Oeh, I am "loving" NixOS right now.

2026-02-07 23:50:44 +01:00 · 2026-02-07 23:50:44 +01:00 · c4fe904896
commit c4fe904896
parent d6af466263
5 changed files with 51 additions and 63 deletions
--- a/nix-system-configs/modules/system_scripts/backup_mariadb.zsh
+++ b/nix-system-configs/modules/system_scripts/backup_mariadb.zsh
@ -1,23 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-TIMESTAMP=$(date +%Y%m%d%H%M%S)
-BACKUP_DIR=$(mktemp -d)
-trap 'rm -rf "$BACKUP_DIR"' EXIT
-
-gpg --batch --import "${GPG_KEY_FILE}"
-
-DATABASES=$(mysql -u root -e "SHOW DATABASES;" | grep -Ev "^(Database|information_schema|performance_schema|mysql|sys)$")
-
-for DB in $DATABASES; do
-  echo "Backing up MariaDB database: $DB"
-
-  FILENAME="mariadb_${DB}_${TIMESTAMP}.sql.gz.gpg"
-  if mysqldump -u root "$DB" | gzip | gpg --batch --encrypt --recipient "${GPG_RECIPIENT}" > "$BACKUP_DIR/$FILENAME"; then
-    gsutil cp "$BACKUP_DIR/$FILENAME" "gs://${GCS_BUCKET}/mariadb/$FILENAME"
-    echo "Successfully uploaded encrypted $FILENAME"
-  else
-    echo "Failed to backup $DB" >&2
-    exit 1
-  fi
-done
--- a/nix-system-configs/modules/system_scripts/backup_postgresql.zsh
+++ b/nix-system-configs/modules/system_scripts/backup_postgresql.zsh
@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-TIMESTAMP=$(date +%Y%m%d%H%M%S)
-BACKUP_DIR=$(mktemp -d)
-trap 'rm -rf "$BACKUP_DIR"' EXIT
-
-# Import GPG key for encryption
-gpg --batch --import "${GPG_KEY_FILE}"
-
-DATABASES=$(psql -U postgres -t -c "SELECT datname FROM pg_database WHERE datistemplate = false AND datname != 'postgres';" | grep -v '^$')
-
-for DB in $DATABASES; do
-  DB=$(echo "$DB" | xargs)
-  echo "Backing up PostgreSQL database: $DB"
-  FILENAME="pgsql_${DB}_${TIMESTAMP}.sql.gz.gpg"
-  if pg_dump -U postgres -d "$DB" | gzip | gpg --batch --encrypt --recipient "${GPG_RECIPIENT}" > "$BACKUP_DIR/$FILENAME"; then
-    gsutil cp "$BACKUP_DIR/$FILENAME" "gs://${GCS_BUCKET}/postgresql/$FILENAME"
-    echo "Successfully uploaded encrypted $FILENAME"
-  else
-    echo "Failed to backup $DB" >&2
-    exit 1
-  fi
-done
--- a/nix-system-configs/modules/system_scripts/gcloud_backup.nix
+++ b/nix-system-configs/modules/system_scripts/gcloud_backup.nix
@ -64,24 +64,59 @@
    -----END PGP PUBLIC KEY BLOCK-----
  '';

-  postgresBackupScript = pkgs.writeShellScript "backup-postgresql-wrapper" ''
-    export GOOGLE_APPLICATION_CREDENTIALS="${config.sops.secrets.gcloud_bucket.path}"
-    export GCS_BUCKET="${gcsBucket}"
-    export GPG_RECIPIENT="${gpgRecipient}"
-    export GPG_PUBLIC_KEY="${gpgPublicKey}"
-    export PATH="${lib.makeBinPath [pkgs.postgresql pkgs.gzip pkgs.google-cloud-sdk pkgs.gnupg]}:$PATH"
+  postgresBackupScript = pkgs.writeShellScript "backup-postgresql" ''
+    set -euo pipefail

-    exec ${./backup_postgresql.zsh}
+    export GOOGLE_APPLICATION_CREDENTIALS="${config.sops.secrets.gcloud_bucket.path}"
+    export PATH="${lib.makeBinPath [pkgs.postgresql pkgs.gzip pkgs.google-cloud-sdk pkgs.gnupg pkgs.coreutils pkgs.gnugrep]}:$PATH"
+
+    TIMESTAMP=$(date +%Y%m%d%H%M%S)
+    BACKUP_DIR=$(mktemp -d)
+    trap 'rm -rf "$BACKUP_DIR"' EXIT
+
+    gpg --batch --import "${gpgPublicKey}"
+
+    DATABASES=$(psql -U postgres -t -c "SELECT datname FROM pg_database WHERE datistemplate = false AND datname != 'postgres';" | grep -v '^$')
+
+    for DB in $DATABASES; do
+      DB=$(echo "$DB" | xargs)
+      echo "Backing up PostgreSQL database: $DB"
+      FILENAME="pgsql_''${DB}_''${TIMESTAMP}.sql.gz.gpg"
+      if pg_dump -U postgres -d "$DB" | gzip | gpg --batch --encrypt --recipient "${gpgRecipient}" > "$BACKUP_DIR/$FILENAME"; then
+        gsutil cp "$BACKUP_DIR/$FILENAME" "gs://${gcsBucket}/postgresql/$FILENAME"
+        echo "Successfully uploaded encrypted $FILENAME"
+      else
+        echo "Failed to backup $DB" >&2
+        exit 1
+      fi
+    done
  '';

-  mariadbBackupScript = pkgs.writeShellScript "backup-mariadb-wrapper" ''
-    export GOOGLE_APPLICATION_CREDENTIALS="${config.sops.secrets.gcloud_bucket.path}"
-    export GCS_BUCKET="${gcsBucket}"
-    export GPG_RECIPIENT="${gpgRecipient}"
-    export GPG_PUBLIC_KEY="${gpgPublicKey}"
-    export PATH="${lib.makeBinPath [pkgs.mariadb pkgs.gzip pkgs.google-cloud-sdk pkgs.gnupg]}:$PATH"
+  mariadbBackupScript = pkgs.writeShellScript "backup-mariadb" ''
+    set -euo pipefail

-    exec ${./backup_mariadb.zsh}
+    export GOOGLE_APPLICATION_CREDENTIALS="${config.sops.secrets.gcloud_bucket.path}"
+    export PATH="${lib.makeBinPath [pkgs.mariadb pkgs.gzip pkgs.google-cloud-sdk pkgs.gnupg pkgs.coreutils pkgs.gnugrep]}:$PATH"
+
+    TIMESTAMP=$(date +%Y%m%d%H%M%S)
+    BACKUP_DIR=$(mktemp -d)
+    trap 'rm -rf "$BACKUP_DIR"' EXIT
+
+    gpg --batch --import "${gpgPublicKey}"
+
+    DATABASES=$(mysql -u root -e "SHOW DATABASES;" | grep -Ev "^(Database|information_schema|performance_schema|mysql|sys)$")
+
+    for DB in $DATABASES; do
+      echo "Backing up MariaDB database: $DB"
+      FILENAME="mariadb_''${DB}_''${TIMESTAMP}.sql.gz.gpg"
+      if mysqldump -u root "$DB" | gzip | gpg --batch --encrypt --recipient "${gpgRecipient}" > "$BACKUP_DIR/$FILENAME"; then
+        gsutil cp "$BACKUP_DIR/$FILENAME" "gs://${gcsBucket}/mariadb/$FILENAME"
+        echo "Successfully uploaded encrypted $FILENAME"
+      else
+        echo "Failed to backup $DB" >&2
+        exit 1
+      fi
+    done
  '';
 in {
  systemd.services.backup-postgresql = {