{{- if .Values.backups.enabled -}}
# Daily dump job. Same image as the Postgres pod, so pg_dump is
# version-matched. Output goes to the dedicated backup PVC; the same
# job script prunes older dumps to honor `backups.retain`.
#
# Tower's "Backup Now" feature creates a one-off Job from this same
# template at request time — see backend/cmd/api/backups.go.
apiVersion: batch/v1
kind: CronJob
metadata:
  name: {{ include "instance.fullname" . }}-backup
  labels:
    {{- include "instance.labels" . | nindent 4 }}
    odoosky.io/role: backup
spec:
  schedule: {{ .Values.backups.schedule | quote }}
  concurrencyPolicy: Forbid
  successfulJobsHistoryLimit: 5
  failedJobsHistoryLimit: 3
  jobTemplate:
    metadata:
      labels:
        {{- include "instance.labels" . | nindent 8 }}
        odoosky.io/role: backup
    spec:
      backoffLimit: 1
      template:
        metadata:
          labels:
            {{- include "instance.labels" . | nindent 12 }}
            odoosky.io/role: backup
        spec:
          restartPolicy: Never
          containers:
            - name: pgdump
              image: "{{ .Values.postgres.image }}:{{ .Values.postgres.tag }}"
              imagePullPolicy: IfNotPresent
              env:
                - name: PGHOST
                  value: {{ include "instance.fullname" . }}-pg
                - name: PGUSER
                  valueFrom:
                    secretKeyRef:
                      name: {{ include "instance.fullname" . }}-pg
                      key: POSTGRES_USER
                - name: PGPASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: {{ include "instance.fullname" . }}-pg
                      key: POSTGRES_PASSWORD
                - name: PGDATABASE
                  valueFrom:
                    secretKeyRef:
                      name: {{ include "instance.fullname" . }}-pg
                      key: POSTGRES_DB
                - name: RETAIN
                  value: {{ .Values.backups.retain | quote }}
              command:
                - /bin/sh
                - -c
                - |
                  set -e
                  TS=$(date -u +%Y%m%dT%H%M%SZ)
                  OUT=/backups/${TS}.sql.gz
                  mkdir -p /backups
                  echo ">>> pg_dump → $OUT"
                  pg_dump --format=plain --clean --if-exists --no-owner --no-acl \
                    | gzip -9 > "$OUT"
                  echo ">>> wrote $(du -h "$OUT" | cut -f1)"
                  # Rotate: keep only the newest $RETAIN dumps.
                  cd /backups
                  ls -1t *.sql.gz 2>/dev/null \
                    | awk -v n=$RETAIN 'NR > n' \
                    | xargs -r rm -v
                  ls -lh /backups
              volumeMounts:
                - name: backups
                  mountPath: /backups
              resources:
                requests:
                  cpu: 100m
                  memory: 256Mi
                limits:
                  cpu: "1"
                  memory: 1Gi
          volumes:
            - name: backups
              persistentVolumeClaim:
                claimName: {{ include "instance.fullname" . }}-backups
{{- end }}