diff --git a/nixos/hosts/gandalf/default.nix b/nixos/hosts/gandalf/default.nix
index 0dbc298..6d41e83 100644
--- a/nixos/hosts/gandalf/default.nix
+++ b/nixos/hosts/gandalf/default.nix
@@ -93,26 +93,26 @@ in
       #   repo = "ssh://t3zvn0dd@t3zvn0dd.repo.borgbase.com/./repo";
       #   repoKeyPath = "/run/secrets/borgbackup/telchar";
       # };
+    };
+    services = {
+      podman.enable = true;
+      libvirt-qemu.enable = true;
 
-      services = {
-        podman.enable = true;
-        libvirt-qemu.enable = true;
+      # Sanoid
+      sanoid = {
+        enable = true;
+        inherit (sanoidConfig.outputs) templates datasets;
+      };
 
-        # Sanoid
-        sanoid = {
-          enable = true;
-          inherit (sanoidConfig.outputs) templates datasets;
-        };
-
-        # Unifi & Lego-Auto
-        unifi.enable = true;
-        lego-auto = {
-          enable = true;
-          dnsimpleTokenPath = "${config.sops.secrets."lego/dnsimple/token".path}";
-          domains = "gandalf.jahanson.tech";
-          email = "joe@veri.dev";
-          provider = "dnsimple";
-        };
+      # Unifi & Lego-Auto
+      unifi.enable = true;
+      lego-auto = {
+        enable = true;
+        dnsimpleTokenPath = "${config.sops.secrets."lego/dnsimple/token".path}";
+        domains = "gandalf.jahanson.tech";
+        email = "joe@veri.dev";
+        provider = "dnsimple";
       };
     };
-  }
+  };
+}
diff --git a/nixos/modules/nixos/system/borg/default.nix b/nixos/modules/nixos/system/borg/default.nix
new file mode 100644
index 0000000..3d735c3
--- /dev/null
+++ b/nixos/modules/nixos/system/borg/default.nix
@@ -0,0 +1,44 @@
+{ lib, config, ... }:
+let
+  cfg = config.mySystem.system.borgbackup;
+in
+{
+  options.mySystem.system.borgbackup = {
+    enable = lib.mkEnableOption "borgbackup";
+    paths = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [ ];
+      required = true;
+    };
+    exclude = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [ ];
+      required = false;
+    };
+    repo = lib.mkOption {
+      example = "borgbackup@myserver:repo";
+      type = lib.types.str;
+      default = "";
+      required = true;
+    };
+    repoKeyPath = lib.mkOption {
+      example = "/run/secrets/borgbackup/telchar";
+      type = lib.types.str;
+      default = "";
+      required = false;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.borgbackup.jobs."borgbackup" = {
+      paths = cfg.paths;
+      exclude = cfg.exclude;
+      repo = cfg.repo;
+      encryption = {
+        mode = "repokey-blake2";
+        passCommand = "cat ${cfg.repoKeyPath}";
+      };
+      environment.BORG_RSH = "ssh -i /etc/ssh/ssh_host_ed25519_key";
+    };
+  };
+}
diff --git a/nixos/modules/nixos/system/default.nix b/nixos/modules/nixos/system/default.nix
index cdbc6fa..55d1372 100644
--- a/nixos/modules/nixos/system/default.nix
+++ b/nixos/modules/nixos/system/default.nix
@@ -1,5 +1,6 @@
 {
   imports = [
+    ./borg
     ./impermanence.nix
     ./motd
     ./nix.nix