git things

2026-03-12 07:01:36 +00:00 · 2026-03-12 07:01:36 +00:00 · 2d0892a7f5
commit 2d0892a7f5
parent 97bd6854f4
5 changed files with 80 additions and 28 deletions
--- a/aws_infra/main.tf
+++ b/aws_infra/main.tf
@ -3,5 +3,14 @@
 module "forgejo_backup" {
  source = "./modules/forgejo_backup"

-  bucket_name = "juntekim-forgejo-backup"
+  bucket_name = "juntekim-git-backup"
+}
+
+output "forgejo_backup_access_key_id" {
+  value = module.forgejo_backup.iam_access_key_id
+}
+
+output "forgejo_backup_secret_access_key" {
+  value     = module.forgejo_backup.iam_secret_access_key
+  sensitive = true
 }
--- a/aws_infra/provider.tf
+++ b/aws_infra/provider.tf
@ -17,5 +17,6 @@ terraform {
 }

 provider "aws" {
-  region = var.aws_region
+  region  = var.aws_region
+  profile = "personal"
 }
--- a/forgejo/forgejo-backup-secret.yaml
+++ b/forgejo/forgejo-backup-secret.yaml
@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: forgejo-backup-secret
+  namespace: default
+type: Opaque
+stringData:
+  AWS_ACCESS_KEY_ID: AKIAQL67W6HIV6WTECSQ
+  AWS_SECRET_ACCESS_KEY: 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
--- a/forgejo/forgejo-storage.yaml
+++ b/forgejo/forgejo-storage.yaml
@ -0,0 +1,29 @@
+# ================================
+# FORGEJO PERSISTENT STORAGE
+# Apply once — do NOT delete
+# ================================
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: forgejo-db-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: rook-ceph-block
+  resources:
+    requests:
+      storage: 10Gi
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: forgejo-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: rook-ceph-block
+  resources:
+    requests:
+      storage: 20Gi
--- a/forgejo/forgejo.yaml
+++ b/forgejo/forgejo.yaml
@ -13,19 +13,6 @@ stringData:
  POSTGRES_PASSWORD: changeMePleaseOtherwiseSomeoneWillKnow
  POSTGRES_DB: forgejo

---
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: forgejo-db-pvc
-spec:
-  accessModes:
-    - ReadWriteOnce
-  storageClassName: rook-ceph-block
-  resources:
-    requests:
-      storage: 10Gi
-
 ---
 apiVersion: apps/v1
 kind: Deployment
@ -35,6 +22,8 @@ metadata:
    app: forgejo-postgres
 spec:
  replicas: 1
+  strategy:
+    type: Recreate
  selector:
    matchLabels:
      app: forgejo-postgres
@ -78,19 +67,6 @@ spec:
 # FORGEJO APP
 # -------------------------

---
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: forgejo-pvc
-spec:
-  accessModes:
-    - ReadWriteOnce
-  storageClassName: rook-ceph-block
-  resources:
-    requests:
-      storage: 20Gi
-
 ---
 apiVersion: apps/v1
 kind: Deployment
@ -100,6 +76,8 @@ metadata:
    app: forgejo
 spec:
  replicas: 1
+  strategy:
+    type: Recreate
  selector:
    matchLabels:
      app: forgejo
@ -158,6 +136,32 @@ spec:
          volumeMounts:
            - name: forgejo-data
              mountPath: /data
+        - name: backup
+          image: python:3-alpine
+          env:
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-backup-secret
+                  key: AWS_ACCESS_KEY_ID
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-backup-secret
+                  key: AWS_SECRET_ACCESS_KEY
+            - name: AWS_DEFAULT_REGION
+              value: eu-west-2
+          command:
+            - /bin/sh
+            - -c
+            - |
+              apk add --no-cache dcron aws-cli
+              echo "0 2 * * 0 TIMESTAMP=\$(date +\%Y-\%m-\%d) && tar -czf - /data | aws s3 cp - s3://juntekim-git-backup/repos/forgejo-backup-\${TIMESTAMP}.tar.gz" | crontab -
+              crond -f -l 2
+          volumeMounts:
+            - name: forgejo-data
+              mountPath: /data
+              readOnly: true
      volumes:
        - name: forgejo-data
          persistentVolumeClaim: