nixos/borgbackup: fix ~/.cache, ~/.config ownership

Invoke `install` separately for each directory to get ownership right --
i.e. not always owned by root. When owned by root, user sessions break
as no user processes are allowed to create directores there. On normal
systems the directories already exist, but in clean environments / NixOS
test VMs, the bug shows.

Before:
  $ namei -l /home/user1/.cache/borg
  f: /home/user1/.cache/borg
  drwxr-xr-x root  root  /
  drwxr-xr-x root  root  home
  drwx------ user1 users user1
  drwxr-xr-x root  root  .cache
  drwxr-xr-x user1 users borg

After:
  $ namei -l /home/user1/.cache/borg
  f: /home/user1/.cache/borg
  drwxr-xr-x root  root  /
  drwxr-xr-x root  root  home
  drwx------ user1 users user1
  drwxr-xr-x user1 users .cache
  drwxr-xr-x user1 users borg

1 files changed, 3 insertions, 2 deletions

diff --git a/nixos/modules/services/backup/borgbackup.nix b/nixos/modules/services/backup/borgbackup.nix
index ae8e1dd8463bf..c5fc09dcea028 100644
--- a/nixos/modules/services/backup/borgbackup.nix
+++ b/nixos/modules/services/backup/borgbackup.nix
@@ -150,8 +150,9 @@ let
         # Ensure that the home directory already exists
         # We can't assert createHome == true because that's not the case for root
         cd "${config.users.users.${cfg.user}.home}"
-        ${install} -d .config/borg
-        ${install} -d .cache/borg
+        # Create each directory separately to prevent root owned parent dirs
+        ${install} -d .config .config/borg
+        ${install} -d .cache .cache/borg
       '' + optionalString (isLocalPath cfg.repo && !cfg.removableDevice) ''
         ${install} -d ${escapeShellArg cfg.repo}
       ''));