replace backup with volsync snapshot

clusters/cl01tl/helm/gitea/Chart.lock

@@ -5,9 +5,6 @@ dependencies:
 - name: gitea-actions
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.2.1
-- name: app-template
-  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.5.0
 - name: meilisearch
   repository: https://meilisearch.github.io/meilisearch-kubernetes
   version: 0.18.0
@@ -23,5 +20,8 @@ dependencies:
 - name: redis-replication
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.5.0
-digest: sha256:e19321e491e25ccf17b9efadd4bdf9320efab133eae4bb8110730a4e42861ad7
+- name: volsync-target
-generated: "2025-12-15T15:30:49.152984-06:00"
+  repository: oci://harbor.alexlebens.net/helm-charts
+  version: 0.5.0
+digest: sha256:686bad050b4830fdc04ea00c06fa82f4251fda3add5e413a875cc48195c1628e
+generated: "2025-12-15T22:48:29.959439-06:00"

clusters/cl01tl/helm/gitea/Chart.yaml

@@ -31,10 +31,6 @@ dependencies:
   - name: gitea-actions
     repository: oci://harbor.alexlebens.net/helm-charts
     version: 0.2.1
-  - name: app-template
-    alias: backup
-    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.5.0
   - name: meilisearch
     version: 0.18.0
     repository: https://meilisearch.github.io/meilisearch-kubernetes
@@ -54,5 +50,9 @@ dependencies:
     alias: redis-replication-renovate
     version: 0.5.0
     repository: oci://harbor.alexlebens.net/helm-charts
+  - name: volsync-target
+    alias: volsync-target-storage
+    version: 0.5.0
+    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png
 appVersion: 1.25.2

clusters/cl01tl/helm/gitea/templates/external-secret.yaml

@@ -168,36 +168,6 @@ spec:
         metadataPolicy: None
         property: id_rsa.pub
 
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: gitea-s3cmd-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: gitea-s3cmd-config
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: .s3cfg
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/gitea-backup
-        metadataPolicy: None
-        property: s3cfg
-    - secretKey: BUCKET
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/gitea-backup
-        metadataPolicy: None
-        property: BUCKET
-
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret

clusters/cl01tl/helm/gitea/templates/persistent-volume-claim.yaml

@@ -1,24 +1,5 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
-metadata:
-  name: gitea-nfs-storage-backup
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: gitea-nfs-storage-backup
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeMode: Filesystem
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
-
----
-apiVersion: v1
-kind: PersistentVolumeClaim
 metadata:
   name: gitea-themes-storage
   namespace: {{ .Release.Namespace }}

clusters/cl01tl/helm/gitea/templates/role-binding.yaml

@@ -1,17 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: gitea-backup
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: gitea-backup
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: gitea-backup
-subjects:
-  - kind: ServiceAccount
-    name: gitea-backup
-    namespace: {{ .Release.Namespace }}

clusters/cl01tl/helm/gitea/templates/role.yaml

@@ -1,25 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: gitea-backup
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: gitea-backup
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - pods
-      - pods/exec
-    verbs:
-      - create
-      - list
-  - apiGroups:
-      - apps
-    resources:
-      - deployments
-    verbs:
-      - get
-      - list

clusters/cl01tl/helm/gitea/values.yaml

@@ -171,133 +171,6 @@ gitea-actions:
   existingSecret: gitea-runner-secret
   existingSecretKey: token
   giteaRootURL: http://gitea-http.gitea:3000
-backup:
-  global:
-    nameOverride: gitea-backup
-    fullnameOverride: gitea-backup
-  controllers:
-    backup:
-      type: cronjob
-      cronjob:
-        suspend: false
-        concurrencyPolicy: Forbid
-        timeZone: US/Central
-        schedule: 0 4 */2 * *
-        startingDeadlineSeconds: 90
-        successfulJobsHistory: 3
-        failedJobsHistory: 3
-        backoffLimit: 3
-        parallelism: 1
-      serviceAccount:
-        name: gitea-backup
-      pod:
-        automountServiceAccountToken: true
-        labels:
-          app.kubernetes.io/instance: gitea-backup
-          app.kubernetes.io/name: gitea-backup
-      initContainers:
-        backup:
-          image:
-            repository: bitnami/kubectl
-            tag: latest
-            pullPolicy: IfNotPresent
-          command:
-            - sh
-          args:
-            - -ec
-            - |
-              kubectl exec -it deploy/gitea -n gitea -- rm -f /opt/backup/gitea-backup.zip;
-              kubectl exec -it deploy/gitea -n gitea -- /app/gitea/gitea dump -c /data/gitea/conf/app.ini --file /opt/backup/gitea-backup.zip;
-          resources:
-            requests:
-              cpu: 100m
-              memory: 128Mi
-      containers:
-        s3-backup:
-          image:
-            repository: d3fk/s3cmd
-            tag: latest@sha256:a4ef406e37628ee56e608b1567aeb0345e51142f56741b715322111be3b6ebcc
-            pullPolicy: IfNotPresent
-          command:
-            - /bin/sh
-          args:
-            - -ec
-            - |
-              echo ">> Running S3 backup for Gitea"
-              s3cmd put --no-check-md5 --no-check-certificate -v /opt/backup/gitea-backup.zip ${BUCKET}/cl01tl/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
-              mv /opt/backup/gitea-backup.zip /opt/backup/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
-              echo ">> Completed S3 backup for Gitea"
-          env:
-            - name: BUCKET
-              valueFrom:
-                secretKeyRef:
-                  name: gitea-s3cmd-config
-                  key: BUCKET
-          resources:
-            requests:
-              cpu: 100m
-              memory: 128Mi
-        s3-prune:
-          image:
-            repository: d3fk/s3cmd
-            tag: latest@sha256:a4ef406e37628ee56e608b1567aeb0345e51142f56741b715322111be3b6ebcc
-            pullPolicy: IfNotPresent
-          command:
-            - /bin/sh
-          args:
-            - -ec
-            - |
-              export DATE_RANGE=$(date -d @$(( $(date +%s) - 604800 )) +%Y%m%d);
-              export FILE_MATCH="$BUCKET/cl01tl/gitea-backup-$DATE_RANGE-09-00.zip"
-              echo ">> Running S3 prune for Gitea backup repository"
-              echo ">> Backups prior to '$DATE_RANGE' will be removed"
-              echo ">> Backups to be removed:"
-              s3cmd ls ${BUCKET}/cl01tl/ |
-                awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}'
-              echo ">> Deleting ..."
-              s3cmd ls ${BUCKET}/cl01tl/ |
-                awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}' |
-                while read file; do
-                  s3cmd del "$file";
-                done;
-              echo ">> Completed S3 prune for Gitea backup repository"
-          env:
-            - name: BUCKET
-              valueFrom:
-                secretKeyRef:
-                  name: gitea-s3cmd-config
-                  key: BUCKET
-          resources:
-            requests:
-              cpu: 100m
-              memory: 128Mi
-  serviceAccount:
-    gitea-backup:
-      enabled: true
-  persistence:
-    config:
-      existingClaim: gitea-nfs-storage-backup
-      advancedMounts:
-        backup:
-          s3-backup:
-            - path: /opt/backup
-              readOnly: false
-    s3cmd-config:
-      enabled: true
-      type: secret
-      name: gitea-s3cmd-config
-      advancedMounts:
-        backup:
-          s3-backup:
-            - path: /root/.s3cfg
-              readOnly: true
-              mountPropagation: None
-              subPath: .s3cfg
-          s3-prune:
-            - path: /root/.s3cfg
-              readOnly: true
-              mountPropagation: None
-              subPath: .s3cfg
 meilisearch:
   environment:
     MEILI_NO_ANALYTICS: true
@@ -405,3 +278,24 @@ redis-replication-renovate:
     clusterSize: 1
   redisSentinel:
     enabled: false
+volsync-target-storage:
+  pvcTarget: gitea-shared-storage
+  local:
+    enabled: true
+    schedule: 0 0 0 * * *
+    restic:
+      pruneIntervalDays: 3
+      retain:
+        hourly: 1
+        daily: 1
+        weekly: 3
+        monthly: 0
+        yearly: 0
+      copyMethod: Snapshot
+      storageClassName: ceph-filesystem
+      volumeSnapshotClassName: ceph-filesystem
+      cacheCapacity: 40Gi
+  external:
+    enabled: false
+  remote:
+    enabled: false