apiVersion: batch/v1 kind: CronJob metadata: name: gitea-backup-offsite namespace: git-limbosolutions-com spec: schedule: "0 2 * * *" jobTemplate: spec: backoffLimit: 1 template: spec: restartPolicy: Never initContainers: - name: postgres-export image: postgres:latest command: ["sh", "-c"] args: - | set -e . /root/.gitea-inline-config/database export PGPASSWORD=$PASSWD pg_dump -h gitea-postgresql.git-limbosolutions-com.svc.cluster.local -U $USER -d $NAME > /data/postgresql-export/db_backup.sql volumeMounts: - name: backup-var-data mountPath: /data/postgresql-export subPath: postgresql-export - name: gitea-inline-config mountPath: /root/.gitea-inline-config readOnly: true containers: - name: borg-client image: git.limbosolutions.com/kb/borg-backup:latest imagePullPolicy: Always resources: limits: memory: "512Mi" cpu: "500m" requests: memory: "256Mi" cpu: "250m" env: - name: BORG_REPO valueFrom: secretKeyRef: name: gitea-backup-secret key: borg_repo - name: BORG_PASSPHRASE valueFrom: secretKeyRef: name: gitea-backup-secret key: borg_passphrase - name: BORG_RSH value: ssh -p 2222 -o StrictHostKeyChecking=no -o LogLevel=ERROR - name: REPO_SYNC_MAX_SIZE value: "10737418240" # 10GB command: ["bash", "-c"] args: - | set -e source loadenv SCRIPT_START_TIME=$(date +%s) # while true; do # sleep 5 # done borg create ${BORG_REPO}::postgresql-export-$(date +%Y%m%d%H%M%S) /data/postgresql-export borg create ${BORG_REPO}::gitea-data-$(date +%Y%m%d%H%M%S) /data/gitea-data #cleanup borg prune -v --list --keep-daily=10 --keep-weekly=7 --keep-monthly=-1 ${BORG_REPO} --glob-archives='gitea-data*' borg prune -v --list --keep-daily=10 --keep-weekly=7 --keep-monthly=-1 ${BORG_REPO} --glob-archives='postgresql-export*' borg compact ${BORG_REPO} # check repo size REPO_SIZE_IN_BYTES=$(remote-connect du -b "$SSH_FOLDER" -d 0 | awk '{print $1}') echo "Repository size: $((REPO_SIZE_IN_BYTES / 1024 / 1024))MB" if [ $REPO_SIZE_IN_BYTES -gt $REPO_SYNC_MAX_SIZE ]; then \ echo "ERROR: Repository size $((REPO_SIZE_IN_BYTES / 1024 / 1024))MB exceeds $((REPO_SYNC_MAX_SIZE / 1024 / 1024))MB"; exit 1; else # Repository size is within limits for offsite sync # ssh to backup server and enforce rclone to onedrive remote-connect "rclone sync ~/borg-repos/git.limbosolutions.com mf_onedrive:.backups/git.limbosolutions.com/borg" && \ SCRIPT_DURATION=$(($(date +%s) - SCRIPT_START_TIME)) && \ echo "INFO: Finished Backup of git.limbosolutions.com (offsite) ($((SCRIPT_DURATION / 60 / 60)):$((SCRIPT_DURATION / 60)):$((SCRIPT_DURATION % 60))) " fi #outputs info borg info ${BORG_REPO} #borg info ${BORG_REPO} --json volumeMounts: - name: gitea-data mountPath: /data/gitea-data - name: backup-var-data mountPath: /data/postgresql-export subPath: postgresql-export - name: gitea-backup-secret mountPath: /root/.ssh/id_rsa subPath: ssh_id_rsa readOnly: true - name: gitea-backup-secret mountPath: /app/borg/key subPath: borg_key volumes: - name: gitea-data persistentVolumeClaim: claimName: gitea-shared-storage - name: gitea-inline-config secret: secretName: gitea-inline-config - name: gitea-backup-secret secret: secretName: gitea-backup-secret defaultMode: 0600 - name: backup-var-data emptyDir: {}