diff --git a/README.md b/README.md
index 5235f73..63bbdf4 100644
--- a/README.md
+++ b/README.md
@@ -17,6 +17,7 @@ All services below are running under Docker, except NSD because I couldn't figur
 - Microblogging server using [Mastodon](https://joinmastodon.org/) ([social.pizzapim.nl](https://social.pizzapim.nl))
 - Calendar and contact synchronisation using [Radicale](https://radicale.org/v3.html) ([dav.pizzapim.nl](https://dav.pizzapim.nl))
 - KMS server using [vlmcsd](https://github.com/Wind4/vlmcsd)
+- Backups using [Borg](https://www.borgbackup.org/) and [Borgmatic](https://torsion.org/borgmatic/)
 
 ## Possible future services
 
@@ -37,15 +38,6 @@ Could make automatic key rollovers with cron or some other tool.
 Currently I always resign zones.
 But for idempotency I should probably only do it if the zone has changed or the keys have changed.
 
-### Borg Backup
-
-Ideal situation is to backup all of (and only) /data.
-Issue with Mastodon: the cache is saved at /data as well. Should put this in a location that is not backed up.
-
-After investigating, borg backup with borgmatic is excellent.
-Instead of cron, I will use systemd timers to schedule borgmatic.
-https://dev.to/bowmanjd/schedule-jobs-with-systemd-timers-a-cron-alternative-15l8
-
 ### Firewall
 
 A little more difficult because of docker networking but probably doable.
diff --git a/roles/borg/tasks/main.yml b/roles/borg/tasks/main.yml
index ae8baeb..08fccf6 100644
--- a/roles/borg/tasks/main.yml
+++ b/roles/borg/tasks/main.yml
@@ -8,8 +8,8 @@
     path: "{{ service_dir }}"
     state: directory
 - name: Copy borg backup configuration
-  copy:
-    src: "{{ role_path }}/files/backup.yml"
+  template:
+    src: "{{ role_path }}/templates/backup.yml.j2"
     dest: "{{ service_dir }}/backup.yml"
 - name: Copy public key
   copy:
@@ -22,8 +22,8 @@
     dest: "{{ service_dir }}/id_ed25519"
     mode: 0600
 - name: Copy systemd timer backup service
-  copy:
-    src: "{{ role_path }}/files/backup.service"
+  template:
+    src: "{{ role_path }}/templates/backup.service.j2"
     dest: "/etc/systemd/system/backup.service"
   register: service
 - name: Copy systemd timer backup timer
diff --git a/roles/borg/files/backup.service b/roles/borg/templates/backup.service.j2
similarity index 51%
rename from roles/borg/files/backup.service
rename to roles/borg/templates/backup.service.j2
index c08cd5b..99fb1b3 100644
--- a/roles/borg/files/backup.service
+++ b/roles/borg/templates/backup.service.j2
@@ -2,5 +2,5 @@
 Description=Backup data using borgmatic
 
 [Service]
-ExecStart=/usr/bin/borgmatic --config /srv/borg/backup.yml
+ExecStart=/usr/bin/borgmatic --config {{ service_dir }}/backup.yml
 Type=oneshot
diff --git a/roles/borg/files/backup.yml b/roles/borg/templates/backup.yml.j2
similarity index 50%
rename from roles/borg/files/backup.yml
rename to roles/borg/templates/backup.yml.j2
index 29b4502..60f554d 100644
--- a/roles/borg/files/backup.yml
+++ b/roles/borg/templates/backup.yml.j2
@@ -1,8 +1,8 @@
 location:
     source_directories:
-        - /srv/borg # TEMP to test
+        - {{ base_data_dir }}
     repositories:
-        - ssh://root@lewis.lan/root/maxtest
+        - ssh://root@lewis.lan/root/homeserver_backup
 retention:
     keep_daily: 7
     keep_weekly: 4
@@ -10,3 +10,8 @@ retention:
 storage:
     ssh_command: ssh -i /srv/borg/id_ed25519
     unknown_unencrypted_repo_access_is_ok: true
+hooks:
+    before_everything:
+        - systemctl stop docker docker.socket
+    after_everything:
+        - systemctl start docker