apiVersion: batch/v1 kind: CronJob metadata: name: rclone-directus-assets labels: app.kubernetes.io/controller: directus-assets app.kubernetes.io/instance: rclone app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: rclone helm.sh/chart: rclone-4.6.2 namespace: rclone spec: suspend: false concurrencyPolicy: Forbid startingDeadlineSeconds: 90 timeZone: US/Central schedule: "0 0 * * *" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 jobTemplate: spec: parallelism: 1 backoffLimit: 3 template: metadata: labels: app.kubernetes.io/controller: directus-assets app.kubernetes.io/instance: rclone app.kubernetes.io/name: rclone spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst restartPolicy: Never containers: - args: - sync - src:directus-assets - dest:directus-assets - --s3-no-check-bucket - --verbose env: - name: RCLONE_S3_PROVIDER value: Other - name: RCLONE_CONFIG_SRC_TYPE value: s3 - name: RCLONE_CONFIG_SRC_PROVIDER value: Other - name: RCLONE_CONFIG_SRC_ENV_AUTH value: "false" - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID valueFrom: secretKeyRef: key: ACCESS_KEY_ID name: garage-directus-secret - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: ACCESS_SECRET_KEY name: garage-directus-secret - name: RCLONE_CONFIG_SRC_REGION valueFrom: secretKeyRef: key: ACCESS_REGION name: garage-directus-secret - name: RCLONE_CONFIG_SRC_ENDPOINT valueFrom: secretKeyRef: key: SRC_ENDPOINT name: garage-directus-secret - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE value: "true" - name: RCLONE_CONFIG_DEST_TYPE value: s3 - name: RCLONE_CONFIG_DEST_PROVIDER value: Other - name: RCLONE_CONFIG_DEST_ENV_AUTH value: "false" - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID valueFrom: secretKeyRef: key: ACCESS_KEY_ID name: garage-directus-secret - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: ACCESS_SECRET_KEY name: garage-directus-secret - name: RCLONE_CONFIG_DEST_REGION valueFrom: secretKeyRef: key: ACCESS_REGION name: garage-directus-secret - name: RCLONE_CONFIG_DEST_ENDPOINT valueFrom: secretKeyRef: key: DEST_ENDPOINT name: garage-directus-secret - name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE value: "true" image: rclone/rclone:1.73.2 imagePullPolicy: IfNotPresent name: sync --- apiVersion: batch/v1 kind: CronJob metadata: name: rclone-karakeep-assets labels: app.kubernetes.io/controller: karakeep-assets app.kubernetes.io/instance: rclone app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: rclone helm.sh/chart: rclone-4.6.2 namespace: rclone spec: suspend: false concurrencyPolicy: Forbid startingDeadlineSeconds: 90 timeZone: US/Central schedule: "10 0 * * *" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 jobTemplate: spec: parallelism: 1 backoffLimit: 3 template: metadata: labels: app.kubernetes.io/controller: karakeep-assets app.kubernetes.io/instance: rclone app.kubernetes.io/name: rclone spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst restartPolicy: Never containers: - args: - sync - src:karakeep-assets - dest:karakeep-assets - --s3-no-check-bucket - --verbose env: - name: RCLONE_S3_PROVIDER value: Other - name: RCLONE_CONFIG_SRC_TYPE value: s3 - name: RCLONE_CONFIG_SRC_PROVIDER value: Other - name: RCLONE_CONFIG_SRC_ENV_AUTH value: "false" - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID valueFrom: secretKeyRef: key: ACCESS_KEY_ID name: garage-karakeep-secret - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: ACCESS_SECRET_KEY name: garage-karakeep-secret - name: RCLONE_CONFIG_SRC_REGION valueFrom: secretKeyRef: key: ACCESS_REGION name: garage-karakeep-secret - name: RCLONE_CONFIG_SRC_ENDPOINT valueFrom: secretKeyRef: key: SRC_ENDPOINT name: garage-karakeep-secret - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE value: "true" - name: RCLONE_CONFIG_DEST_TYPE value: s3 - name: RCLONE_CONFIG_DEST_PROVIDER value: Other - name: RCLONE_CONFIG_DEST_ENV_AUTH value: "false" - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID valueFrom: secretKeyRef: key: ACCESS_KEY_ID name: garage-karakeep-secret - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: ACCESS_SECRET_KEY name: garage-karakeep-secret - name: RCLONE_CONFIG_DEST_REGION valueFrom: secretKeyRef: key: ACCESS_REGION name: garage-karakeep-secret - name: RCLONE_CONFIG_DEST_ENDPOINT valueFrom: secretKeyRef: key: DEST_ENDPOINT name: garage-karakeep-secret - name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE value: "true" image: rclone/rclone:1.73.2 imagePullPolicy: IfNotPresent name: sync --- apiVersion: batch/v1 kind: CronJob metadata: name: rclone-postgres-backups labels: app.kubernetes.io/controller: postgres-backups app.kubernetes.io/instance: rclone app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: rclone helm.sh/chart: rclone-4.6.2 namespace: rclone spec: suspend: false concurrencyPolicy: Forbid startingDeadlineSeconds: 90 timeZone: US/Central schedule: "40 0 * * *" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 jobTemplate: spec: parallelism: 1 backoffLimit: 3 template: metadata: labels: app.kubernetes.io/controller: postgres-backups app.kubernetes.io/instance: rclone app.kubernetes.io/name: rclone spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst restartPolicy: Never containers: - args: - delete - dest:postgres-backups - --min-age - 30d - --verbose env: - name: RCLONE_CONFIG_DEST_TYPE value: s3 - name: RCLONE_CONFIG_DEST_PROVIDER value: Other - name: RCLONE_CONFIG_DEST_ENV_AUTH value: "false" - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID valueFrom: secretKeyRef: key: ACCESS_KEY_ID name: garage-postgres-backups-secret - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: ACCESS_SECRET_KEY name: garage-postgres-backups-secret - name: RCLONE_CONFIG_DEST_REGION valueFrom: secretKeyRef: key: ACCESS_REGION name: garage-postgres-backups-secret - name: RCLONE_CONFIG_DEST_ENDPOINT valueFrom: secretKeyRef: key: DEST_ENDPOINT name: garage-postgres-backups-secret - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE value: "true" image: rclone/rclone:1.73.2 imagePullPolicy: IfNotPresent name: prune - args: - sync - src:postgres-backups - dest:postgres-backups - --s3-no-check-bucket - --max-age - 30d - --include - /cl01tl/*/*/*/base/** - --exclude - '**/walls/**' - --verbose env: - name: RCLONE_S3_PROVIDER value: Other - name: RCLONE_CONFIG_SRC_TYPE value: s3 - name: RCLONE_CONFIG_SRC_PROVIDER value: Other - name: RCLONE_CONFIG_SRC_ENV_AUTH value: "false" - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID valueFrom: secretKeyRef: key: ACCESS_KEY_ID name: garage-postgres-backups-secret - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: ACCESS_SECRET_KEY name: garage-postgres-backups-secret - name: RCLONE_CONFIG_SRC_REGION valueFrom: secretKeyRef: key: ACCESS_REGION name: garage-postgres-backups-secret - name: RCLONE_CONFIG_SRC_ENDPOINT valueFrom: secretKeyRef: key: SRC_ENDPOINT name: garage-postgres-backups-secret - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE value: "true" - name: RCLONE_CONFIG_DEST_TYPE value: s3 - name: RCLONE_CONFIG_DEST_PROVIDER value: Other - name: RCLONE_CONFIG_DEST_ENV_AUTH value: "false" - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID valueFrom: secretKeyRef: key: ACCESS_KEY_ID name: garage-postgres-backups-secret - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: ACCESS_SECRET_KEY name: garage-postgres-backups-secret - name: RCLONE_CONFIG_DEST_REGION valueFrom: secretKeyRef: key: ACCESS_REGION name: garage-postgres-backups-secret - name: RCLONE_CONFIG_DEST_ENDPOINT valueFrom: secretKeyRef: key: DEST_ENDPOINT name: garage-postgres-backups-secret - name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE value: "true" image: rclone/rclone:1.73.2 imagePullPolicy: IfNotPresent name: sync --- apiVersion: batch/v1 kind: CronJob metadata: name: rclone-talos-backups labels: app.kubernetes.io/controller: talos-backups app.kubernetes.io/instance: rclone app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: rclone helm.sh/chart: rclone-4.6.2 namespace: rclone spec: suspend: false concurrencyPolicy: Forbid startingDeadlineSeconds: 90 timeZone: US/Central schedule: "20 0 * * *" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 jobTemplate: spec: parallelism: 1 backoffLimit: 3 template: metadata: labels: app.kubernetes.io/controller: talos-backups app.kubernetes.io/instance: rclone app.kubernetes.io/name: rclone spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst restartPolicy: Never containers: - args: - delete - dest:talos-backups - --min-age - 90d - --verbose env: - name: RCLONE_CONFIG_DEST_TYPE value: s3 - name: RCLONE_CONFIG_DEST_PROVIDER value: Other - name: RCLONE_CONFIG_DEST_ENV_AUTH value: "false" - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID valueFrom: secretKeyRef: key: ACCESS_KEY_ID name: garage-talos-backups-secret - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: ACCESS_SECRET_KEY name: garage-talos-backups-secret - name: RCLONE_CONFIG_DEST_REGION valueFrom: secretKeyRef: key: ACCESS_REGION name: garage-talos-backups-secret - name: RCLONE_CONFIG_DEST_ENDPOINT valueFrom: secretKeyRef: key: DEST_ENDPOINT name: garage-talos-backups-secret - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE value: "true" image: rclone/rclone:1.73.2 imagePullPolicy: IfNotPresent name: prune - args: - sync - src:talos-backups - dest:talos-backups - --s3-no-check-bucket - --max-age - 90d - --verbose env: - name: RCLONE_S3_PROVIDER value: Other - name: RCLONE_CONFIG_SRC_TYPE value: s3 - name: RCLONE_CONFIG_SRC_PROVIDER value: Other - name: RCLONE_CONFIG_SRC_ENV_AUTH value: "false" - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID valueFrom: secretKeyRef: key: ACCESS_KEY_ID name: garage-talos-backups-secret - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: ACCESS_SECRET_KEY name: garage-talos-backups-secret - name: RCLONE_CONFIG_SRC_REGION valueFrom: secretKeyRef: key: ACCESS_REGION name: garage-talos-backups-secret - name: RCLONE_CONFIG_SRC_ENDPOINT valueFrom: secretKeyRef: key: SRC_ENDPOINT name: garage-talos-backups-secret - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE value: "true" - name: RCLONE_CONFIG_DEST_TYPE value: s3 - name: RCLONE_CONFIG_DEST_PROVIDER value: Other - name: RCLONE_CONFIG_DEST_ENV_AUTH value: "false" - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID valueFrom: secretKeyRef: key: ACCESS_KEY_ID name: garage-talos-backups-secret - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: ACCESS_SECRET_KEY name: garage-talos-backups-secret - name: RCLONE_CONFIG_DEST_REGION valueFrom: secretKeyRef: key: ACCESS_REGION name: garage-talos-backups-secret - name: RCLONE_CONFIG_DEST_ENDPOINT valueFrom: secretKeyRef: key: DEST_ENDPOINT name: garage-talos-backups-secret - name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE value: "true" image: rclone/rclone:1.73.2 imagePullPolicy: IfNotPresent name: sync --- apiVersion: batch/v1 kind: CronJob metadata: name: rclone-web-assets labels: app.kubernetes.io/controller: web-assets app.kubernetes.io/instance: rclone app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: rclone helm.sh/chart: rclone-4.6.2 namespace: rclone spec: suspend: false concurrencyPolicy: Forbid startingDeadlineSeconds: 90 timeZone: US/Central schedule: "30 0 * * *" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 jobTemplate: spec: parallelism: 1 backoffLimit: 3 template: metadata: labels: app.kubernetes.io/controller: web-assets app.kubernetes.io/instance: rclone app.kubernetes.io/name: rclone spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst restartPolicy: Never containers: - args: - sync - src:web-assets - dest:web-assets - --s3-no-check-bucket - --verbose env: - name: RCLONE_S3_PROVIDER value: Other - name: RCLONE_CONFIG_SRC_TYPE value: s3 - name: RCLONE_CONFIG_SRC_PROVIDER value: Other - name: RCLONE_CONFIG_SRC_ENV_AUTH value: "false" - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID valueFrom: secretKeyRef: key: ACCESS_KEY_ID name: garage-web-assets-secret - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: ACCESS_SECRET_KEY name: garage-web-assets-secret - name: RCLONE_CONFIG_SRC_REGION valueFrom: secretKeyRef: key: ACCESS_REGION name: garage-web-assets-secret - name: RCLONE_CONFIG_SRC_ENDPOINT valueFrom: secretKeyRef: key: SRC_ENDPOINT name: garage-web-assets-secret - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE value: "true" - name: RCLONE_CONFIG_DEST_TYPE value: s3 - name: RCLONE_CONFIG_DEST_PROVIDER value: Other - name: RCLONE_CONFIG_DEST_ENV_AUTH value: "false" - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID valueFrom: secretKeyRef: key: ACCESS_KEY_ID name: garage-web-assets-secret - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: ACCESS_SECRET_KEY name: garage-web-assets-secret - name: RCLONE_CONFIG_DEST_REGION valueFrom: secretKeyRef: key: ACCESS_REGION name: garage-web-assets-secret - name: RCLONE_CONFIG_DEST_ENDPOINT valueFrom: secretKeyRef: key: DEST_ENDPOINT name: garage-web-assets-secret - name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE value: "true" image: rclone/rclone:1.73.2 imagePullPolicy: IfNotPresent name: sync --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: garage-directus-secret namespace: rclone labels: app.kubernetes.io/name: garage-directus-secret app.kubernetes.io/instance: rclone app.kubernetes.io/part-of: rclone spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/directus-assets metadataPolicy: None property: ACCESS_KEY_ID - secretKey: ACCESS_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/directus-assets metadataPolicy: None property: ACCESS_REGION - secretKey: ACCESS_SECRET_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/directus-assets metadataPolicy: None property: ACCESS_SECRET_KEY - secretKey: SRC_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/config/local metadataPolicy: None property: ENDPOINT - secretKey: DEST_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/config/remote metadataPolicy: None property: ENDPOINT --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: garage-karakeep-secret namespace: rclone labels: app.kubernetes.io/name: garage-karakeep-secret app.kubernetes.io/instance: rclone app.kubernetes.io/part-of: rclone spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/karakeep-assets metadataPolicy: None property: ACCESS_KEY_ID - secretKey: ACCESS_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/karakeep-assets metadataPolicy: None property: ACCESS_REGION - secretKey: ACCESS_SECRET_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/karakeep-assets metadataPolicy: None property: ACCESS_SECRET_KEY - secretKey: SRC_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/config/local metadataPolicy: None property: ENDPOINT - secretKey: DEST_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/config/remote metadataPolicy: None property: ENDPOINT --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: garage-postgres-backups-secret namespace: rclone labels: app.kubernetes.io/name: garage-postgres-backups-secret app.kubernetes.io/instance: rclone app.kubernetes.io/part-of: rclone spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/postgres-backups metadataPolicy: None property: ACCESS_KEY_ID - secretKey: ACCESS_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/postgres-backups metadataPolicy: None property: ACCESS_REGION - secretKey: ACCESS_SECRET_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/postgres-backups metadataPolicy: None property: ACCESS_SECRET_KEY - secretKey: SRC_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/config/local metadataPolicy: None property: ENDPOINT - secretKey: DEST_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/config/remote metadataPolicy: None property: ENDPOINT --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: garage-talos-backups-secret namespace: rclone labels: app.kubernetes.io/name: garage-talos-backups-secret app.kubernetes.io/instance: rclone app.kubernetes.io/part-of: rclone spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/talos-backups metadataPolicy: None property: ACCESS_KEY_ID - secretKey: ACCESS_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/talos-backups metadataPolicy: None property: ACCESS_REGION - secretKey: ACCESS_SECRET_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/talos-backups metadataPolicy: None property: ACCESS_SECRET_KEY - secretKey: SRC_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/config/local metadataPolicy: None property: ENDPOINT - secretKey: DEST_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/config/remote metadataPolicy: None property: ENDPOINT --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: garage-web-assets-secret namespace: rclone labels: app.kubernetes.io/name: garage-web-assets-secret app.kubernetes.io/instance: rclone app.kubernetes.io/part-of: rclone spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/web-assets metadataPolicy: None property: ACCESS_KEY_ID - secretKey: ACCESS_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/web-assets metadataPolicy: None property: ACCESS_REGION - secretKey: ACCESS_SECRET_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/home-infra/web-assets metadataPolicy: None property: ACCESS_SECRET_KEY - secretKey: SRC_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/config/local metadataPolicy: None property: ENDPOINT - secretKey: DEST_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /garage/config/remote metadataPolicy: None property: ENDPOINT