diff --git a/aws_infra/main.tf b/aws_infra/main.tf index 5dea194..0f1b428 100644 --- a/aws_infra/main.tf +++ b/aws_infra/main.tf @@ -3,5 +3,14 @@ module "forgejo_backup" { source = "./modules/forgejo_backup" - bucket_name = "juntekim-forgejo-backup" + bucket_name = "juntekim-git-backup" +} + +output "forgejo_backup_access_key_id" { + value = module.forgejo_backup.iam_access_key_id +} + +output "forgejo_backup_secret_access_key" { + value = module.forgejo_backup.iam_secret_access_key + sensitive = true } diff --git a/aws_infra/provider.tf b/aws_infra/provider.tf index 888cc06..64c6295 100644 --- a/aws_infra/provider.tf +++ b/aws_infra/provider.tf @@ -17,5 +17,6 @@ terraform { } provider "aws" { - region = var.aws_region + region = var.aws_region + profile = "personal" } diff --git a/forgejo/forgejo-backup-secret.yaml b/forgejo/forgejo-backup-secret.yaml new file mode 100644 index 0000000..b446dca --- /dev/null +++ b/forgejo/forgejo-backup-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: forgejo-backup-secret + namespace: default +type: Opaque +stringData: + AWS_ACCESS_KEY_ID: AKIAQL67W6HIV6WTECSQ + AWS_SECRET_ACCESS_KEY: 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 diff --git a/forgejo/forgejo-storage.yaml b/forgejo/forgejo-storage.yaml new file mode 100644 index 0000000..19e6a2b --- /dev/null +++ b/forgejo/forgejo-storage.yaml @@ -0,0 +1,29 @@ +# ================================ +# FORGEJO PERSISTENT STORAGE +# Apply once — do NOT delete +# ================================ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: forgejo-db-pvc +spec: + accessModes: + - ReadWriteOnce + storageClassName: rook-ceph-block + resources: + requests: + storage: 10Gi + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: forgejo-pvc +spec: + accessModes: + - ReadWriteOnce + storageClassName: rook-ceph-block + resources: + requests: + storage: 20Gi diff --git a/forgejo/forgejo.yaml b/forgejo/forgejo.yaml index 296071c..0eebf75 100644 --- a/forgejo/forgejo.yaml +++ b/forgejo/forgejo.yaml @@ -13,19 +13,6 @@ stringData: POSTGRES_PASSWORD: changeMePleaseOtherwiseSomeoneWillKnow POSTGRES_DB: forgejo ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: forgejo-db-pvc -spec: - accessModes: - - ReadWriteOnce - storageClassName: rook-ceph-block - resources: - requests: - storage: 10Gi - --- apiVersion: apps/v1 kind: Deployment @@ -35,6 +22,8 @@ metadata: app: forgejo-postgres spec: replicas: 1 + strategy: + type: Recreate selector: matchLabels: app: forgejo-postgres @@ -78,19 +67,6 @@ spec: # FORGEJO APP # ------------------------- ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: forgejo-pvc -spec: - accessModes: - - ReadWriteOnce - storageClassName: rook-ceph-block - resources: - requests: - storage: 20Gi - --- apiVersion: apps/v1 kind: Deployment @@ -100,6 +76,8 @@ metadata: app: forgejo spec: replicas: 1 + strategy: + type: Recreate selector: matchLabels: app: forgejo @@ -158,6 +136,32 @@ spec: volumeMounts: - name: forgejo-data mountPath: /data + - name: backup + image: python:3-alpine + env: + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: forgejo-backup-secret + key: AWS_ACCESS_KEY_ID + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: forgejo-backup-secret + key: AWS_SECRET_ACCESS_KEY + - name: AWS_DEFAULT_REGION + value: eu-west-2 + command: + - /bin/sh + - -c + - | + apk add --no-cache dcron aws-cli + echo "0 2 * * 0 TIMESTAMP=\$(date +\%Y-\%m-\%d) && tar -czf - /data | aws s3 cp - s3://juntekim-git-backup/repos/forgejo-backup-\${TIMESTAMP}.tar.gz" | crontab - + crond -f -l 2 + volumeMounts: + - name: forgejo-data + mountPath: /data + readOnly: true volumes: - name: forgejo-data persistentVolumeClaim: