diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..d2a3d9e
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+borg-backup-repo
diff --git a/README.org b/README.org
index 9e2a774..dc1289d 100644
--- a/README.org
+++ b/README.org
@@ -16,4 +16,3 @@ Grafana and Prometheus are currently used as a glorified =htop=.
 ** TODO Setup backups BitWarden
 ** TODO Setup declarative config postgresql
 ** TODO Setup backup postgresql
-** TODO Try borg backups
diff --git a/borg-backup-repo.example b/borg-backup-repo.example
new file mode 100644
index 0000000..8fa46c5
--- /dev/null
+++ b/borg-backup-repo.example
@@ -0,0 +1 @@
+deadbeef@deadbeef.repo.borgbase.com:repo
diff --git a/configuration.nix b/configuration.nix
index 67f55a1..7fc57a1 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
 {
   imports =
@@ -71,6 +71,14 @@
 
   # List services that you want to enable:
   my.services = {
+    borg-backup = {
+      enable = true;
+      repo = (lib.removeSuffix "\n" (builtins.readFile ./borg-backup-repo));
+      paths = [
+        "/var/lib/matrix-synapse"
+      ];
+      exclude = [];
+    };
     monitoring = {
       enable = true;
       useACME = true;
diff --git a/services/borg-backup.nix b/services/borg-backup.nix
new file mode 100644
index 0000000..9dc866e
--- /dev/null
+++ b/services/borg-backup.nix
@@ -0,0 +1,61 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let cfg = config.my.services.borg-backup;
+in {
+  options.my.services.borg-backup = {
+    enable = mkEnableOption "Enable Borg backups for this host";
+
+    repo = mkOption {
+      type = types.str;
+      default = null;
+      example = "deadbeef@deadbeef.repo.borgbase.com:repo";
+      description = "Borgbase repo info. Required.";
+    };
+
+    paths = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      example = [
+        "/var/lib"
+        "/home"
+      ];
+      description = "Paths to backup";
+    };
+
+    exclude = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      example = [
+        # very large paths
+        "/var/lib/docker"
+        "/var/lib/systemd"
+        "/var/lib/libvirt"
+
+        # temporary files created by cargo and `go build`
+        "**/target"
+        "/home/*/go/bin"
+        "/home/*/go/pkg"
+      ];
+      description = "Paths to exclude from backup";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.borgbackup.jobs."borgbase" = {
+      paths = cfg.paths;
+      exclude = [
+        # nothing for now
+      ];
+      repo = "${cfg.repo}";
+      encryption = {
+        mode = "repokey-blake2";
+        passCommand = "cat /root/borgbackup/passphrase";
+      };
+      environment.BORG_RSH = "ssh -i /root/borgbackup/ssh_key";
+      compression = "auto,lzma";
+      startAt = "daily";
+    };
+  };
+}
diff --git a/services/default.nix b/services/default.nix
index db8eec4..357b49b 100644
--- a/services/default.nix
+++ b/services/default.nix
@@ -2,6 +2,7 @@
 
 {
   imports = [
+    ./borg-backup.nix
     ./matrix.nix
     ./monitoring.nix
   ];