bicep/{postgres,mysql}: move backups to /data

hosts/bicep/services/mysql/backup.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 let
   cfg = config.services.mysql;
-  backupDir = "/var/lib/mysql-backups";
+  backupDir = "/data/mysql-backups";
 in
 {
   # services.mysqlBackup = lib.mkIf cfg.enable {
@@ -9,6 +9,12 @@ in
   #   location = "/var/lib/mysql-backups";
   # };
 
+  systemd.tmpfiles.settings."10-mysql-backups".${backupDir}.d = {
+	  user = "mysql";
+	  group = "mysql";
+	  mode = "700";
+	};
+
   services.rsync-pull-targets = lib.mkIf cfg.enable {
     enable = true;
     locations.${backupDir} = {
@@ -42,8 +48,7 @@ in
     in ''
       set -eo pipefail
 
-      mysqldump --all-databases | gzip -c -9 --rsyncable > "${backupDir}/mysql-dump.sql.gz"
+      mysqldump --all-databases | gzip -c -9 --rsyncable > "/var/lib/mysql-backups/mysql-dump.sql.gz"
-
     '';
 
     # NOTE: keep multiple backups and symlink latest one once we have more disk again
@@ -63,7 +68,8 @@ in
       IOSchedulingClass = "best-effort";
       IOSchedulingPriority = 7;
 
-      StateDirectory = [ (builtins.baseNameOf backupDir) ];
+      StateDirectory = [ "mysql-backups" ];
+      BindPaths = [ "${backupDir}:/var/lib/mysql-backups" ];
 
       # TODO: hardening
     };

hosts/bicep/services/postgresql/backup.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 let
   cfg = config.services.postgresql;
-  backupDir = "/var/lib/postgresql-backups";
+  backupDir = "/data/postgresql-backups";
 in
 {
   # services.postgresqlBackup = lib.mkIf cfg.enable {
@@ -10,6 +10,12 @@ in
   #   backupAll = true;
   # };
 
+  systemd.tmpfiles.settings."10-postgresql-backups".${backupDir}.d = {
+	  user = "postgres";
+	  group = "postgres";
+	  mode = "700";
+	};
+
   services.rsync-pull-targets = lib.mkIf cfg.enable {
     enable = true;
     locations.${backupDir} = {
@@ -43,7 +49,7 @@ in
     in ''
       set -eo pipefail
 
-      pg_dumpall -U postgres | gzip -c -9 --rsyncable > "${backupDir}/postgresql-dump.sql.gz"
+      pg_dumpall -U postgres | gzip -c -9 --rsyncable > "/var/lib//postgresql-backups/postgresql-dump.sql.gz"
     '';
 
     # pg_dumpall -U postgres | gzip -c -9 --rsyncable > "${backupDir}/$(date --iso-8601)-dump.sql.gz"
@@ -61,7 +67,8 @@ in
       IOSchedulingClass = "best-effort";
       IOSchedulingPriority = 7;
 
-      StateDirectory = [ (builtins.baseNameOf backupDir) ];
+      StateDirectory = [ "postgresql-backups" ];
+      BindPaths = [ "${backupDir}:/var/lib/postgresql-backups" ];
 
       # TODO: hardening
     };