Merge pull request 'feat: migrate to backblaze' (#6636) from tmp/rclone-7 into main

Reviewed-on: #6636

clusters/cl01tl/helm/cloudnative-pg/values.yaml

@@ -18,7 +18,7 @@ rclone-postgres-backups-remote:
   nameOverride: postgres-backups-remote-rclone
   cronJob:
     suspend: false
-    schedule: 0 6 * * 6
+    schedule: 30 6 * * 1
   rclone:
     source:
       bucketName: postgres-backups
@@ -44,14 +44,13 @@ rclone-postgres-backups-remote:
 rclone-postgres-backups-external:
   nameOverride: postgres-backups-external-rclone
   cronJob:
-    suspend: true
+    suspend: false
-    schedule: 0 6 * * 6
+    schedule: 0 6 * * 1
   rclone:
     source:
-      bucketName: openbao-backups
+      bucketName: postgres-backups
     destination:
-      bucketName: postgres-backups-ecc1010276b61716
+      bucketName: postgres-backups-775957147abfbc73
-      providerType: DigitalOcean
   prune:
     enabled: true
     ageToPrune: 45d
@@ -66,10 +65,10 @@ rclone-postgres-backups-external:
           path: /garage/config
       destination:
         credentials:
-          path: /digital-ocean/home-infra/postgres-backups
+          path: /backblaze/home-infra/postgres-backups
           keyIdProperty: AWS_ACCESS_KEY_ID
           secretKeyProperty: AWS_SECRET_ACCESS_KEY
           regionProperty: AWS_REGION
         config:
-          path: /digital-ocean/config
+          path: /backblaze/config
           endpointProperty: ENDPOINT

clusters/cl01tl/helm/directus/Chart.lock

@@ -11,5 +11,8 @@ dependencies:
 - name: rclone-bucket
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.7.0
-digest: sha256:3dea680a7391a11ea84cb6b81a0fd336590e59b163c7c3f5a11efc57136d8bc2
+- name: rclone-bucket
-generated: "2026-05-07T01:19:59.656347343Z"
+  repository: oci://harbor.alexlebens.net/helm-charts
+  version: 0.7.0
+digest: sha256:5be9eefefbda2ebe4b33dd0e0684f3688781de408bb666113e3b44e6e6b606dc
+generated: "2026-05-07T15:08:44.150931-05:00"

clusters/cl01tl/helm/directus/Chart.yaml

@@ -32,6 +32,10 @@ dependencies:
     alias: rclone-directus-assets-remote
     repository: oci://harbor.alexlebens.net/helm-charts
     version: 0.7.0
+  - name: rclone-bucket
+    alias: rclone-directus-assets-external
+    repository: oci://harbor.alexlebens.net/helm-charts
+    version: 0.7.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
 # renovate: datasource=github-releases depName=directus/directus
 appVersion: 11.17.4

clusters/cl01tl/helm/directus/values.yaml

@@ -211,9 +211,10 @@ valkey:
         default:
           permissions: "~* &* +@all"
 rclone-directus-assets-remote:
+  nameOverride: directus-assets-remote-rclone
   cronJob:
     suspend: false
-    schedule: 0 0 * * *
+    schedule: 30 6 * * 2
   rclone:
     source:
       bucketName: directus-assets
@@ -231,3 +232,26 @@ rclone-directus-assets-remote:
           path: /garage/home-infra/directus-assets
         config:
           path: /garage/config
+rclone-directus-assets-external:
+  nameOverride: directus-assets-external-rclone
+  cronJob:
+    suspend: false
+    schedule: 0 6 * * 2
+  rclone:
+    source:
+      bucketName: directus-assets
+    destination:
+      bucketName: directus-assets-37363a16b71dc59b
+  secret:
+    externalSecret:
+      source:
+        credentials:
+          path: /garage/home-infra/directus-assets
+        config:
+          path: /garage/config
+      destination:
+        credentials:
+          path: /backblaze/home-infra/directus-assets
+        config:
+          path: /backblaze/config
+          endpointProperty: ENDPOINT

clusters/cl01tl/helm/karakeep/Chart.lock

@@ -14,5 +14,8 @@ dependencies:
 - name: rclone-bucket
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.7.0
-digest: sha256:bb424fe9bed824b37aa26d0e72d123fea5f5c3fcae4eaa21a54e087f2b52421a
+- name: rclone-bucket
-generated: "2026-05-07T01:20:20.489019444Z"
+  repository: oci://harbor.alexlebens.net/helm-charts
+  version: 0.7.0
+digest: sha256:be0234cbbed7e9cd59ceaa9f0c8f4478cbd572867a8766f45840ec6d79a6a6aa
+generated: "2026-05-07T15:09:58.731382-05:00"

clusters/cl01tl/helm/karakeep/Chart.yaml

@@ -37,6 +37,10 @@ dependencies:
     alias: rclone-karakeep-assets-remote
     repository: oci://harbor.alexlebens.net/helm-charts
     version: 0.7.0
+  - name: rclone-bucket
+    alias: rclone-karakeep-assets-external
+    repository: oci://harbor.alexlebens.net/helm-charts
+    version: 0.7.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/karakeep.png
 # renovate: datasource=github-releases depName=karakeep-app/karakeep
 appVersion: 0.31.0

clusters/cl01tl/helm/karakeep/values.yaml

@@ -175,7 +175,7 @@ volsync-target-data:
 rclone-karakeep-assets-remote:
   cronJob:
     suspend: false
-    schedule: 10 0 * * *
+    schedule: 30 6 * * 3
   rclone:
     source:
       bucketName: karakeep-assets
@@ -193,3 +193,26 @@ rclone-karakeep-assets-remote:
           path: /garage/home-infra/karakeep-assets
         config:
           path: /garage/config
+rclone-karakeep-assets-external:
+  nameOverride: karakeep-assets-external-rclone
+  cronJob:
+    suspend: false
+    schedule: 0 6 * * 3
+  rclone:
+    source:
+      bucketName: karakeep-assets
+    destination:
+      bucketName: karakeep-assets-bcb0bc04dac3e3fd
+  secret:
+    externalSecret:
+      source:
+        credentials:
+          path: /garage/home-infra/karakeep-assets
+        config:
+          path: /garage/config
+      destination:
+        credentials:
+          path: /backblaze/home-infra/karakeep-assets
+        config:
+          path: /backblaze/config
+          endpointProperty: ENDPOINT

clusters/cl01tl/helm/ntfy/values.yaml

@@ -127,7 +127,7 @@ postgres-18-cluster:
 rclone-ntfy-attachments-remote:
   cronJob:
     suspend: false
-    schedule: 50 0 * * *
+    schedule: 0 1 * * *
   rclone:
     source:
       bucketName: ntfy-attachments

clusters/cl01tl/helm/openbao/values.yaml

@@ -243,7 +243,7 @@ rclone-openbao-backups-remote:
   nameOverride: openbao-backups-remote-rclone
   cronJob:
     suspend: false
-    schedule: 0 1 * * *
+    schedule: 30 6 * * 4
   rclone:
     source:
       bucketName: openbao-backups
@@ -268,13 +268,12 @@ rclone-openbao-backups-external:
   nameOverride: openbao-backups-external-rclone
   cronJob:
     suspend: false
-    schedule: 10 1 * * *
+    schedule: 0 6 * * 4
   rclone:
     source:
       bucketName: openbao-backups
     destination:
       bucketName: openbao-backups-038053cd180284dc
-      providerType: Other
   prune:
     enabled: true
     ageToPrune: 90d

clusters/cl01tl/helm/rclone/Chart.lock

@@ -2,5 +2,8 @@ dependencies:
 - name: rclone-bucket
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.7.0
-digest: sha256:870599db3a25d2be6c107fed1481aec87a97db4b1fb7ce9668098e89c2877327
+- name: rclone-bucket
-generated: "2026-05-07T01:21:28.932348257Z"
+  repository: oci://harbor.alexlebens.net/helm-charts
+  version: 0.7.0
+digest: sha256:28ae198008893310d81c9452c799cb178d3d3cb54bd65936b6e12cf495f2840c
+generated: "2026-05-07T15:17:54.435967-05:00"

clusters/cl01tl/helm/rclone/Chart.yaml

@@ -13,6 +13,10 @@ sources:
 maintainers:
   - name: alexlebens
 dependencies:
+  - name: rclone-bucket
+    alias: rclone-web-assets-local
+    repository: oci://harbor.alexlebens.net/helm-charts
+    version: 0.7.0
   - name: rclone-bucket
     alias: rclone-web-assets-remote
     repository: oci://harbor.alexlebens.net/helm-charts

clusters/cl01tl/helm/rclone/values.yaml

@@ -1,144 +1,49 @@
-rclone:
+rclone-web-assets-local:
-  controllers:
-    postgres-backups:
-      type: cronjob
-      cronjob:
-        suspend: false
-        timeZone: America/Chicago
-        schedule: 40 0 * * *
-        backoffLimit: 3
-        parallelism: 1
-      containers:
-        sync:
-          image:
-            repository: rclone/rclone
-            tag: 1.74.0@sha256:d2e0e88359d0b2e67cfcd2c43d5405185eb8adfc207079df27c42da82c5207bc
-          args:
-            - sync
-            - src:postgres-backups
-            - dest:postgres-backups
-            - --s3-no-check-bucket
-            - --max-age
-            - 30d
-            - --include
-            - "/cl01tl/*/*/*/base/**"
-            - --exclude
-            - "**/walls/**"
-            - --verbose
-          env:
-            - name: RCLONE_S3_PROVIDER
-              value: Other
-            - name: RCLONE_CONFIG_SRC_TYPE
-              value: s3
-            - name: RCLONE_CONFIG_SRC_PROVIDER
-              value: Other
-            - name: RCLONE_CONFIG_SRC_ENV_AUTH
-              value: false
-            - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
-              valueFrom:
-                secretKeyRef:
-                  name: garage-postgres-backups-secret
-                  key: ACCESS_KEY_ID
-            - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: garage-postgres-backups-secret
-                  key: ACCESS_SECRET_KEY
-            - name: RCLONE_CONFIG_SRC_REGION
-              valueFrom:
-                secretKeyRef:
-                  name: garage-postgres-backups-secret
-                  key: ACCESS_REGION
-            - name: RCLONE_CONFIG_SRC_ENDPOINT
-              valueFrom:
-                secretKeyRef:
-                  name: garage-postgres-backups-secret
-                  key: SRC_ENDPOINT
-            - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
-              value: true
-            - name: RCLONE_CONFIG_DEST_TYPE
-              value: s3
-            - name: RCLONE_CONFIG_DEST_PROVIDER
-              value: Other
-            - name: RCLONE_CONFIG_DEST_ENV_AUTH
-              value: false
-            - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
-              valueFrom:
-                secretKeyRef:
-                  name: garage-postgres-backups-secret
-                  key: ACCESS_KEY_ID
-            - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: garage-postgres-backups-secret
-                  key: ACCESS_SECRET_KEY
-            - name: RCLONE_CONFIG_DEST_REGION
-              valueFrom:
-                secretKeyRef:
-                  name: garage-postgres-backups-secret
-                  key: ACCESS_REGION
-            - name: RCLONE_CONFIG_DEST_ENDPOINT
-              valueFrom:
-                secretKeyRef:
-                  name: garage-postgres-backups-secret
-                  key: DEST_ENDPOINT
-            - name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE
-              value: true
-        prune:
-          image:
-            repository: rclone/rclone
-            tag: 1.74.0@sha256:d2e0e88359d0b2e67cfcd2c43d5405185eb8adfc207079df27c42da82c5207bc
-          args:
-            - delete
-            - dest:postgres-backups
-            - --min-age
-            - 30d
-            - --verbose
-          env:
-            - name: RCLONE_CONFIG_DEST_TYPE
-              value: s3
-            - name: RCLONE_CONFIG_DEST_PROVIDER
-              value: Other
-            - name: RCLONE_CONFIG_DEST_ENV_AUTH
-              value: false
-            - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
-              valueFrom:
-                secretKeyRef:
-                  name: garage-postgres-backups-secret
-                  key: ACCESS_KEY_ID
-            - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: garage-postgres-backups-secret
-                  key: ACCESS_SECRET_KEY
-            - name: RCLONE_CONFIG_DEST_REGION
-              valueFrom:
-                secretKeyRef:
-                  name: garage-postgres-backups-secret
-                  key: ACCESS_REGION
-            - name: RCLONE_CONFIG_DEST_ENDPOINT
-              valueFrom:
-                secretKeyRef:
-                  name: garage-postgres-backups-secret
-                  key: DEST_ENDPOINT
-            - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
-              value: true
-rclone-web-assets-remote:
   cronJob:
     suspend: false
-    schedule: 30 0 * * *
+    schedule: 0 6 * * 5
   rclone:
     source:
-      bucketName: web-assets
+      bucketName: web-assets-770aef58c931fcf4
     destination:
       bucketName: web-assets
   secret:
     externalSecret:
       source:
         credentials:
-          path: /garage/home-infra/web-assets
+          path: /backblaze/home-infra/web-assets
+          keyIdProperty: AWS_ACCESS_KEY_ID
+          secretKeyProperty: AWS_SECRET_ACCESS_KEY
+          regionProperty: AWS_REGION
         config:
-          path: /garage/config
+          path: /backblaze/config
+          endpointProperty: ENDPOINT
+      destination:
+        credentials:
+          path: /garage/home-infra/web-assets
+        config:
+          path: /garage/config
+          endpointProperty: ENDPOINT_LOCAL
+rclone-web-assets-remote:
+  cronJob:
+    suspend: false
+    schedule: 0 6 * * 6
+  rclone:
+    source:
+      bucketName: web-assets-770aef58c931fcf4
+    destination:
+      bucketName: web-assets
+  secret:
+    externalSecret:
+      source:
+        credentials:
+          path: /backblaze/home-infra/web-assets
+          keyIdProperty: AWS_ACCESS_KEY_ID
+          secretKeyProperty: AWS_SECRET_ACCESS_KEY
+          regionProperty: AWS_REGION
+        config:
+          path: /backblaze/config
+          endpointProperty: ENDPOINT
       destination:
         credentials:
           path: /garage/home-infra/web-assets