diff --git a/hosts/bicep/configuration.nix b/hosts/bicep/configuration.nix
index dc29b19..ecca68e 100644
--- a/hosts/bicep/configuration.nix
+++ b/hosts/bicep/configuration.nix
@@ -9,8 +9,8 @@
     ./services/calendar-bot.nix
     #./services/git-mirrors
     ./services/minecraft-heatmap.nix
-    ./services/mysql.nix
-    ./services/postgres.nix
+    ./services/mysql
+    ./services/postgresql
 
     ./services/matrix
   ];
diff --git a/hosts/bicep/services/mysql/backup.nix b/hosts/bicep/services/mysql/backup.nix
new file mode 100644
index 0000000..8988d14
--- /dev/null
+++ b/hosts/bicep/services/mysql/backup.nix
@@ -0,0 +1,26 @@
+{ config, lib, ... }:
+let
+  cfg = config.services.mysql;
+in
+{
+  services.mysqlBackup = lib.mkIf cfg.enable {
+    enable = true;
+    location = "/var/lib/mysql-backups";
+  };
+
+  services.rsync-pull-targets = lib.mkIf cfg.enable {
+    enable = true;
+    locations.${config.services.mysqlBackup.location} = {
+      user = "root";
+      rrsyncArgs.ro = true;
+      authorizedKeysAttrs = [
+        "restrict"
+        "no-agent-forwarding"
+        "no-port-forwarding"
+        "no-pty"
+        "no-X11-forwarding"
+      ];
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJgj55/7Cnj4cYMJ5sIkl+OwcGeBe039kXJTOf2wvo9j mysql rsync backup";
+    };
+  };
+}
diff --git a/hosts/bicep/services/mysql.nix b/hosts/bicep/services/mysql/default.nix
similarity index 76%
rename from hosts/bicep/services/mysql.nix
rename to hosts/bicep/services/mysql/default.nix
index cbb6a3b..1e9e1bd 100644
--- a/hosts/bicep/services/mysql.nix
+++ b/hosts/bicep/services/mysql/default.nix
@@ -4,6 +4,8 @@ let
   dataDir = "/data/mysql";
 in
 {
+  imports = [ ./backup.nix ];
+
   sops.secrets."mysql/password" = {
     owner = "mysql";
     group = "mysql";
@@ -42,27 +44,6 @@ in
     }];
   };
 
-  services.mysqlBackup = lib.mkIf cfg.enable {
-    enable = true;
-    location = "/var/lib/mysql-backups";
-  };
-
-  services.rsync-pull-targets = lib.mkIf cfg.enable {
-    enable = true;
-    locations.${config.services.mysqlBackup.location} = {
-      user = "root";
-      rrsyncArgs.ro = true;
-      authorizedKeysAttrs = [
-        "restrict"
-        "no-agent-forwarding"
-        "no-port-forwarding"
-        "no-pty"
-        "no-X11-forwarding"
-      ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJgj55/7Cnj4cYMJ5sIkl+OwcGeBe039kXJTOf2wvo9j mysql rsync backup";
-    };
-  };
-
   networking.firewall.allowedTCPPorts = lib.mkIf cfg.enable [ 3306 ];
 
   systemd.tmpfiles.settings."10-mysql".${dataDir}.d = lib.mkIf cfg.enable {
diff --git a/hosts/bicep/services/postgresql/backup.nix b/hosts/bicep/services/postgresql/backup.nix
new file mode 100644
index 0000000..9686b4f
--- /dev/null
+++ b/hosts/bicep/services/postgresql/backup.nix
@@ -0,0 +1,27 @@
+{ config, lib, ... }:
+let
+  cfg = config.services.postgresql;
+in
+{
+  services.postgresqlBackup = lib.mkIf cfg.enable {
+    enable = true;
+    location = "/var/lib/postgres-backups";
+    backupAll = true;
+  };
+
+  services.rsync-pull-targets = lib.mkIf cfg.enable {
+    enable = true;
+    locations.${config.services.postgresqlBackup.location} = {
+      user = "root";
+      rrsyncArgs.ro = true;
+      authorizedKeysAttrs = [
+        "restrict"
+        "no-agent-forwarding"
+        "no-port-forwarding"
+        "no-pty"
+        "no-X11-forwarding"
+      ];
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGvO7QX7QmwSiGLXEsaxPIOpAqnJP3M+qqQRe5dzf8gJ postgresql rsync backup";
+    };
+  };
+}
diff --git a/hosts/bicep/services/postgres.nix b/hosts/bicep/services/postgresql/default.nix
similarity index 84%
rename from hosts/bicep/services/postgres.nix
rename to hosts/bicep/services/postgresql/default.nix
index 46fd9f8..9e8ce45 100644
--- a/hosts/bicep/services/postgres.nix
+++ b/hosts/bicep/services/postgresql/default.nix
@@ -3,6 +3,8 @@ let
   cfg = config.services.postgresql;
 in
 {
+  imports = [ ./backup.nix ];
+
   services.postgresql = {
     enable = true;
     package = pkgs.postgresql_18;
@@ -121,26 +123,4 @@ in
 
   networking.firewall.allowedTCPPorts = lib.mkIf cfg.enable [ 5432 ];
   networking.firewall.allowedUDPPorts = lib.mkIf cfg.enable [ 5432 ];
-
-  services.postgresqlBackup = lib.mkIf cfg.enable {
-    enable = true;
-    location = "/var/lib/postgres-backups";
-    backupAll = true;
-  };
-
-  services.rsync-pull-targets = lib.mkIf cfg.enable {
-    enable = true;
-    locations.${config.services.postgresqlBackup.location} = {
-      user = "root";
-      rrsyncArgs.ro = true;
-      authorizedKeysAttrs = [
-        "restrict"
-        "no-agent-forwarding"
-        "no-port-forwarding"
-        "no-pty"
-        "no-X11-forwarding"
-      ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGvO7QX7QmwSiGLXEsaxPIOpAqnJP3M+qqQRe5dzf8gJ postgresql rsync backup";
-    };
-  };
 }