apps/gitea/kustomization.yaml

@@ -7,23 +7,10 @@ resources:
 - gitea-ingress.yaml
 - runner-pvc.yaml
 - runner-deployment.yaml
-- restic-sa.yaml
-- restic-role.yaml
-- restic-role-binding.yaml
-- restic-pvc.yaml
-- restic-debug-pod.yaml
-- restic-cronjob.yaml
-
-
-configMapGenerator:
-- name: restic-backup-script
-  namespace: gitea
-  files:
-  - ./restic-backup.sh
+- ./restic
 
 generators:
 - secret-generator.yaml
-  # - configmap-generator.yaml
 
 helmCharts:
 - name: gitea

apps/gitea/restic/backup.sh

@@ -6,6 +6,8 @@ NC='\033[0m'
 
 echo -e "\n${GREEN}`date` - Starting backup...${NC}\n"
 
+restic unlock
+
 # Gitea
 echo -e "\n${GREEN}`date` - Backing up Gitea...${NC}\n"
 gitea=$(kubectl get deploy -n gitea -l app=gitea -o name --no-headers=true)

apps/gitea/restic/cronjob.yaml

@@ -42,7 +42,7 @@ spec:
           - name: restic-container
             image: git.namesny.com/cluster/restic:latest
             imagePullPolicy: Always
-            command: ["/bin/sh", "/app/restic-backup.sh"]
+            command: ["/bin/sh", "/app/backup.sh"]
             envFrom:
             - secretRef:
                 name: restic-secret

apps/gitea/restic/kustomization.yaml

@@ -0,0 +1,21 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: gitea
+
+resources:
+- service-account.yaml
+- role.yaml
+- role-binding.yaml
+- pvc.yaml
+- debug-pod.yaml
+- cronjob.yaml
+
+generators:
+- secret-generator.yaml
+
+configMapGenerator:
+- name: restic-backup-script
+  namespace: gitea
+  files:
+  - ./backup.sh
+

apps/gitea/restic/secret-generator.yaml

@@ -0,0 +1,11 @@
+apiVersion: viaduct.ai/v1
+kind: ksops
+metadata:
+  name: restic-secret-generator
+  annotations:
+    config.kubernetes.io/function: |
+        exec:
+          path: ksops
+files:
+- ./secret.enc.yaml
+

apps/gitea/secret-generator.yaml

@@ -10,5 +10,4 @@ files:
 - ./gitea-admin-secret.enc.yaml
 - ./renovate-bot-secret.enc.yaml
 - ./runner-secret.enc.yaml
-- ./restic-secret.enc.yaml