apiVersion: batch/v1
kind: CronJob
metadata:
  name: gitea-backup-offsite
  namespace: git-limbosolutions-com
spec:
  schedule: "0 2 * * *"
  jobTemplate:
    spec:
      backoffLimit: 1
      template:
        spec:
          restartPolicy: Never
          initContainers:
            - name: postgres-export
              image: postgres:latest
              command: ["sh", "-c"]
              args:
                - |
                  #echo "INFO: Starting export"
                  . /root/.gitea-inline-config/database
                  export PGPASSWORD=$PASSWD
                  #echo "INFO: Exporting database"
                  pg_dump -h gitea-postgresql.git-limbosolutions-com.svc.cluster.local -U $USER -d $NAME > /data/postgresql-export/db_backup.sql
                  if [ $? -ne 0 ]; then
                    echo "ERROR: Exporting database failed"
                    exit 1
                  fi 
                  #echo "INFO: Exporting database finished"

              volumeMounts:
                
              - name: backup-var-data
                mountPath: /data/postgresql-export
                subPath: postgresql-export

              - name: gitea-inline-config
                mountPath: /root/.gitea-inline-config
                readOnly: true

          containers:
            - name: borg-client
              image: git.limbosolutions.com/kb/borg-backup:latest
              resources:
                limits:
                  memory: "512Mi"
                  cpu: "500m"
                requests:
                  memory: "256Mi"
                  cpu: "250m"
              env:
                - name: BORG_REPO
                  valueFrom:
                    secretKeyRef:
                      name: gitea-backup-secret
                      key: BORG_REPO

                - name: BORG_PASSPHRASE
                  valueFrom:
                    secretKeyRef:
                      name: gitea-backup-secret
                      key: BORG_PASSPHRASE

                - name: BORG_RSH
                  value: ssh -o StrictHostKeyChecking=no -o LogLevel=ERROR

                - name: BORG_KEY_FILE
                  value: /root/.borg/key

              command: ["sh", "-c"]
              args:
              - |
               
                borg create ${BORG_REPO}::"postgresql-export-$(date +%Y-%m-%d_%H:%M:%S)" /data/postgresql-export
                if [ $? -ne 0 ]; then
                echo "ERROR: Borg backup failed"
                exit 1
                fi

                borg create ${BORG_REPO}::"gitea-data-$(date +%Y-%m-%d_%H:%M:%S)" /data/gitea-data
                if [ $? -ne 0 ]; then
                echo "ERROR: Borg backup failed"
                exit 1
                fi

                ${BORG_RSH} mf@backupsrv01.dev.lan \
                "rclone sync ~/borg-repos/git.limbosolutions.com mf.onedrive:.backups/git.limbosolutions.com/borg" &&
                echo "INFO: Backup git.limbosolutions.com (offsite) finished"

              volumeMounts:
                - name: gitea-data
                  mountPath: /data/gitea-data

                - name: backup-var-data
                  mountPath: /data/postgresql-export
                  subPath: postgresql-export
              
                - name: gitea-backup-secret
                  mountPath: /root/.borg/key
                  subPath: BORG_KEY_FILE

                - name: gitea-backup-secret
                  mountPath: /root/.ssh/id_rsa
                  subPath: SSH_ID_RSA


          volumes:
            - name: gitea-data
              persistentVolumeClaim:
                claimName: gitea-shared-storage

            - name: gitea-inline-config
              secret:
                secretName: gitea-inline-config
            
            - name: gitea-backup-secret
              secret:
                secretName: gitea-backup-secret
                defaultMode: 0600

            - name: backup-var-data
              emptyDir: {}