---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: "${APP}-volsync-r2"
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: onepassword-connect
  target:
    name: "${APP}-volsync-r2-secret"
    template:
      engineVersion: v2
      data:
        RESTIC_REPOSITORY: "{{ .REPOSITORY_TEMPLATE }}/${APP}"
        RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}"
        AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}"
        AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}"
  dataFrom:
    - extract:
        key: cloudflare
    - extract:
        key: volsync-r2-template
---
# yaml-language-server: $schema=https://ks.hsn.dev/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
  name: "${APP}-r2"
spec:
  sourcePVC: "${APP}"
  trigger:
    schedule: "0 0 * * *"
  restic:
    copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
    pruneIntervalDays: 7
    repository: "${APP}-volsync-r2-secret"
    volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-openebs-zfs}"
    cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
    cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-zfs}"
    cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
    storageClassName: "${VOLSYNC_STORAGECLASS:-openebs-zfs}"
    accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
    moverSecurityContext:
      runAsUser: ${APP_UID:-568}
      runAsGroup: ${APP_GID:-568}
      fsGroup: ${APP_GID:-568}
    retain:
      daily: 7