apiVersion: batch/v1
kind: CronJob
metadata:
  name: backup
spec:
  schedule: "0 0 * * *"
  jobTemplate:
    spec:
      template:
        spec:
          volumes:
            - name: backup-storage
              emptyDir: {}
          restartPolicy: Never
          containers:
            - name: backup-container
              image: docker.sunet.se/drive/duplicity:bookworm-slim-1
              command: ["duplicity"]
              args: ["/backup_storage", "rclone://destination:${BUCKET}", "--no-encryption", "--full-if-older-than", "1M" ]
              env:
                - name: RCLONE_CONFIG_DESTINATION_ACL
                  value: private
                - name: RCLONE_CONFIG_DESTINATION_TYPE
                  value: s3
                - name: RCLONE_CONFIG_DESTINATION_ENDPOINT
                  value: s3.sto3.safedc.net
                - name: RCLONE_CONFIG_DESTINATION_PROVIDER
                  value: Ceph
              volumeMounts:
                - name: backup-storage
                  mountPath: /backup_storage
                  mountPropagation: HostToContainer
            - name: mount-container
              image: rclone/rclone:1.69.0
              securityContext:
                privileged: true
              args: ["mount", "--allow-non-empty", "source:${BUCKET}", "/backup_storage"]
              env:
                - name: RCLONE_CONFIG_SOURCE_ACL
                  value: private
                - name: RCLONE_CONFIG_SOURCE_TYPE
                  value: s3
                - name: RCLONE_CONFIG_SOURCE_ENDPOINT
                  value: s3.sto4.safedc.net
                - name: RCLONE_CONFIG_SOURCE_PROVIDER
                  value: Ceph
              volumeMounts:
                - name: backup-storage
                  mountPath: /backup_storage
                  mountPropagation: Bidirectional