diff --git a/keys/pennyworth_borg_repo.key b/keys/pennyworth_borg_repo.key
new file mode 100644
index 0000000..3f320f0
Binary files /dev/null and b/keys/pennyworth_borg_repo.key differ
diff --git a/keys/pennyworth_borg_ssh.key b/keys/pennyworth_borg_ssh.key
new file mode 100644
index 0000000..c830363
Binary files /dev/null and b/keys/pennyworth_borg_ssh.key differ
diff --git a/keys/pennyworth_borg_ssh.key.pub b/keys/pennyworth_borg_ssh.key.pub
new file mode 100644
index 0000000..3274dc5
Binary files /dev/null and b/keys/pennyworth_borg_ssh.key.pub differ
diff --git a/logical/pennyworth.nix b/logical/pennyworth.nix
index 6e527a0..51cb658 100644
--- a/logical/pennyworth.nix
+++ b/logical/pennyworth.nix
@@ -18,11 +18,9 @@ in
   imports = [
     ../physical/hetznercloud.nix
     ../roles/server.nix
-    (builtins.fetchTarball {
-      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz";
-      sha256 = "03d49v8qnid9g9rha0wg2z6vic06mhp0b049s3whccn1axvs2zzx";
-    })
-   ../modules/muflax-blog.nix
+    ../modules/muflax-blog.nix
+    ../services/backup.nix
+    ../services/email.nix
   ];
 
   system.stateVersion = "19.03";
@@ -34,20 +32,6 @@ in
     git = { enable = true; vhost = "git.yori.cc"; };
     muflax-church = { enable = true; vhost = "muflax.church"; };
   };
-  mailserver = rec {
-    enable = true;
-    fqdn = "pennyworth.yori.cc";
-    domains = [ "yori.cc" "yorickvanpelt.nl" ];
-    loginAccounts = {
-      "yorick@yori.cc" = {
-        hashedPassword = (import ../secrets.nix).yorick_mailPassword;
-        catchAll = domains;
-        aliases = [ "@yori.cc" "@yorickvanpelt.nl" ];
-      };
-    };
-    certificateScheme = 3;
-    enableImapSsl = true;
-  };
 
   services.muflax-blog = {
     enable = true;
@@ -94,6 +78,7 @@ in
   boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
   environment.noXlibs = true;
   users.users.yorick.packages = with pkgs; [
-    python2 sshfs-fuse weechat
+    python2 sshfs-fuse weechat ripgrep
   ];
+
 }
diff --git a/nix/sources.json b/nix/sources.json
index 24d095a..e25c1ec 100644
--- a/nix/sources.json
+++ b/nix/sources.json
@@ -23,6 +23,13 @@
         "url": "https://github.com/nixos/nixos-hardware/archive/c242378e63b0ec334e964ac0c0fbbdd2b3e89ebf.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
+    "nixos-mailserver": {
+        "sha256": "1m8ylrxlkn8nrpsvnivg32ncba9jkfal8a9sjy840hpl1jlm5lc4",
+        "type": "tarball",
+        "url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/ee3d38a1570a1a9aa5e2daa3284d65a35d5e8864/nixos-mailserver-ee3d38a1570a1a9aa5e2daa3284d65a35d5e8864.tar.gz",
+        "url_template": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/<version>/nixos-mailserver-<version>.tar.gz",
+        "version": "ee3d38a1570a1a9aa5e2daa3284d65a35d5e8864"
+    },
     "nixpkgs": {
         "branch": "nixos-unstable",
         "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
diff --git a/services/backup.nix b/services/backup.nix
new file mode 100644
index 0000000..5af3a98
--- /dev/null
+++ b/services/backup.nix
@@ -0,0 +1,46 @@
+{ name, ... }:
+{
+  deployment.keyys = [
+    (../keys + "/${name}_borg_repo.key")
+    (../keys + "/${name}_borg_ssh.key")
+  ];
+  services.borgbackup.jobs.backup = {
+    encryption = {
+      # Keep the encryption key in the repo itself
+      mode = "repokey-blake2";
+
+      # Password is used to decrypt the encryption key from the repo
+      passCommand = "cat /root/keys/${name}_borg_repo.key";
+    };
+    environment = {
+      # Make sure we're using Borg >= 1.0
+      BORG_REMOTE_PATH = "borg1";
+
+      # SSH key is specific to the subaccount defined in the repo username
+      BORG_RSH = "ssh -i /root/keys/${name}_borg_ssh.key";
+    };
+
+    # Define schedule
+    startAt = "hourly";
+
+    repo = "14337@ch-s012.rsync.net:${name}";
+    paths = [ "/home" "/root" "/var/lib" ];
+    
+    prune.keep = {
+      # hourly backups for the past week
+      within = "7d";
+
+      # daily backups for two weeks before that
+      daily = 14;
+
+      # weekly backups for a month before that
+      weekly = 4;
+
+      # monthly backups for 6 months before that
+      monthly = 6;
+
+      # 2 years
+      yearly = 2;
+    };
+  };
+}
diff --git a/services/email.nix b/services/email.nix
new file mode 100644
index 0000000..44a7dc8
--- /dev/null
+++ b/services/email.nix
@@ -0,0 +1,26 @@
+{ config, pkgs, lib, ... }:
+let
+  sources = import ../nix/sources.nix;
+in
+{
+  imports = [
+    ("${sources.nixos-mailserver}")
+  ];
+
+  mailserver = rec {
+    enable = true;
+    fqdn = "pennyworth.yori.cc";
+    domains = [ "yori.cc" "yorickvanpelt.nl" ];
+    loginAccounts = {
+      "yorick@yori.cc" = {
+        hashedPassword = (import ../secrets.nix).yorick_mailPassword;
+        catchAll = domains;
+        aliases = [ "@yori.cc" "@yorickvanpelt.nl" ];
+      };
+    };
+    certificateScheme = 3;
+    enableImapSsl = true;
+  };
+
+  services.borgbackup.jobs.backup.paths = [ "/var/vmail" ];
+}