diff --git a/machines/read/backup.nix b/machines/read/backup.nix
new file mode 100644
index 0000000..9a88390
--- /dev/null
+++ b/machines/read/backup.nix
@@ -0,0 +1,52 @@
+{ pkgs, config, ... }:
+let
+  borgJob = name: {
+    environment = {
+      BORG_RSH = "ssh -i ${config.sops.secrets.miniflux-backup-ssh-key.path}";
+    };
+    repo = "ssh://zh2088@zh2088.rsync.net/./backups/read/${name}";
+    compression = "zstd,10";
+    startAt = "*-*-* 2:30:00";
+    extraInitArgs = "--make-parent-dirs";
+    archiveBaseName = name;
+
+    encryption = {
+      mode = "repokey-blake2";
+      passCommand = "cat ${config.sops.secrets.miniflux-backup-pass.path}";
+    };
+
+    prune = {
+      keep = {
+        within = "1d";
+        daily = 7;
+        weekly = 4;
+        monthly = -1;
+      };
+    };
+  };
+in
+{
+  services = {
+    borgbackup.jobs = {
+      postgresql = borgJob "postgresql" // {
+        paths = [ "/var/backup/postgresql" ];
+      };
+
+      miniflux = borgJob "miniflux" // {
+        paths = [ "/var/lib/miniflux" ];
+      };
+    };
+    postgresqlBackup = {
+      enable = true;
+      backupAll = true;
+
+      # borg will do compression and deduplication
+      compression = "none";
+
+      startAt = "*-*-* 02:00:00";
+    };
+  };
+
+  environment.systemPackages = [ pkgs.borgbackup ];
+
+}
diff --git a/machines/read/configuration.nix b/machines/read/configuration.nix
index fa80591..295ef3e 100644
--- a/machines/read/configuration.nix
+++ b/machines/read/configuration.nix
@@ -11,6 +11,7 @@
     ../../users/root
     ../../users/erwin
 
+    ./backup.nix
     ./miniflux
   ];
 
@@ -97,6 +98,8 @@
   sops.secrets = {
     caddy-env = { };
     miniflux-env = { };
+    miniflux-backup-ssh-key = { };
+    miniflux-backup-pass = { };
   };
 
   system.stateVersion = "24.11";
diff --git a/machines/read/secrets.yaml b/machines/read/secrets.yaml
index 4334a48..73eb2c2 100644
--- a/machines/read/secrets.yaml
+++ b/machines/read/secrets.yaml
@@ -1,5 +1,7 @@
 caddy-env: ENC[AES256_GCM,data:gw+QSN+c2Lp2F4wNzhTXklq9sUrDT389KLAh2YRpZbqxWpodx4LPJ1uIUsMC1TdeYmq+lkI+,iv:iXjLwOfQo9wEa9bBlE5HYUKDNriJgcm7hxPsBys62hk=,tag:DbutFgWz5ZqHE1/aP4+7Ag==,type:str]
 miniflux-env: ENC[AES256_GCM,data:5H+/yRuPW6BodnHaq3E7bcqD7xSRLHwle6BdSpsyFPUY9lw7JT4445lnQlV/uliGJJTu0H9N3G5KhsDQbvvU8vw+5yQvX4EgYQnJfYMyEn8LmQE+ErGz5Lpx3A6sjFuy0KHCqbFJwf5jjfZwuxvNdTKv34gnR2u9+4Vyg5qjwAP4jw==,iv:HfLie5OUOkEKjSmm7rBfOtVhkIq9GA3NRfwDg5AD7MQ=,tag:1ysgjaklV6twaLPe5na+hw==,type:str]
+miniflux-backup-ssh-key: ENC[AES256_GCM,data:dr6ftji0Z8DXHY2fizf04/mjmE+KSDs3o8gqm/hfx+zfJenm6OzRItrfHrF4XkwsuACOsFNAx8U8kJMiAf/08FTIV3bz7gTo8faiVxl3ONUiqnVbA1SwooWgXrXBclmCLNq8c8XLzwigER6oO9BrR6vNxcUaMiDHgYKTeYCl6cl1f4aBB83aCMX/hFRvKVsPqCZgwU5V9CMWk2fomRccJ1AiRs/LuVjGsYTvTChr3itOVcwkhy4jlys2iifHdUumRtaAdVRlJOgux/NxKKwH6wXY+d6NFebUKz1zdKLPeO0hLMo6ynvnpdQs74Ph80VwtDslYtm1VTVl0uvDWSQrccSWdZH8CS4iGwCFBjoALlTz51QVf9DAttOqx7f3G8UsUHtwgVJ5AC/0ghv1mSt0L5CY6HjWw3KdNt9NM1kQejFUx57hWlggiJ7TDvtbhHkwZj1r90SiI3G9xbh65wwvAOyMEfg6ZrAFBNu+brt4MOFkvutzgDXTr04DivfkDJiQjZLNJWJyonLpsWTNwuJ7ql9cbBhtkB21MnKW,iv:Td3K5w/lPJcfZkmBgzeHY/H6U1VOIntjq00Hd7igAQ8=,tag:0jvn0eymOTDXeRNQVpE3zg==,type:str]
+miniflux-backup-pass: ENC[AES256_GCM,data:Ce2WmfTiS1/AMryheEjtfB6GBaNqDt6fUGUQdcGF8YFl/+sguiHxHtw5aK2INwlOkHcpSWoPicsc2MvMiZpbV5OFY9y+PEWaqSFECZ/SzNsq8xtLCUo+0BfiptcsRBS7GuAaajsMlcRDUVBJ5Fhf37/+vQKCFZcndwO1ODqtsXU=,iv:hRCI0gWVIzGaFm4jZjW0ydXjusmNlBDp29vvXV+uBaQ=,tag:/DRnc5ZTAaOoUXzKWls50g==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -33,8 +35,8 @@ sops:
             alprbldiMEtZQ29DaUJzaEZlWmxXTmMKPYHIg4fMR5fbCoCAyHHuL/WGfn4D6mXJ
             yulfOqthMxvvWr+9sOBeAWIWSCcc0DBmDjvUTaDqVA7pnhZE+hQ2mw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-07-15T22:03:26Z"
-    mac: ENC[AES256_GCM,data:T4BUMEd6lxXtndOH52M2SGqMm08kW6tG4VDcpaBv5De+DmSaXX2cojM2MIOVBnQjNxCT6534RZAvnG4cQkUiIgaqP+PDyb1w0cYnv+zfgE/yHQ/AkBXlnr4jblJLYtU/04HpFm5OGvjYxqXDrrcWu/tZD6lZgiDcqLO5R+V0Azg=,iv:/WNzbV8YJpdVD7nF+AFQz/why5QFKGYidIgh1V8VLGA=,tag:RyyZRIsF7kyg+ZgDD+7DhQ==,type:str]
+    lastmodified: "2024-08-20T09:39:02Z"
+    mac: ENC[AES256_GCM,data:jEngkwYqZc8vUS1y6pXYz+e5Wgo50+K5hILCzEbV12xNEquZrTwOix8jSqIO0jkZeApGBwi9YNeaIFVcDfcXB+NUvYQUG2Xycbi6s40Srq1Ddk4RAeSXprpB2fDOdiGRJcVcDbM2JBcR2BumIw5Jj0U87y69ib5wq5btzCNO8f8=,iv:VyKBOahM0J94EecJBEzmu44OEXDGNQaJ0jaPbB498c8=,tag:vn2ghrAHyGHFqQOnjHfKqw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.0