change to use restic

clusters/cl01tl/applications/audiobookshelf/templates/external-secret.yaml

@@ -1,10 +1,10 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: rclone-backup-secret
+  name: audiobookshelf-config-backup-secret
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: rclone-backup-secret
+    app.kubernetes.io/name: audiobookshelf-config-backup-secret
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: backup
@@ -13,11 +13,90 @@ spec:
   secretStoreRef:
     kind: ClusterSecretStore
     name: vault
+  target:
+    name: RESTIC_REPOSITORY
+    template:
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ `{{ .bucketEndpoint }}` }}/audiobookshelf/audiobookshelf-config"
   data:
-    - secretKey: rclone.conf
+    - secretKey: bucketEndpoint
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /cl01tl/volsync/rclone/config
+        key: /cl01tl/volsync/restic/config
         metadataPolicy: None
-        property: rclone.conf
+        property: S3_BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/volsync/restic/config
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-volsync-backups
+        metadataPolicy: None
+        property: access_key
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-volsync-backups
+        metadataPolicy: None
+        property: secret_key
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: audiobookshelf-config-backup-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: audiobookshelf-config-backup-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: backup
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    name: RESTIC_REPOSITORY
+    template:
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ `{{ .bucketEndpoint }}` }}/audiobookshelf/audiobookshelf-metadata"
+  data:
+    - secretKey: bucketEndpoint
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/volsync/restic/config
+        metadataPolicy: None
+        property: S3_BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/volsync/restic/config
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-volsync-backups
+        metadataPolicy: None
+        property: access_key
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-volsync-backups
+        metadataPolicy: None
+        property: secret_key

clusters/cl01tl/applications/audiobookshelf/templates/replication-source.yaml

@@ -1,10 +1,10 @@
 apiVersion: volsync.backube/v1alpha1
 kind: ReplicationSource
 metadata:
-  name: audiobookshelf-config-source
+  name: audiobookshelf-config-backup-source
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: audiobookshelf-config-source
+    app.kubernetes.io/name: audiobookshelf-config-backup-source
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: backup
@@ -12,11 +12,16 @@ metadata:
 spec:
   sourcePVC: audiobookshelf-config
   trigger:
-    schedule: "*/10 * * * *"
+    schedule: 0 */6 * * *
-  rclone:
+  restic:
-    rcloneConfigSection: aws-s3-bucket
+    pruneIntervalDays: 14
-    rcloneDestPath: cl01tl-volsync-backups/audiobookshelf/audiobookshelf-config
+    repository: restic-backup-secret
-    rcloneConfig: rclone-backup-secret
+    retain:
+      hourly: 1
+      daily: 1
+      weekly: 7
+      monthly: 4
+      yearly: 1
     copyMethod: Snapshot
     storageClassName: ceph-block
     volumeSnapshotClassName: ceph-blockpool-snapshot
@@ -25,10 +30,10 @@ spec:
 apiVersion: volsync.backube/v1alpha1
 kind: ReplicationSource
 metadata:
-  name: audiobookshelf-metadata-source
+  name: audiobookshelf-metadata-backup-source
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: audiobookshelf-metadata-source
+    app.kubernetes.io/name: audiobookshelf-metadata-backup-source
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: backup
@@ -36,11 +41,16 @@ metadata:
 spec:
   sourcePVC: audiobookshelf-metadata
   trigger:
-    schedule: "*/10 * * * *"
+    schedule: 0 */6 * * *
-  rclone:
+  restic:
-    rcloneConfigSection: aws-s3-bucket
+    pruneIntervalDays: 14
-    rcloneDestPath: cl01tl-volsync-backups/audiobookshelf/audiobookshelf-metadata
+    repository: restic-backup-secret
-    rcloneConfig: rclone-backup-secret
+    retain:
+      hourly: 1
+      daily: 1
+      weekly: 7
+      monthly: 4
+      yearly: 1
     copyMethod: Snapshot
     storageClassName: ceph-block
     volumeSnapshotClassName: ceph-blockpool-snapshot