From 6d0b8a52758b37d35a524e937cc9b971943065d7 Mon Sep 17 00:00:00 2001 From: bo0tzz Date: Fri, 27 Feb 2026 16:17:38 +0100 Subject: [PATCH 1/2] fix: daily backups for discord bot --- .../apps/tools/discord-bot/app/backup.yaml | 9 +++++++ .../apps/tools/discord-bot/app/database.yaml | 14 ++++++++++ .../tools/discord-bot/app/kustomization.yaml | 1 + kubernetes/apps/tools/discord-bot/ks.yaml | 27 ++++++++++++++++++- .../discord-bot/secrets/db-backup-bucket.yaml | 19 +++++++++++++ .../discord-bot/secrets/db-backup-secret.yaml | 21 +++++++++++++++ .../discord-bot/secrets/kustomization.yaml | 6 +++++ .../modules/shared/cloudflare/account/r2.tf | 13 +++++++++ 8 files changed, 109 insertions(+), 1 deletion(-) create mode 100644 kubernetes/apps/tools/discord-bot/app/backup.yaml create mode 100644 kubernetes/apps/tools/discord-bot/secrets/db-backup-bucket.yaml create mode 100644 kubernetes/apps/tools/discord-bot/secrets/db-backup-secret.yaml create mode 100644 kubernetes/apps/tools/discord-bot/secrets/kustomization.yaml diff --git a/kubernetes/apps/tools/discord-bot/app/backup.yaml b/kubernetes/apps/tools/discord-bot/app/backup.yaml new file mode 100644 index 000000000..7103905e7 --- /dev/null +++ b/kubernetes/apps/tools/discord-bot/app/backup.yaml @@ -0,0 +1,9 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: ScheduledBackup +metadata: + name: discord-bot-db-daily-backup + namespace: tools +spec: + schedule: "0 18 * * *" + cluster: + name: discord-bot-db diff --git a/kubernetes/apps/tools/discord-bot/app/database.yaml b/kubernetes/apps/tools/discord-bot/app/database.yaml index 921ba670f..ae776e6f2 100644 --- a/kubernetes/apps/tools/discord-bot/app/database.yaml +++ b/kubernetes/apps/tools/discord-bot/app/database.yaml @@ -7,3 +7,17 @@ spec: storage: size: 10Gi storageClass: zfs + backup: + retentionPolicy: "14d" + barmanObjectStore: + destinationPath: s3://${bucket_name} + endpointURL: ${api_endpoint} + wal: + compression: bzip2 + s3Credentials: + accessKeyId: + name: discord-bot-db-backup-secret + key: id + secretAccessKey: + name: discord-bot-db-backup-secret + key: secret diff --git a/kubernetes/apps/tools/discord-bot/app/kustomization.yaml b/kubernetes/apps/tools/discord-bot/app/kustomization.yaml index 2754b3ae7..3c45c5559 100644 --- a/kubernetes/apps/tools/discord-bot/app/kustomization.yaml +++ b/kubernetes/apps/tools/discord-bot/app/kustomization.yaml @@ -5,3 +5,4 @@ resources: - ./helmrelease.yaml - ./secret.yaml - ./database.yaml + - ./backup.yaml diff --git a/kubernetes/apps/tools/discord-bot/ks.yaml b/kubernetes/apps/tools/discord-bot/ks.yaml index 5a0b56689..8c5b0e71c 100644 --- a/kubernetes/apps/tools/discord-bot/ks.yaml +++ b/kubernetes/apps/tools/discord-bot/ks.yaml @@ -1,5 +1,25 @@ --- -# yaml-language-server: $schema=https://github.com/fluxcd-community/flux2-schemas/raw/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app discord-bot-secrets + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: external-secrets-stores + path: ./kubernetes/apps/tools/discord-bot/secrets + prune: true + sourceRef: + kind: GitRepository + name: immich-kubernetes + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m +--- apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -13,6 +33,7 @@ spec: dependsOn: - name: cluster-apps-onepassword - name: podbump + - name: discord-bot-secrets path: ./kubernetes/apps/tools/discord-bot/app prune: true sourceRef: @@ -22,3 +43,7 @@ spec: interval: 30m retryInterval: 1m timeout: 5m + postBuild: + substituteFrom: + - kind: Secret + name: discord-bot-db-backup-bucket diff --git a/kubernetes/apps/tools/discord-bot/secrets/db-backup-bucket.yaml b/kubernetes/apps/tools/discord-bot/secrets/db-backup-bucket.yaml new file mode 100644 index 000000000..05b6a5ce3 --- /dev/null +++ b/kubernetes/apps/tools/discord-bot/secrets/db-backup-bucket.yaml @@ -0,0 +1,19 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: discord-bot-db-backup-bucket + namespace: flux-system +spec: + secretStoreRef: + kind: ClusterSecretStore + name: 1p-tf + refreshInterval: "20s" + data: + - secretKey: bucket_name + remoteRef: + key: DISCORD_BOT_DB_BACKUP_BUCKET + property: bucket_name + - secretKey: api_endpoint + remoteRef: + key: DISCORD_BOT_DB_BACKUP_BUCKET + property: endpoint diff --git a/kubernetes/apps/tools/discord-bot/secrets/db-backup-secret.yaml b/kubernetes/apps/tools/discord-bot/secrets/db-backup-secret.yaml new file mode 100644 index 000000000..0253c02d2 --- /dev/null +++ b/kubernetes/apps/tools/discord-bot/secrets/db-backup-secret.yaml @@ -0,0 +1,21 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: discord-bot-db-backup-secret + namespace: tools + labels: + cnpg.io/reload: "true" +spec: + secretStoreRef: + kind: ClusterSecretStore + name: 1p-tf + refreshInterval: "20s" + data: + - secretKey: id + remoteRef: + key: DISCORD_BOT_DB_BACKUP_BUCKET + property: access_key_id + - secretKey: secret + remoteRef: + key: DISCORD_BOT_DB_BACKUP_BUCKET + property: secret_access_key diff --git a/kubernetes/apps/tools/discord-bot/secrets/kustomization.yaml b/kubernetes/apps/tools/discord-bot/secrets/kustomization.yaml new file mode 100644 index 000000000..86131e80f --- /dev/null +++ b/kubernetes/apps/tools/discord-bot/secrets/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./db-backup-secret.yaml + - ./db-backup-bucket.yaml diff --git a/tf/deployment/modules/shared/cloudflare/account/r2.tf b/tf/deployment/modules/shared/cloudflare/account/r2.tf index 79c3b985d..0d2f86175 100644 --- a/tf/deployment/modules/shared/cloudflare/account/r2.tf +++ b/tf/deployment/modules/shared/cloudflare/account/r2.tf @@ -58,6 +58,19 @@ module "victorialogs_volsync_backups" { allowed_cidrs = local.mich_cidrs } +module "discord_bot_db_backups" { + source = "./shared/modules/cloudflare-r2-bucket" + providers = { + cloudflare.api_keys = cloudflare.api_keys + } + + bucket_name = "discord-bot-db-backups" + cloudflare_account_id = var.cloudflare_account_id + onepassword_vault_id = data.onepassword_vault.tf.uuid + item_name = "DISCORD_BOT_DB_BACKUP_BUCKET" + allowed_cidrs = local.mich_cidrs +} + resource "cloudflare_r2_bucket" "static" { account_id = var.cloudflare_account_id name = "static" From 7fa9696806c3c4da523fa3e7727078e5f9ce7382 Mon Sep 17 00:00:00 2001 From: bo0tzz Date: Wed, 4 Mar 2026 13:43:06 +0100 Subject: [PATCH 2/2] fix schedule --- kubernetes/apps/tools/discord-bot/app/backup.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/tools/discord-bot/app/backup.yaml b/kubernetes/apps/tools/discord-bot/app/backup.yaml index 7103905e7..ddd9ba9aa 100644 --- a/kubernetes/apps/tools/discord-bot/app/backup.yaml +++ b/kubernetes/apps/tools/discord-bot/app/backup.yaml @@ -4,6 +4,6 @@ metadata: name: discord-bot-db-daily-backup namespace: tools spec: - schedule: "0 18 * * *" + schedule: "0 0 18 * * *" cluster: name: discord-bot-db