From e7d14a89cdd6b5d097a6db0d2e1f698469d5e131 Mon Sep 17 00:00:00 2001
From: Daniel Sy <daniel.sy@noreply.edp.buildth.ing>
Date: Wed, 30 Jul 2025 14:35:42 +0200
Subject: [PATCH] =?UTF-8?q?feat(manifest):=20=F0=9F=8E=89=20WIP=20Add=20Cr?=
 =?UTF-8?q?onJob=20and=20Secret=20for=20S3=20backups?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds a new CronJob for scheduled S3 backups using rclone, along with a corresponding Secret for AWS credentials. This introduces automated backup functionality for the Forgejo server, enhancing data protection and recovery capabilities.
---
 .../manifests/forgejo-s3-backup-cronjob.yaml  | 64 +++++++++++++++++++
 1 file changed, 64 insertions(+)
 create mode 100644 template/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml

diff --git a/template/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml b/template/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml
new file mode 100644
index 0000000..769cd0d
--- /dev/null
+++ b/template/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml
@@ -0,0 +1,64 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: forgejo-s3-backup
+  namespace: gitea
+spec:
+  schedule: "24 * * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: rclone
+            image: rclone/rclone:1.70
+            imagePullPolicy: IfNotPresent
+            env:
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-cloud-credentials
+                  key: access-key
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-cloud-credentials
+                  key: secret-key
+            volumeMounts:
+            - name: rclone-config
+              mountPath: /etc/rclone
+              readOnly: true
+            command:
+            - /bin/sh
+            - -c
+            - |
+              sleep 7d
+              # rclone sync remote-source:packages remote-destination:packages --config /etc/rclone/config
+          restartPolicy: OnFailure
+          volumes:
+          - name: rclone-config
+            secret:
+              secretName: forgejo-s3-backup
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: forgejo-s3-backup
+  namespace: gitea
+type: Opaque
+stringData:
+  config: |
+    [remote-source]
+    type = s3
+    provider = AWS
+    env_auth = true
+    endpoint = https://edp-forgejo-non-prod-observability.obs.eu-de.otc.t-systems.com
+    region = eu-de
+
+    [remote-destination]
+    type = s3
+    provider = AWS
+    env_auth = true
+    endpoint = https://edp-forgejo-backup-test-manu.obs.eu-de.otc.t-systems.com 
+    region = eu-de