nixos/borgbackup: fix directory ownership regression

Re-add separate creation of the ~/.config and ~/.cache directories so
that they get correct ownership. Or else they get owned by root.

systemd-tmpfiles also warns about it:

  machine # [    3.022195] systemd-tmpfiles[472]: Detected unsafe path transition /home/user1 (owned by user1) → /home/user1/.cache (owned by root) during canonicalization of home/user1/.cache.
  machine # [    3.024566] systemd-tmpfiles[472]: Detected unsafe path transition /home/user1 (owned by user1) → /home/user1/.config (owned by root) during canonicalization of home/user1/.config.

Fixes: 8d3cf213db5a2323 ("nixos/borgbackup: replace activationScript via tmpfiles")

1 files changed, 3 insertions, 0 deletions

diff --git a/nixos/modules/services/backup/borgbackup.nix b/nixos/modules/services/backup/borgbackup.nix
index 6f4455d3be60..ad6194f8262a 100644
--- a/nixos/modules/services/backup/borgbackup.nix
+++ b/nixos/modules/services/backup/borgbackup.nix
@@ -147,6 +147,9 @@ let
     let
       settings = { inherit (cfg) user group; };
     in lib.nameValuePair "borgbackup-job-${name}" ({
+      # Create parent dirs separately, to ensure correct ownership.
+      "${config.users.users."${cfg.user}".home}/.config".d = settings;
+      "${config.users.users."${cfg.user}".home}/.cache".d = settings;
       "${config.users.users."${cfg.user}".home}/.config/borg".d = settings;
       "${config.users.users."${cfg.user}".home}/.cache/borg".d = settings;
     } // optionalAttrs (isLocalPath cfg.repo && !cfg.removableDevice) {