limbosolutions.com/git.limbosolutions.com
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

flux: add backups

Browse Source
This commit is contained in:
Márcio Fernandes
2026-06-04 20:16:41 +00:00
parent d694f9473f
commit 6b16d05015
9 changed files with 2 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
-25
View File
@@ -6,8 +6,6 @@ Using [gitea](https://git.limbosolutions.com/kb/gitea) as git server.
- [SSO](#sso) - [SSO](#sso)
- [Deploy](#deploy) - [Deploy](#deploy)
- [Continuous Deploy](#continuous-deploy)
- [App](#app)
- [Backups](#backups) - [Backups](#backups)
## SSO ## SSO
@@ -46,29 +44,6 @@ sops -e deploy/app/helm-values.private.dec.yaml > deploy/app/helm-values.private
sops -e deploy/backups/secrets.dec.yaml > deploy/backups/secrets.yaml sops -e deploy/backups/secrets.dec.yaml > deploy/backups/secrets.yaml
``` ```
### Continuous Deploy
Executes [App Deploy](#app) using [Gitea workflow](./.gitea/workflows/app-continous-deploy.yaml).
### App
**Environment files:**
- ./deploy/backups/cronjobs/.env.d/secrets [Example](./deploy/backups/.env.d/secrets.example)
- ./deploy/backups/cronjobs/.env.d/borg_key [Example](./deploy/backups/.env.d/borg_key.example)
- ./deploy/backups/cronjobs/.env.d/id_rsa [Example](./deploy/backups/.env.d/id_rsa.example)
- ./deploy/app/.env [Example](./deploy/app/.env.example)
Deploy App
```bash
./ops-scripts/apply-app.sh
```
- [backups-kustomization](/deploy/app/kustomization.yaml)
## Backups ## Backups
for more information [check readme](./docs/backups.md). for more information [check readme](./docs/backups.md).
deploy/app/.env.d/.env.example
-15
View File
@@ -1,15 +0,0 @@
APP_HELM_VALUE_VALKEY_GLOBAL_PASSWORD="????"
APP_HELM_VALUE_POSTGRESQL_AUTH_POSTGRESPASSWORD="????"
APP_HELM_VALUE_POSTGRESQL_AUTH_PASSWORD="????"
APP_HELM_VALUE_POSTGRESQL_AUTH_DATABASE="????"
APP_HELM_VALUE_POSTGRESQL_AUTH_USERNAME="????"
APP_HELM_VALUE_GITEA_ADMIN_USERNAME="????"
APP_HELM_VALUE_GITEA_ADMIN_PASSWORD="????"
APP_HELM_VALUE_GITEA_ADMIN_EMAIL="????"
APP_HELM_VALUE_GITEA_CONFIG_OAUTH2_JWT_SECRET="????"
APP_HELM_VALUE_GITEA_CONFIG_SERVER_LFS_JWT_SECRET="????"
APP_HELM_VALUE_GITEA_CONFIG_SECURITY_SECRET_KEY="????"
APP_HELM_VALUE_GITEA_CONFIG_SECURITY_REVERSE_PROXY_TRUSTED_PROXIES="????"
APP_HELM_VALUE_GITEA_CONFIG_SECURITY_INTERNAL_TOKEN="????"
APP_HELM_VALUE_GITEA_CONFIG_SECURITY_PASSWORD_HASH_ALGO="????"
APP_HELM_VALUE_GITEA_CONFIG_SERVICE_OAUTH2_JWT_SECRET="????"
deploy/backups/.env.d/.gitignore
-3
View File
@@ -1,3 +0,0 @@
**
!.gitignore
!*.example
deploy/backups/.env.d/borg_key.example
-1
View File
@@ -1 +0,0 @@
BORG_KEY an valid borg key
deploy/backups/.env.d/id_rsa.example
-3
View File
@@ -1,3 +0,0 @@
-----BEGIN OPENSSH PRIVATE KEY-----
AND VALID PRIVATE SSH KEY WITH ACCESS TO SSH SERVER
-----END OPENSSH PRIVATE KEY-----
deploy/backups/.env.d/secrets.example
-7
View File
@@ -1,7 +0,0 @@
PBS_REPOSITORY=xxx@pbs@server_address:collection
PBS_PASSWORD=pbs access password
PBS_FINGERPRINT=00:00:00:00:00 # pbs server fingerprint
BORG_REPO="ssh://user@server/path" # required by offsite backup
BORG_PASSPHRASE="borg passphrase" # required by offsite backup
OFFSITE_TARGET_FOLDER="test:target_path" # follow rclone naming convention
deploy/flux/backups-sync.yaml
+1 -1
View File
@@ -1,7 +1,7 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata: metadata:
name: vaultwarden-app name: backups
namespace: vault-limbosolutions-com namespace: vault-limbosolutions-com
spec: spec:
interval: 1m interval: 1m
deploy/flux/kustomization.yaml
+1
View File
@@ -4,6 +4,7 @@ resources:
- git-repo.yaml - git-repo.yaml
- infra-sync.yaml - infra-sync.yaml
- gitea-sync.yaml - gitea-sync.yaml
- backups-sync.yaml
secretGenerator: secretGenerator:
- name: flux-repo-ssh-credentials - name: flux-repo-ssh-credentials
files: files:
ops-scripts/apply-app.sh
-40
View File
@@ -1,40 +0,0 @@
#/bin/bash
# load environment variables from file
if [ -f "deploy/app/.env.d/.env" ]; then
# Export all variables from the file
echo "export variables from file deploy/app/.env.d/.env"
set -a
. deploy/app/.env.d/.env
set +a
fi
if [ -n "${APP_HELM_VALUE_GITEA_ADMIN_USERNAME:-}" ]; then
echo "Executing helm deploy."
helm repo add gitea-charts https://dl.gitea.com/charts/ --force-update
helm upgrade --install gitea gitea-charts/gitea --version 12.5.3 \
--values deploy/app/helm-values.yaml \
--set valkey.global.valkey.password=${APP_HELM_VALUE_VALKEY_GLOBAL_PASSWORD} \
--set postgresql.global.postgresql.auth.postgresPassword=${APP_HELM_VALUE_POSTGRESQL_AUTH_POSTGRESPASSWORD} \
--set postgresql.global.postgresql.auth.password=${APP_HELM_VALUE_POSTGRESQL_AUTH_PASSWORD} \
--set postgresql.global.postgresql.auth.database=${APP_HELM_VALUE_POSTGRESQL_AUTH_DATABASE} \
--set postgresql.global.postgresql.auth.username=${APP_HELM_VALUE_POSTGRESQL_AUTH_USERNAME} \
--set gitea.admin.username=${APP_HELM_VALUE_GITEA_ADMIN_USERNAME} \
--set gitea.admin.password=${APP_HELM_VALUE_GITEA_ADMIN_PASSWORD} \
--set gitea.admin.email=${APP_HELM_VALUE_GITEA_ADMIN_EMAIL} \
--set gitea.config.oauth2.JWT_SECRET=${APP_HELM_VALUE_GITEA_CONFIG_OAUTH2_JWT_SECRET} \
--set gitea.config.server.LFS_JWT_SECRET=${APP_HELM_VALUE_GITEA_CONFIG_SERVER_LFS_JWT_SECRET} \
--set gitea.config.security.SECRET_KEY=${APP_HELM_VALUE_GITEA_CONFIG_SECURITY_SECRET_KEY} \
--set gitea.config.security.REVERSE_PROXY_TRUSTED_PROXIES=${APP_HELM_VALUE_GITEA_CONFIG_SECURITY_REVERSE_PROXY_TRUSTED_PROXIES} \
--set gitea.config.security.INTERNAL_TOKEN=${APP_HELM_VALUE_GITEA_CONFIG_SECURITY_INTERNAL_TOKEN} \
--set gitea.config.security.PASSWORD_HASH_ALGO=${APP_HELM_VALUE_GITEA_CONFIG_SECURITY_PASSWORD_HASH_ALGO} \
--set gitea.config.service.oauth2.JWT_SECRET=${APP_HELM_VALUE_GITEA_CONFIG_SERVICE_OAUTH2_JWT_SECRET} \
--namespace=git-limbosolutions-com
echo "executing deploy of backups jobs."
kubectl kustomize deploy/backups | kubectl -n git-limbosolutions-com apply -f -
fi