diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix
index 088d9e8c79422b82d638a42aeab5da1fcf14f536..892f6dee8c7b341b8d3b5eeee30a87ca225bd741 100644
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -84,6 +84,7 @@ let
     imports = [
       gridlib.storage
       grid-module
+      gridlib.borgbackup
     ];
     config = {
       grid.monitoringvpnIPv4 = "172.23.23.12";
diff --git a/morph/lib/borgbackup.nix b/morph/lib/borgbackup.nix
new file mode 100644
index 0000000000000000000000000000000000000000..e0655d598c98c6e505d1404189a09e04ffc25099
--- /dev/null
+++ b/morph/lib/borgbackup.nix
@@ -0,0 +1,50 @@
+# Importing this adds a daily borgbackup job to a node.
+# It has all the common config and keys, but can
+# be extended invidually to include more folders.
+
+
+{ lib, config, ...}:
+let
+  inherit (config.grid) publicKeyPath privateKeyPath;
+in {
+  config = {
+    deployment = {
+      secrets = {
+        "borgbackup-repopath" = {
+          # This is the repo we are backing up to
+          # Not very secret, but not public either, and I'd rather keep it with
+          # the rest of the backup destination config
+          destination = "/run/keys/borgbackup/repopath";
+          source = "${privateKeyPath}/borgbackup/${config.networking.hostName}.repopath";
+        };
+        "borgbackup-passphrase" = {
+          # The passphrase is used to encrypt the repo key
+          # https://borgbackup.readthedocs.io/en/stable/usage/init.html
+          destination = "/run/keys/borgbackup/passphrase";
+          source = "${privateKeyPath}/borgbackup/${config.networking.hostName}.passphrase";
+        };
+        "borgbackup-appendonly-ssh-key" = {
+          # The ssh key is used to authenticate to the remote repo server
+          destination = "/run/keys/borgbackup/ssh-key";
+          source = "${privateKeyPath}/borgbackup/${config.networking.hostName}.ssh-key";
+        };
+      };
+    };
+
+    services.borgbackup.jobs = {
+      daily = {
+        paths = [ "/storage" ];
+        repo = lib.fileContents config.deployment.secrets.borgbackup-repopath.source;
+        encryption = {
+          mode = "repokey-blake2";
+          passCommand = "cat /run/keys/borgbackup/passphrase";
+        };
+        environment = {
+          BORG_RSH = "ssh -i /run/keys/borgbackup/ssh-key";
+        };
+        compression = "none";
+        startAt = "daily";
+      };
+    };
+  };
+}
diff --git a/morph/lib/default.nix b/morph/lib/default.nix
index f236b8cada99b71cd1c5ab851f3c081421c4b717..c99c19a57e45a27e585830a8dfff95fa3d9d2efb 100644
--- a/morph/lib/default.nix
+++ b/morph/lib/default.nix
@@ -10,6 +10,7 @@
   issuer = import ./issuer.nix;
   storage = import ./storage.nix;
   monitoring = import ./monitoring.nix;
+  borgbackup = import ./borgbackup.nix;
 
   modules = builtins.toString ../../nixos/modules;