diff --git a/machines/moritz-server/configuration.nix b/machines/moritz-server/configuration.nix
index 73daf5d..ef26b4d 100644
--- a/machines/moritz-server/configuration.nix
+++ b/machines/moritz-server/configuration.nix
@@ -1,8 +1,4 @@
-{
-  pkgs,
-  config,
-  ...
-}: {
+{pkgs, ...}: {
   imports = [
     ../../modules/zfs_unencrypted.nix
     ../../modules/shared.nix
@@ -21,28 +17,6 @@
   clan.core.networking.targetHost = "root@moritz-server";
   nix.package = pkgs.lixPackageSets.latest.lix;
 
-  services.navidrome = {
-    enable = true;
-    settings = {
-      MusicFolder = "/mnt/music/tagged";
-    };
-  };
-
-  services.nginx = {
-    virtualHosts = {
-      "music.moritz.place" = {
-        forceSSL = true;
-        useACMEHost = "any.moritz.place";
-        locations."/" = {
-          proxyPass = "http://${config.services.navidrome.settings.Address}:${builtins.toString config.services.navidrome.settings.Port}";
-          # extraConfig = ''
-          #   proxy_redirect off
-          # '';
-        };
-      };
-    };
-  };
-
   networking = {
     interfaces.enp2s0 = {
       ipv4.addresses = [
diff --git a/machines/moritz-server/navidrome.nix b/machines/moritz-server/navidrome.nix
new file mode 100644
index 0000000..aa2d9bd
--- /dev/null
+++ b/machines/moritz-server/navidrome.nix
@@ -0,0 +1,60 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  services.navidrome = {
+    enable = true;
+    settings = {
+      MusicFolder = "/mnt/music/tagged";
+    };
+  };
+
+  services.nginx = {
+    virtualHosts = {
+      "music.moritz.place" = {
+        forceSSL = true;
+        useACMEHost = "any.moritz.place";
+        locations."/" = {
+          proxyPass = "http://${config.services.navidrome.settings.Address}:${builtins.toString config.services.navidrome.settings.Port}";
+        };
+      };
+    };
+  };
+
+  services.borgbackup.jobs = {
+    mailDirectory = {
+      paths = config.services.navidrome.settings.MusicFolder;
+      repo = "u461386-sub1@u461386.your-storagebox.de:musicFolder";
+      doInit = true;
+      encryption = {
+        mode = "repokey";
+        passCommand = "cat ${config.clan.core.vars.generators.borg-navidrome.files.password.path}";
+      };
+      environment = {BORG_RSH = "ssh -i ${config.clan.core.vars.generators.borg-navidrome.files."ssh.id_ed25519".path} -p 23";};
+      compression = "auto,zstd";
+      startAt = "hourly";
+      persistentTimer = true;
+      prune.keep = {
+        within = "1d"; # Keep all archives from the last day
+        daily = 7;
+        weekly = 3;
+        monthly = 3;
+      };
+    };
+  };
+
+  clan.core.vars.generators.borg-navidrome = {
+    prompts.password.persist = true;
+
+    files."ssh.id_ed25519" = {};
+    files."ssh.id_ed25519.pub".secret = false;
+    runtimeInputs = [
+      pkgs.coreutils
+      pkgs.openssh
+    ];
+    script = ''
+      ssh-keygen -t ed25519 -N "" -f "$out"/ssh.id_ed25519
+    '';
+  };
+}