diff --git a/src/main/clj/dda/c4k_gitea/uberjar.clj b/src/main/clj/dda/c4k_gitea/uberjar.clj index f23b20a..28e15a9 100644 --- a/src/main/clj/dda/c4k_gitea/uberjar.clj +++ b/src/main/clj/dda/c4k_gitea/uberjar.clj @@ -6,4 +6,4 @@ [dda.c4k-common.uberjar :as uberjar])) (defn -main [& cmd-args] - (uberjar/main-common "c4k-gitea" gitea/config? gitea/auth? gitea/config-defaults core/k8s-objects cmd-args)) + (uberjar/main-common "c4k-gitea" core/config? core/auth? core/config-defaults core/k8s-objects cmd-args)) diff --git a/src/main/cljc/dda/c4k_gitea/backup.cljc b/src/main/cljc/dda/c4k_gitea/backup.cljc new file mode 100644 index 0000000..b5b32f1 --- /dev/null +++ b/src/main/cljc/dda/c4k_gitea/backup.cljc @@ -0,0 +1,46 @@ +(ns dda.c4k-gitea.backup + (:require + [clojure.spec.alpha :as s] + #?(:cljs [shadow.resource :as rc]) + [dda.c4k-common.yaml :as yaml] + [dda.c4k-common.base64 :as b64] + [dda.c4k-common.common :as cm])) + +(s/def ::aws-access-key-id cm/bash-env-string?) +(s/def ::aws-secret-access-key cm/bash-env-string?) +(s/def ::restic-password cm/bash-env-string?) +(s/def ::restic-repository cm/bash-env-string?) + +(def auth? (s/keys :req-un [::aws-access-key-id ::aws-secret-access-key ::restic-password ::restic-repository])) + +#?(:cljs + (defmethod yaml/load-resource :backup [resource-name] + (case resource-name + "backup/config.yaml" (rc/inline "backup/config.yaml") + "backup/cron.yaml" (rc/inline "backup/cron.yaml") + "backup/secret.yaml" (rc/inline "backup/secret.yaml") + "backup/backup-restore-deployment.yaml" (rc/inline "backup/backup-restore-deployment.yaml") + (throw (js/Error. "Undefined Resource!"))))) + +(defn generate-config [my-conf] + (let [{:keys [restic-repository]} my-conf] + (-> + (yaml/from-string (yaml/load-resource "backup/config.yaml")) + (cm/replace-key-value :restic-repository restic-repository)))) + +(defn generate-cron [] + (yaml/from-string (yaml/load-resource "backup/cron.yaml"))) + +(defn generate-backup-restore-deployment [my-conf] + (let [backup-restore-yaml (yaml/from-string (yaml/load-resource "backup/backup-restore-deployment.yaml"))] + (if (and (contains? my-conf :local-integration-test) (= true (:local-integration-test my-conf))) + (cm/replace-named-value backup-restore-yaml "CERTIFICATE_FILE" "/var/run/secrets/localstack-secrets/ca.crt") + backup-restore-yaml))) + +(defn generate-secret [my-auth] + (let [{:keys [aws-access-key-id aws-secret-access-key restic-password]} my-auth] + (-> + (yaml/from-string (yaml/load-resource "backup/secret.yaml")) + (cm/replace-key-value :aws-access-key-id (b64/encode aws-access-key-id)) + (cm/replace-key-value :aws-secret-access-key (b64/encode aws-secret-access-key)) + (cm/replace-key-value :restic-password (b64/encode restic-password))))) diff --git a/src/main/cljc/dda/c4k_gitea/core.cljc b/src/main/cljc/dda/c4k_gitea/core.cljc index 66d0022..5692dd2 100644 --- a/src/main/cljc/dda/c4k_gitea/core.cljc +++ b/src/main/cljc/dda/c4k_gitea/core.cljc @@ -3,13 +3,32 @@ [dda.c4k-common.yaml :as yaml] [dda.c4k-common.common :as cm] [dda.c4k-gitea.gitea :as gitea] + [dda.c4k-gitea.gitea :as backup] [dda.c4k-common.postgres :as postgres])) +(def config-defaults {:issuer "staging"}) + +(def config? (s/keys :req-un [::gitea/fqdn + ::gitea/mailer-from + ::gitea/mailer-host-port + ::gitea/service-noreply-address] + :opt-un [::gitea/issuer + ::gitea/default-app-name + ::gitea/service-domain-whitelist + ::backup/restic-repository])) + +(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password + ::gitea/mailer-user ::gitea/mailer-pw + ::backup/aws-access-key-id ::backup/aws-secret-access-key + ::backup/restic-password])) + +(def vol? (s/keys :req-un [::gitea/volume-total-storage-size])) + (defn k8s-objects [config] (let [storage-class (if (contains? config :postgres-data-volume-path) :manual :local-path)] - (cm/concat-vec - (map yaml/to-string - (filter #(not (nil? %)) + (map yaml/to-string + (filter #(not (nil? %)) + (cm/concat-vec [(postgres/generate-config {:postgres-size :2gb :db-name "gitea"}) (postgres/generate-secret config) (when (contains? config :postgres-data-volume-path) @@ -27,4 +46,9 @@ (gitea/generate-appini-env config) (gitea/generate-secrets config) (gitea/generate-ingress config) - (gitea/generate-certificate config)]))))) + (gitea/generate-certificate config)] + (when (contains? config :restic-repository) + [(backup/generate-config config) + (backup/generate-secret config) + (backup/generate-cron) + (backup/generate-backup-restore-deployment config)])))))) diff --git a/src/main/cljc/dda/c4k_gitea/gitea.cljc b/src/main/cljc/dda/c4k_gitea/gitea.cljc index 8e55138..2cf0d62 100644 --- a/src/main/cljc/dda/c4k_gitea/gitea.cljc +++ b/src/main/cljc/dda/c4k_gitea/gitea.cljc @@ -10,8 +10,7 @@ [dda.c4k-common.yaml :as yaml] [dda.c4k-common.common :as cm] [dda.c4k-common.base64 :as b64] - [dda.c4k-common.predicate :as pred] - [dda.c4k-common.postgres :as postgres])) + [dda.c4k-common.predicate :as pred])) (defn domain-list? [input] @@ -30,20 +29,6 @@ (s/def ::issuer pred/letsencrypt-issuer?) (s/def ::volume-total-storage-size (partial pred/int-gt-n? 5)) -(def config-defaults {:issuer "staging"}) - -(def config? (s/keys :req-un [::fqdn - ::mailer-from - ::mailer-host-port - ::service-noreply-address] - :opt-un [::issuer - ::default-app-name - ::service-domain-whitelist])) - -(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password ::mailer-user ::mailer-pw])) - -(def vol? (s/keys :req-un [::volume-total-storage-size])) - (defn-spec root-storage-by-volume-size int? [volume-total-storage-size ::volume-total-storage-size] (cond @@ -74,8 +59,8 @@ (defmethod yaml/load-as-edn :gitea [resource-name] (yaml/from-string (yaml/load-resource resource-name)))) -(defn-spec generate-appini-env pred/map-or-seq? - [config config?] +(defn generate-appini-env + [config] (let [{:keys [default-app-name fqdn mailer-from @@ -95,8 +80,8 @@ (cm/replace-all-matching-values-by-new-value "WHITELISTDOMAINS" service-domain-whitelist) (cm/replace-all-matching-values-by-new-value "NOREPLY" service-noreply-address)))) -(defn-spec generate-secrets pred/map-or-seq? - [auth auth?] +(defn generate-secrets + [auth] (let [{:keys [postgres-db-user postgres-db-password mailer-user @@ -115,8 +100,8 @@ (yaml/load-as-edn "gitea/ingress.yaml") (cm/replace-all-matching-values-by-new-value "FQDN" fqdn)))) -(defn-spec generate-certificate pred/map-or-seq? - [config config?] +(defn generate-certificate + [config] (let [{:keys [fqdn issuer] :or {issuer "staging"}} config letsencrypt-issuer (name issuer)] @@ -125,16 +110,16 @@ (assoc-in [:spec :issuerRef :name] letsencrypt-issuer) (cm/replace-all-matching-values-by-new-value "FQDN" fqdn)))) -(defn-spec generate-root-volume pred/map-or-seq? - [config vol?] +(defn generate-root-volume + [config] (let [{:keys [volume-total-storage-size]} config root-storage-size (root-storage-by-volume-size volume-total-storage-size)] (-> (yaml/load-as-edn "gitea/rootvolume.yaml") (cm/replace-all-matching-values-by-new-value "ROOTSTORAGESIZE" (str (str root-storage-size) "Gi"))))) -(defn-spec generate-data-volume pred/map-or-seq? - [config vol?] +(defn generate-data-volume + [config] (let [{:keys [volume-total-storage-size]} config root-storage-size (root-storage-by-volume-size volume-total-storage-size) data-storage-size (data-storage-by-volume-size volume-total-storage-size root-storage-size)] @@ -142,14 +127,14 @@ (yaml/load-as-edn "gitea/datavolume.yaml") (cm/replace-all-matching-values-by-new-value "DATASTORAGESIZE" (str (str data-storage-size) "Gi"))))) -(defn-spec generate-deployment pred/map-or-seq? +(defn generate-deployment [] (yaml/load-as-edn "gitea/deployment.yaml")) -(defn-spec generate-service pred/map-or-seq? +(defn generate-service [] (yaml/load-as-edn "gitea/service.yaml")) -(defn-spec generate-service-ssh pred/map-or-seq? +(defn generate-service-ssh [] (yaml/load-as-edn "gitea/service-ssh.yaml"))