Force credential to be "alive", fixed a typo.

2026-02-08 00:49:45 +01:00 · 2026-02-08 00:49:45 +01:00 · 5e794336d8
commit 5e794336d8
parent 0d903689a3
1 changed files with 3 additions and 1 deletions
--- a/nix-system-configs/modules/system_scripts/gcloud_backup.nix
+++ b/nix-system-configs/modules/system_scripts/gcloud_backup.nix
@ -69,6 +69,7 @@

    export GOOGLE_APPLICATION_CREDENTIALS="${config.sops.secrets.gcloud_bucket.path}"
    export PATH="${lib.makeBinPath [pkgs.postgresql pkgs.gzip pkgs.google-cloud-sdk pkgs.gnupg pkgs.coreutils pkgs.gnugrep]}:$PATH"
+    gcloud auth activate-service-account --key-file="$GOOGLE_APPLICATION_CREDENTIALS"

    TIMESTAMP=$(date +%Y%m%d%H%M%S)
    BACKUP_DIR=$(mktemp -d)
@ -97,6 +98,7 @@

    export GOOGLE_APPLICATION_CREDENTIALS="${config.sops.secrets.gcloud_bucket.path}"
    export PATH="${lib.makeBinPath [pkgs.mariadb pkgs.gzip pkgs.google-cloud-sdk pkgs.gnupg pkgs.coreutils pkgs.gnugrep]}:$PATH"
+    gcloud auth activate-service-account --key-file="$GOOGLE_APPLICATION_CREDENTIALS"

    TIMESTAMP=$(date +%Y%m%d%H%M%S)
    BACKUP_DIR=$(mktemp -d)
@ -110,7 +112,7 @@
      echo "Backing up MariaDB database: $DB"
      FILENAME="mariadb_''${DB}_''${TIMESTAMP}.sql.gz.gpg"
      if mariadb-dump -u root "$DB" | gzip | gpg --batch --trust-model always --encrypt --recipient "${gpgRecipient}" > "$BACKUP_DIR/$FILENAME"; then
-        gcloud storage cp "$BACKUP_DIR/$FILENAME" "gs://${gcsBucket}/postgresql/$FILENAME"
+        gcloud storage cp "$BACKUP_DIR/$FILENAME" "gs://${gcsBucket}/mariadb/$FILENAME"
        echo "Successfully uploaded encrypted $FILENAME"
      else
        echo "Failed to backup $DB" >&2