# services/maintenance/oneoffs/titan-24-lesavka-desktop-helper-cleanup-job.yaml # One-off cleanup for the temporary Lesavka paste-test desktop on titan-24. # Run by setting spec.suspend to false, reconcile, then set it back to true. apiVersion: batch/v1 kind: Job metadata: name: titan-24-lesavka-desktop-helper-cleanup namespace: maintenance annotations: kustomize.toolkit.fluxcd.io/force: "true" spec: suspend: true backoffLimit: 1 ttlSecondsAfterFinished: 3600 template: metadata: labels: app: titan-24-lesavka-desktop-helper-cleanup spec: restartPolicy: Never nodeSelector: kubernetes.io/hostname: titan-24 tolerations: - key: node.kubernetes.io/not-ready operator: Exists effect: NoSchedule - key: node.kubernetes.io/unreachable operator: Exists effect: NoSchedule - key: node.kubernetes.io/not-ready operator: Exists effect: NoExecute tolerationSeconds: 300 - key: node.kubernetes.io/unreachable operator: Exists effect: NoExecute tolerationSeconds: 300 hostPID: true containers: - name: cleanup image: debian:13-slim securityContext: privileged: true runAsUser: 0 command: ["/bin/sh", "-c"] args: - | set -euo pipefail chroot /host /usr/bin/env bash <<'EOS' set -euo pipefail username="lesavka-test" rm -f /etc/sddm.conf.d/60-lesavka-test-autologin.conf if id "${username}" >/dev/null 2>&1; then loginctl terminate-user "${username}" >/dev/null 2>&1 || true userdel -r "${username}" >/dev/null 2>&1 || true fi EOS nsenter -t 1 -m -u -i -n -p -- systemctl restart sddm || \ nsenter -t 1 -m -u -i -n -p -- systemctl restart display-manager volumeMounts: - name: host-root mountPath: /host volumes: - name: host-root hostPath: path: /