migrate to local backups

alexlebens · alexlebens · commit d7ade8fc4273 · 2025-10-29T18:01:15.000-05:00
diff --git a/clusters/cl01tl/applications/roundcube/templates/external-secret.yaml b/clusters/cl01tl/applications/roundcube/templates/external-secret.yaml
@@ -111,10 +111,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: roundcube-postgresql-17-cluster-backup-secret-weekly
+  name: roundcube-postgresql-17-cluster-backup-secret-garage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: roundcube-postgresql-17-cluster-backup-secret-weekly
+    app.kubernetes.io/name: roundcube-postgresql-17-cluster-backup-secret-garage
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -136,3 +136,10 @@ spec:
         key: /garage/home-infra/postgres-backups
         metadataPolicy: None
         property: ACCESS_SECRET_KEY
+    - secretKey: ACCESS_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/postgres-backups
+        metadataPolicy: None
+        property: ACCESS_REGION
diff --git a/clusters/cl01tl/applications/roundcube/values.yaml b/clusters/cl01tl/applications/roundcube/values.yaml
@@ -219,20 +219,30 @@ postgres-17-cluster:
   recovery:
     method: objectStore
     objectStore:
-      destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/roundcube/roundcube-postgresql-17-cluster
-      index: 2
+      destinationPath: s3://postgres-backups/cl01tl/roundcube/roundcube-postgresql-17-cluster
+      endpointURL: http://garage-main.garage:3900
+      index: 1
+      endpointCredentials: roundcube-postgresql-17-cluster-backup-secret-garage
   backup:
     objectStore:
       - name: external
         destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/roundcube/roundcube-postgresql-17-cluster
         index: 2
         retentionPolicy: "2d"
+        isWALArchiver: false
+      - name: garage-local
+        destinationPath: s3://postgres-backups/cl01tl/roundcube/roundcube-postgresql-17-cluster
+        index: 1
+        endpointURL: http://garage-main.garage:3900
+        endpointCredentials: roundcube-postgresql-17-cluster-backup-secret-garage
+        endpointCredentialsIncludeRegion: true
+        retentionPolicy: "7d"
         isWALArchiver: true
-      # - name: garage
+      # - name: garage-remote
       #   destinationPath: s3://postgres-backups/cl01tl/roundcube/roundcube-postgresql-17-cluster
       #   index: 1
       #   endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
-      #   endpointCredentials: roundcube-postgresql-17-cluster-backup-secret-weekly
+      #   endpointCredentials: roundcube-postgresql-17-cluster-backup-secret-garage
       #   retentionPolicy: "30d"
       #   data:
       #     compression: bzip2
@@ -242,7 +252,12 @@ postgres-17-cluster:
         suspend: false
         schedule: "0 0 0 * * *"
         backupName: external
+      - name: live-backup
+        suspend: false
+        immediate: true
+        schedule: "0 0 0 * * *"
+        backupName: garage-local
       # - name: weekly-backup
       #   suspend: false
       #   schedule: "0 24 4 * * SAT"
-      #   backupName: garage
+      #   backupName: garage-remote
diff --git a/clusters/cl01tl/applications/sonarr-4k/templates/external-secret.yaml b/clusters/cl01tl/applications/sonarr-4k/templates/external-secret.yaml
@@ -88,10 +88,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: sonarr-4k-postgresql-17-cluster-backup-secret-weekly
+  name: sonarr-4k-postgresql-17-cluster-backup-secret-garage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: sonarr-4k-postgresql-17-cluster-backup-secret-weekly
+    app.kubernetes.io/name: sonarr-4k-postgresql-17-cluster-backup-secret-garage
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -113,3 +113,10 @@ spec:
         key: /garage/home-infra/postgres-backups
         metadataPolicy: None
         property: ACCESS_SECRET_KEY
+    - secretKey: ACCESS_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/postgres-backups
+        metadataPolicy: None
+        property: ACCESS_REGION
diff --git a/clusters/cl01tl/applications/sonarr-4k/values.yaml b/clusters/cl01tl/applications/sonarr-4k/values.yaml
@@ -103,22 +103,31 @@ postgres-17-cluster:
   recovery:
     method: objectStore
     objectStore:
-      destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/sonarr4-4k/sonarr4-4k-postgresql-17-cluster
+      destinationPath: s3://postgres-backups/cl01tl/sonarr-4k/sonarr4-4k-postgresql-17-cluster
+      endpointURL: http://garage-main.garage:3900
       index: 1
-      endpointCredentials: sonarr-4k-postgresql-17-cluster-backup-secret
+      endpointCredentials: sonarr-4k-postgresql-17-cluster-backup-secret-garage
   backup:
     objectStore:
       - name: external
         destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/sonarr4-4k/sonarr4-4k-postgresql-17-cluster
         index: 1
         endpointCredentials: sonarr-4k-postgresql-17-cluster-backup-secret
         retentionPolicy: "2d"
+        isWALArchiver: false
+      - name: garage-local
+        destinationPath: s3://postgres-backups/cl01tl/sonarr-4k/sonarr4-4k-postgresql-17-cluster
+        index: 1
+        endpointURL: http://garage-main.garage:3900
+        endpointCredentials: sonarr-4k-postgresql-17-cluster-backup-secret-garage
+        endpointCredentialsIncludeRegion: true
+        retentionPolicy: "7d"
         isWALArchiver: true
-      # - name: garage
+      # - name: garage-remote
       #   destinationPath: s3://postgres-backups/cl01tl/sonarr-4k/sonarr4-4k-postgresql-17-cluster
       #   index: 1
       #   endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
-      #   endpointCredentials: sonarr-4k-postgresql-17-cluster-backup-secret-weekly
+      #   endpointCredentials: sonarr-4k-postgresql-17-cluster-backup-secret-garage
       #   retentionPolicy: "30d"
       #   data:
       #     compression: bzip2
@@ -128,7 +137,12 @@ postgres-17-cluster:
         suspend: false
         schedule: "0 0 0 * * *"
         backupName: external
+      - name: live-backup
+        suspend: false
+        immediate: true
+        schedule: "0 0 0 * * *"
+        backupName: garage-local
       # - name: weekly-backup
       #   suspend: false
       #   schedule: "0 28 4 * * SAT"
-      #   backupName: garage
+      #   backupName: garage-remote
diff --git a/clusters/cl01tl/applications/sonarr-anime/templates/external-secret.yaml b/clusters/cl01tl/applications/sonarr-anime/templates/external-secret.yaml
@@ -88,10 +88,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: sonarr-anime-postgresql-17-cluster-backup-secret-weekly
+  name: sonarr-anime-postgresql-17-cluster-backup-secret-garage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: sonarr-anime-postgresql-17-cluster-backup-secret-weekly
+    app.kubernetes.io/name: sonarr-anime-postgresql-17-cluster-backup-secret-garage
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -113,3 +113,10 @@ spec:
         key: /garage/home-infra/postgres-backups
         metadataPolicy: None
         property: ACCESS_SECRET_KEY
+    - secretKey: ACCESS_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/postgres-backups
+        metadataPolicy: None
+        property: ACCESS_REGION
diff --git a/clusters/cl01tl/applications/sonarr-anime/values.yaml b/clusters/cl01tl/applications/sonarr-anime/values.yaml
@@ -103,22 +103,31 @@ postgres-17-cluster:
   recovery:
     method: objectStore
     objectStore:
-      destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/sonarr4-anime/sonarr4-anime-postgresql-17-cluster
+      destinationPath: s3://postgres-backups/cl01tl/sonarr-anime/sonarr4-anime-postgresql-17-cluster
+      endpointURL: http://garage-main.garage:3900
       index: 1
-      endpointCredentials: sonarr-anime-postgresql-17-cluster-backup-secret
+      endpointCredentials: sonarr-anime-postgresql-17-cluster-backup-secret-garage
   backup:
     objectStore:
       - name: external
         destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/sonarr4-anime/sonarr4-anime-postgresql-17-cluster
         index: 1
         endpointCredentials: sonarr-anime-postgresql-17-cluster-backup-secret
         retentionPolicy: "2d"
+        isWALArchiver: false
+      - name: garage-local
+        destinationPath: s3://postgres-backups/cl01tl/sonarr-anime/sonarr4-anime-postgresql-17-cluster
+        index: 1
+        endpointURL: http://garage-main.garage:3900
+        endpointCredentials: sonarr-anime-postgresql-17-cluster-backup-secret-garage
+        endpointCredentialsIncludeRegion: true
+        retentionPolicy: "7d"
         isWALArchiver: true
-    #   - name: garage
+    #   - name: garage-remote
     #     destinationPath: s3://postgres-backups/cl01tl/sonarr-anime/sonarr4-anime-postgresql-17-cluster
     #     index: 1
     #     endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
-    #     endpointCredentials: sonarr-anime-postgresql-17-cluster-backup-secret-weekly
+    #     endpointCredentials: sonarr-anime-postgresql-17-cluster-backup-secret-garage
     #     retentionPolicy: "30d"
     #     data:
     #       compression: bzip2
@@ -128,7 +137,12 @@ postgres-17-cluster:
         suspend: false
         schedule: "0 0 0 * * *"
         backupName: external
+      - name: live-backup
+        suspend: false
+        immediate: true
+        schedule: "0 0 0 * * *"
+        backupName: garage-local
       # - name: weekly-backup
       #   suspend: false
       #   schedule: "0 30 4 * * SAT"
-      #   backupName: garage
+      #   backupName: garage-remote
diff --git a/clusters/cl01tl/applications/sonarr/templates/external-secret.yaml b/clusters/cl01tl/applications/sonarr/templates/external-secret.yaml
@@ -88,10 +88,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: sonarr-postgresql-17-cluster-backup-secret-weekly
+  name: sonarr-postgresql-17-cluster-backup-secret-garage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: sonarr-postgresql-17-cluster-backup-secret-weekly
+    app.kubernetes.io/name: sonarr-postgresql-17-cluster-backup-secret-garage
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -113,3 +113,10 @@ spec:
         key: /garage/home-infra/postgres-backups
         metadataPolicy: None
         property: ACCESS_SECRET_KEY
+    - secretKey: ACCESS_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/postgres-backups
+        metadataPolicy: None
+        property: ACCESS_REGION
diff --git a/clusters/cl01tl/applications/sonarr/values.yaml b/clusters/cl01tl/applications/sonarr/values.yaml
@@ -104,22 +104,31 @@ postgres-17-cluster:
   recovery:
     method: objectStore
     objectStore:
-      destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/sonarr4/sonarr4-postgresql-17-cluster
+      destinationPath: s3://postgres-backups/cl01tl/sonarr/sonarr4-postgresql-17-cluster
+      endpointURL: http://garage-main.garage:3900
       index: 1
-      endpointCredentials: sonarr-postgresql-17-cluster-backup-secret
+      endpointCredentials: sonarr-postgresql-17-cluster-backup-secret-garage
   backup:
     objectStore:
       - name: external
         destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/sonarr4/sonarr4-postgresql-17-cluster
         index: 1
         endpointCredentials: sonarr-postgresql-17-cluster-backup-secret
         retentionPolicy: "1d"
+        isWALArchiver: false
+      - name: garage-local
+        destinationPath: s3://postgres-backups/cl01tl/sonarr/sonarr4-postgresql-17-cluster
+        index: 1
+        endpointURL: http://garage-main.garage:3900
+        endpointCredentials: sonarr-postgresql-17-cluster-backup-secret-garage
+        endpointCredentialsIncludeRegion: true
+        retentionPolicy: "7d"
         isWALArchiver: true
-      # - name: garage
+      # - name: garage-remote
       #   destinationPath: s3://postgres-backups/cl01tl/sonarr/sonarr4-postgresql-17-cluster
       #   index: 1
       #   endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
-      #   endpointCredentials: sonarr-postgresql-17-cluster-backup-secret-weekly
+      #   endpointCredentials: sonarr-postgresql-17-cluster-backup-secret-garage
       #   retentionPolicy: "30d"
       #   data:
       #     compression: bzip2
@@ -129,7 +138,12 @@ postgres-17-cluster:
         suspend: false
         schedule: "0 0 */12 * * *"
         backupName: external
+      - name: live-backup
+        suspend: false
+        immediate: true
+        schedule: "0 0 0 * * *"
+        backupName: garage-local
       # - name: weekly-backup
       #   suspend: false
       #   schedule: "0 26 4 * * SAT"
-      #   backupName: garage
+      #   backupName: garage-remote
diff --git a/clusters/cl01tl/applications/vaultwarden/templates/external-secret.yaml b/clusters/cl01tl/applications/vaultwarden/templates/external-secret.yaml
@@ -111,10 +111,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: vaultwarden-postgresql-17-cluster-backup-secret-weekly
+  name: vaultwarden-postgresql-17-cluster-backup-secret-garage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: vaultwarden-postgresql-17-cluster-backup-secret-weekly
+    app.kubernetes.io/name: vaultwarden-postgresql-17-cluster-backup-secret-garage
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -136,3 +136,10 @@ spec:
         key: /garage/home-infra/postgres-backups
         metadataPolicy: None
         property: ACCESS_SECRET_KEY
+    - secretKey: ACCESS_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/postgres-backups
+        metadataPolicy: None
+        property: ACCESS_REGION
diff --git a/clusters/cl01tl/applications/vaultwarden/values.yaml b/clusters/cl01tl/applications/vaultwarden/values.yaml
@@ -63,20 +63,30 @@ postgres-17-cluster:
   recovery:
     method: objectStore
     objectStore:
-      destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/vaultwarden/vaultwarden-postgresql-17-cluster
+      destinationPath: s3://postgres-backups/cl01tl/vaultwarden/vaultwarden-postgresql-17-cluster
+      endpointURL: http://garage-main.garage:3900
       index: 1
+      endpointCredentials: vaultwarden-postgresql-17-cluster-backup-secret-garage
   backup:
     objectStore:
       - name: external
         destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/vaultwarden/vaultwarden-postgresql-17-cluster
         index: 1
         retentionPolicy: "2d"
+        isWALArchiver: false
+      - name: garage-local
+        destinationPath: s3://postgres-backups/cl01tl/vaultwarden/vaultwarden-postgresql-17-cluster
+        index: 1
+        endpointURL: http://garage-main.garage:3900
+        endpointCredentials: vaultwarden-postgresql-17-cluster-backup-secret-garage
+        endpointCredentialsIncludeRegion: true
+        retentionPolicy: "7d"
         isWALArchiver: true
-      # - name: garage
+      # - name: garage-remote
       #   destinationPath: s3://postgres-backups/cl01tl/vaultwarden/vaultwarden-postgresql-17-cluster
       #   index: 1
       #   endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
-      #   endpointCredentials: vaultwarden-postgresql-17-cluster-backup-secret-weekly
+      #   endpointCredentials: vaultwarden-postgresql-17-cluster-backup-secret-garage
       #   retentionPolicy: "30d"
       #   data:
       #     compression: bzip2
@@ -86,7 +96,12 @@ postgres-17-cluster:
         suspend: false
         schedule: "0 0 0 * * *"
         backupName: external
+      - name: live-backup
+        suspend: false
+        immediate: true
+        schedule: "0 0 0 * * *"
+        backupName: garage-local
       # - name: weekly-backup
       #   suspend: false
       #   schedule: "0 32 4 * * SAT"
-      #   backupName: garage
+      #   backupName: garage-remote
diff --git a/clusters/cl01tl/applications/yamtrack/templates/external-secret.yaml b/clusters/cl01tl/applications/yamtrack/templates/external-secret.yaml
@@ -77,10 +77,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: yamtrack-postgresql-17-cluster-backup-secret-weekly
+  name: yamtrack-postgresql-17-cluster-backup-secret-garage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: yamtrack-postgresql-17-cluster-backup-secret-weekly
+    app.kubernetes.io/name: yamtrack-postgresql-17-cluster-backup-secret-garage
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -102,3 +102,10 @@ spec:
         key: /garage/home-infra/postgres-backups
         metadataPolicy: None
         property: ACCESS_SECRET_KEY
+    - secretKey: ACCESS_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/postgres-backups
+        metadataPolicy: None
+        property: ACCESS_REGION
diff --git a/clusters/cl01tl/applications/yamtrack/values.yaml b/clusters/cl01tl/applications/yamtrack/values.yaml
