add ntfy to script

2025-12-19 22:55:55 -06:00
parent 88474b9887
commit 679344d45e
5 changed files with 84 additions and 46 deletions
--- a/clusters/cl01tl/helm/vault/templates/config-map.yaml
+++ b/clusters/cl01tl/helm/vault/templates/config-map.yaml
@@ -65,8 +65,35 @@ data:
  backup.sh: |
    echo " ";
    echo ">> Running S3 backup for Vault snapshot";
-    if s3cmd sync --no-check-certificate -v /opt/backup "${BUCKET}/cl01tl/cl01tl-vault-snapshots/"; then
-        echo ">> Sync succeeded"
+    OUTPUT=$(s3cmd sync --no-check-certificate -v /opt/backup "${BUCKET}/cl01tl/cl01tl-vault-snapshots/" 2>&1)
+    STATUS=$?
+
+    echo " ";
+    if [ $STATUS -ne 0 ]; then
+        if echo "$OUTPUT" | grep -q "403 Forbidden"; then
+            MESSAGE="403 Authentication Error: Your keys are wrong or you don't have permission"
+        elif echo "$OUTPUT" | grep -q "404 Not Found"; then
+            MESSAGE="404 Error: The bucket or folder does not exist"
+        elif echo "$OUTPUT" | grep -q "Connection refused"; then
+            MESSAGE="Network Error: Cannot reach the S3 endpoint"
+        else
+            MESSAGE="Unknown Error: $OUTPUT"
+            echo ">> Unknown Error, output:"
+            echo " "
+            echo "$OUTPUT"
+            echo " "
+        fi
+
+        echo ">> Message: $MESSAGE"
+
+        echo ">> Sending to NTFY ..."
+        curl \
+            -H "Authorization: Bearer ${NTFY_TOKEN}" \
+            -H "X-Priority: 5" \
+            -H "X-Tags: warning" \
+            -H "X-Title: Vault Backup Failed for ${TARGET}" \
+            -d "$MESSAGE" \
+            ${NTFY_ENDPOINT}/${NTFY_TOPIC}
    else
-        echo ">> ERROR: Sync failed"
+        echo ">> S3 Sync succeeded"
    fi
--- a/clusters/cl01tl/helm/vault/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/vault/templates/external-secret.yaml
@@ -117,6 +117,43 @@ spec:
        metadataPolicy: None
        property: BUCKET

+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: vault-backup-ntfy-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: vault-backup-ntfy-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: NTFY_TOKEN
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /ntfy/user/cl01tl
+        metadataPolicy: None
+        property: token
+    - secretKey: NTFY_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /ntfy/user/cl01tl
+        metadataPolicy: None
+        property: endpoint
+    - secretKey: NTFY_TOPIC
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/vault/snapshot
+        metadataPolicy: None
+        property: NTFY_TOPIC
+
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret