apiVersion: batch/v1 kind: CronJob metadata: name: gitea-backup-offsite namespace: git-limbosolutions-com spec: schedule: "0 2 * * *" jobTemplate: spec: backoffLimit: 1 template: spec: restartPolicy: Never initContainers: - name: postgres-export image: postgres:latest command: ["sh", "-c"] args: - | set -e . /root/.gitea-inline-config/database export PGPASSWORD=$PASSWD pg_dump -h gitea-postgresql.git-limbosolutions-com.svc.cluster.local -U $USER -d $NAME > /data/postgresql-export/db_backup.sql volumeMounts: - name: backup-var-data mountPath: /data/postgresql-export subPath: postgresql-export - name: gitea-inline-config mountPath: /root/.gitea-inline-config readOnly: true containers: - name: borg-client image: git.limbosolutions.com/kb/borg-backup:latest resources: limits: memory: "512Mi" cpu: "500m" requests: memory: "256Mi" cpu: "250m" env: - name: BORG_REPO valueFrom: secretKeyRef: name: gitea-backup-secret key: BORG_REPO - name: BORG_PASSPHRASE valueFrom: secretKeyRef: name: gitea-backup-secret key: BORG_PASSPHRASE - name: BORG_RSH value: ssh -o StrictHostKeyChecking=no -o LogLevel=ERROR - name: REPO_SYNC_MAX_SIZE value: "6442450944" # 6GB - name: BORG_KEY_FILE value: /root/.borg/key command: ["sh", "-c"] args: - | set -e SCRIPT_START_TIME=$(date +%s) # while true; do # sleep 5 # done borg create ${BORG_REPO}::postgresql-export-$(date +%Y%m%d%H%M%S) /data/postgresql-export borg create ${BORG_REPO}::gitea-data-$(date +%Y%m%d%H%M%S) /data/gitea-data #cleanup borg prune -v --list --keep-daily=10 --keep-weekly=7 --keep-monthly=-1 ${BORG_REPO} --glob-archives='gitea-data*' borg prune -v --list --keep-daily=10 --keep-weekly=7 --keep-monthly=-1 ${BORG_REPO} --glob-archives='postgresql-export*' borg compact ${BORG_REPO} # check repo size REPO_SIZE_IN_BYTES=$(${BORG_RSH} mf@backupsrv01.dev.lan -p 2222 "du -b ~/borg-repos/git.limbosolutions.com -d 0 | cut -f1 ") echo "Repository size: $((REPO_SIZE_IN_BYTES / 1024 / 1024)) MB" if [ $REPO_SIZE_IN_BYTES -gt $REPO_SYNC_MAX_SIZE ]; then \ echo "ERROR: Repository size exceeds $REPO_SYNC_MAX_SIZE"; exit 1; else # Repository size is within limits for offsite sync # ssh to backup server and enforce rclone to onedrive ${BORG_RSH} mf@backupsrv01.dev.lan -p 2222 \ "rclone sync ~/borg-repos/git.limbosolutions.com mf_onedrive:.backups/git.limbosolutions.com/borg" && \ SCRIPT_DURATION=$(($(date +%s) - SCRIPT_START_TIME)) && \ echo "INFO: Finished Backup of git.limbosolutions.com (offsite) ($((SCRIPT_DURATION / 60 / 60)):$((SCRIPT_DURATION / 60)):$((SCRIPT_DURATION % 60))) " fi #outputs info borg info ${BORG_REPO} #borg info ${BORG_REPO} --json volumeMounts: - name: gitea-data mountPath: /data/gitea-data - name: backup-var-data mountPath: /data/postgresql-export subPath: postgresql-export - name: gitea-backup-secret mountPath: /root/.borg/key subPath: BORG_KEY_FILE - name: gitea-backup-secret mountPath: /root/.ssh/id_rsa subPath: SSH_ID_RSA volumes: - name: gitea-data persistentVolumeClaim: claimName: gitea-shared-storage - name: gitea-inline-config secret: secretName: gitea-inline-config - name: gitea-backup-secret secret: secretName: gitea-backup-secret defaultMode: 0600 - name: backup-var-data emptyDir: {}