Add borgmatic backup for Mealie SQLite, set image tag

- Add before_backup hook to borgmatic: kubectl exec + python3 sqlite3 .backup to safely dump the database, then kubectl cp to host - Include k8s-dumps directory in borgmatic source_directories - Generic pattern: borgmatic_k8s_sqlite_dumps list in defaults - Fix PVC storageClassName: standard (not local-path) on minikube - Set container image tag to v3.12.0-5c5fd18 from CI build Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-16 21:36:00 -07:00 · 2026-03-16 21:36:00 -07:00 · ac83bd14e3
commit ac83bd14e3
parent 30a114462c
5 changed files with 33 additions and 2 deletions
--- a/ansible/roles/borgmatic/defaults/main.yml
+++ b/ansible/roles/borgmatic/defaults/main.yml
@ -16,6 +16,7 @@ borgmatic_source_directories:
  - /opt/homebrew/var/forgejo
  - /Users/erichblume/.config/borgmatic
  - /Users/erichblume/Documents
+  - /Users/erichblume/.local/share/borgmatic/k8s-dumps

 # Backup repositories
 borgmatic_repositories:
@ -31,6 +32,19 @@ borgmatic_repositories:
 # BorgBase SSH key (fetched from 1Password in playbook pre_tasks)
 borgmatic_borgbase_ssh_key_path: /Users/erichblume/.ssh/borgbase_ed25519

+# Directory for pre-backup database dumps from k8s pods
+borgmatic_k8s_dump_dir: /Users/erichblume/.local/share/borgmatic/k8s-dumps
+
+# K8s SQLite databases to dump before backup via kubectl exec
+# Each entry runs: kubectl exec <pod-selector> -- sqlite3 <path> ".backup /tmp/backup.db"
+# then copies the dump to borgmatic_k8s_dump_dir/<name>.db
+borgmatic_k8s_sqlite_dumps:
+  - name: mealie
+    namespace: mealie
+    label_selector: app=mealie
+    db_path: /app/data/mealie.db
+    context: minikube-indri
+
 # Exclude patterns
 borgmatic_exclude_patterns: []

--- a/ansible/roles/borgmatic/tasks/main.yml
+++ b/ansible/roles/borgmatic/tasks/main.yml
@ -33,6 +33,13 @@
    key: "u3ugi1x1.repo.borgbase.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGU0mISTyHBw9tBs6SuhSq8tvNM8m9eifQxM+88TowPO"
    state: present

+- name: Ensure k8s dump directory exists
+  ansible.builtin.file:
+    path: "{{ borgmatic_k8s_dump_dir }}"
+    state: directory
+    mode: '0700'
+  when: borgmatic_k8s_sqlite_dumps | length > 0
+
 - name: Deploy borgmatic configuration
  ansible.builtin.template:
    src: config.yaml.j2
--- a/ansible/roles/borgmatic/templates/config.yaml.j2
+++ b/ansible/roles/borgmatic/templates/config.yaml.j2
@ -31,6 +31,16 @@ exclude_patterns:

 encryption_passcommand: {{ borgmatic_encryption_passcommand }}

+{% if borgmatic_k8s_sqlite_dumps %}
+# Pre-backup: dump SQLite databases from k8s pods
+# Uses sqlite3 .backup for a safe, consistent copy (no corruption from concurrent writes)
+before_backup:
+    - mkdir -p {{ borgmatic_k8s_dump_dir }}
+{% for db in borgmatic_k8s_sqlite_dumps %}
+    - /opt/homebrew/bin/kubectl --context={{ db.context }} exec -n {{ db.namespace }} deploy/{{ db.name }} -- python3 -c "import sqlite3; sqlite3.connect('{{ db.db_path }}').backup(sqlite3.connect('/tmp/{{ db.name }}-backup.db'))" && /opt/homebrew/bin/kubectl --context={{ db.context }} cp {{ db.namespace }}/$(/opt/homebrew/bin/kubectl --context={{ db.context }} get pod -n {{ db.namespace }} -l {{ db.label_selector }} -o jsonpath='{.items[0].metadata.name}'):/tmp/{{ db.name }}-backup.db {{ borgmatic_k8s_dump_dir }}/{{ db.name }}.db
+{% endfor %}
+{% endif %}
+
 ssh_command: ssh -o IdentitiesOnly=yes -i {{ borgmatic_borgbase_ssh_key_path }}

 # Retention policy
--- a/argocd/manifests/mealie/kustomization.yaml
+++ b/argocd/manifests/mealie/kustomization.yaml
@ -11,4 +11,4 @@ resources:

 images:
  - name: registry.ops.eblu.me/blumeops/mealie
-    newTag: v3.12.0-0000000
+    newTag: v3.12.0-5c5fd18
--- a/argocd/manifests/mealie/pvc.yaml
+++ b/argocd/manifests/mealie/pvc.yaml
@ -7,7 +7,7 @@ metadata:
 spec:
  accessModes:
    - ReadWriteOnce
-  storageClassName: local-path
+  storageClassName: standard
  resources:
    requests:
      storage: 2Gi