
|
||||
if [ -f "deploy/app/.env.d/.env" ]; then
|
||||
# Export all variables from the file
|
||||
echo "export variables from file deploy/app/.env.d/.env"
|
||||
set -a
|
||||
. deploy/app/.env.d/.env
|
||||
set +a
|
||||
fi
|
||||
|
||||
if [ -n "${APP_HELM_VALUE_GITEA_ADMIN_USERNAME:-}" ]; then
|
||||
|
||||
echo "Executing helm deploy."
|
||||
|
||||
helm repo add gitea-charts https://dl.gitea.com/charts/ --force-update
|
||||
|
||||
helm upgrade --install gitea gitea-charts/gitea --version 12.5.3 \
|
||||
--values deploy/app/helm-values.yaml \
|
||||
--set valkey.global.valkey.password=${APP_HELM_VALUE_VALKEY_GLOBAL_PASSWORD} \
|
||||
--set postgresql.global.postgresql.auth.postgresPassword=${APP_HELM_VALUE_POSTGRESQL_AUTH_POSTGRESPASSWORD} \
|
||||
--set postgresql.global.postgresql.auth.password=${APP_HELM_VALUE_POSTGRESQL_AUTH_PASSWORD} \
|
||||
--set postgresql.global.postgresql.auth.database=${APP_HELM_VALUE_POSTGRESQL_AUTH_DATABASE} \
|
||||
--set postgresql.global.postgresql.auth.username=${APP_HELM_VALUE_POSTGRESQL_AUTH_USERNAME} \
|
||||
--set gitea.admin.username=${APP_HELM_VALUE_GITEA_ADMIN_USERNAME} \
|
||||
--set gitea.admin.password=${APP_HELM_VALUE_GITEA_ADMIN_PASSWORD} \
|
||||
--set gitea.admin.email=${APP_HELM_VALUE_GITEA_ADMIN_EMAIL} \
|
||||
--set gitea.config.oauth2.JWT_SECRET=${APP_HELM_VALUE_GITEA_CONFIG_OAUTH2_JWT_SECRET} \
|
||||
--set gitea.config.server.LFS_JWT_SECRET=${APP_HELM_VALUE_GITEA_CONFIG_SERVER_LFS_JWT_SECRET} \
|
||||
--set gitea.config.security.SECRET_KEY=${APP_HELM_VALUE_GITEA_CONFIG_SECURITY_SECRET_KEY} \
|
||||
--set gitea.config.security.REVERSE_PROXY_TRUSTED_PROXIES=${APP_HELM_VALUE_GITEA_CONFIG_SECURITY_REVERSE_PROXY_TRUSTED_PROXIES} \
|
||||
--set gitea.config.security.INTERNAL_TOKEN=${APP_HELM_VALUE_GITEA_CONFIG_SECURITY_INTERNAL_TOKEN} \
|
||||
--set gitea.config.security.PASSWORD_HASH_ALGO=${APP_HELM_VALUE_GITEA_CONFIG_SECURITY_PASSWORD_HASH_ALGO} \
|
||||
--set gitea.config.service.oauth2.JWT_SECRET=${APP_HELM_VALUE_GITEA_CONFIG_SERVICE_OAUTH2_JWT_SECRET} \
|
||||
--namespace=git-limbosolutions-com
|
||||
|
||||
echo "executing deploy of backups jobs."
|
||||
kubectl kustomize deploy/backups | kubectl -n git-limbosolutions-com apply -f -
|
||||
fi
|
||||
Reference in New Issue
Block a user