apiVersion: batch/v1
kind: CronJob
metadata:
  name: backup
spec:
  schedule: "0 0 * * *"
  jobTemplate:
    spec:
      template:
        spec:
          restartPolicy: Never
          containers:
            - name: backup-container
              image: docker.sunet.se/drive/duplicity:bookworm-slim-1
              command: ["bash"]
              securityContext:
                privileged: true
              args: ["-c", "mkdir -p $(MOUNT_POINT) && rclone mount source:$(SOURCE_BUCKET) $(MOUNT_POINT) --daemon && duplicity $(MOUNT_POINT) rclone://destination:$(DESTINATION_BUCKET) --no-encryption --full-if-older-than 1M; umount $(MOUNT_POINT)"]
              env:
                - name: MOUNT_POINT
                  value: /backup_data
                - name: RCLONE_CONFIG_DESTINATION_ACL
                  value: private
                - name: RCLONE_CONFIG_DESTINATION_TYPE
                  value: s3
                - name: RCLONE_CONFIG_DESTINATION_ENDPOINT
                  value: s3.sto3.safedc.net
                - name: RCLONE_CONFIG_DESTINATION_PROVIDER
                  value: Ceph
                - name: RCLONE_CONFIG_SOURCE_ACL
                  value: private
                - name: RCLONE_CONFIG_SOURCE_TYPE
                  value: s3
                - name: RCLONE_CONFIG_SOURCE_ENDPOINT
                  value: s3.sto4.safedc.net
                - name: RCLONE_CONFIG_SOURCE_PROVIDER
                  value: Ceph