# Apply: kubectl apply -f manifests/gitea/gitea-backup.yaml
# Delete: kubectl delete -f manifests/gitea/gitea-backup.yaml
# Description: CronJob that backs up Gitea to NFS every 7 days, with RBAC and PV/PVC.
apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitea-backup
  namespace: gitea-backup
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: gitea-backup
rules:
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["get", "list"]
  - apiGroups: [""]
    resources: ["pods/exec"]
    verbs: ["create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: gitea-backup
subjects:
  - kind: ServiceAccount
    name: gitea-backup
    namespace: gitea-backup
roleRef:
  kind: ClusterRole
  name: gitea-backup
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: CronJob
metadata:
  name: gitea-backup
  namespace: gitea-backup
spec:
  schedule: "0 3 */7 * *"
  successfulJobsHistoryLimit: 1
  failedJobsHistoryLimit: 1
  jobTemplate:
    spec:
      template:
        spec:
          serviceAccountName: gitea-backup
          restartPolicy: OnFailure
          nodeSelector:
            node-role: primary
          containers:
            - name: backup
              image: bitnami/kubectl:latest
              command:
                - /bin/sh
                - -c
                - |
                  set -e
                  echo "Finding Gitea pod..."
                  GITEA_POD=$(kubectl get pod -n gitea -l app=gitea -o jsonpath='{.items[0].metadata.name}')
                  echo "Running gitea dump in pod $GITEA_POD..."
                  kubectl exec -n gitea $GITEA_POD -- rm -f /tmp/gitea-backup.zip
                  kubectl exec -n gitea $GITEA_POD -- gitea dump \
                    --config /data/gitea/conf/app.ini \
                    --file /tmp/gitea-backup.zip \
                    --type zip
                  echo "Copying backup to NFS..."
                  rm -f /backup/gitea-backup.zip
                  kubectl cp gitea/$GITEA_POD:/tmp/gitea-backup.zip /backup/gitea-backup.zip
                  echo "Cleaning up temp file..."
                  kubectl exec -n gitea $GITEA_POD -- rm /tmp/gitea-backup.zip
                  echo "Backup complete: /backup/gitea-backup.zip"
              volumeMounts:
                - name: backup
                  mountPath: /backup
          volumes:
            - name: backup
              persistentVolumeClaim:
                claimName: gitea-backup-pvc
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: gitea-backup-pv
spec:
  capacity:
    storage: 50Gi
  accessModes:
    - ReadWriteMany
  nfs:
    server: 192.168.7.183
    path: /home/nik/backups/gitea
  persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: gitea-backup-pvc
  namespace: gitea-backup
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 50Gi
  volumeName: gitea-backup-pv
  storageClassName: ""