diff --git a/nixbld-etc-nixos/backup-module.nix b/nixbld-etc-nixos/backup-module.nix
new file mode 100644
index 0000000..fc560b0
--- /dev/null
+++ b/nixbld-etc-nixos/backup-module.nix
@@ -0,0 +1,40 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+  makeBackup = pkgs.writeScript "make-backup" ''
+    #!${pkgs.bash}/bin/bash
+    ${pkgs.gnutar}/bin/tar cf - /etc/nixos | \
+        ${pkgs.bzip2}/bin/bzip2 | \
+        ${pkgs.gnupg}/bin/gpg --symmetric --batch --passphrase-file /etc/nixos/secret/backup-passphrase | \
+        ${pkgs.rclone}/bin/rclone rcat --config /etc/nixos/secret/rclone.conf dropbox:backup-`date +%F`.tar.bz2.gpg
+    echo Backup done
+  '';
+  cfg = config.services.homu;
+in
+{
+  options.services.mlabs-backup = {
+    enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable backups";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.mlabs-backup = {
+      description = "M-Labs backup";
+      serviceConfig = {
+        Type = "oneshot";
+        User = "root";
+        Group = "root";
+        ExecStart = "${makeBackup}";
+      };
+    };
+
+    systemd.timers.mlabs-backup = {
+      description = "M-Labs backup";
+      wantedBy = [ "timers.target" ];
+      timerConfig.OnCalendar = "weekly";
+    };
+  };
+}
diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix
index 9c890f5..aec9aeb 100644
--- a/nixbld-etc-nixos/configuration.nix
+++ b/nixbld-etc-nixos/configuration.nix
@@ -12,6 +12,7 @@ in
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
       ./homu/nixos-module.nix
+      ./backup-module.nix
     ];
 
   # Use the systemd-boot EFI boot loader.
@@ -178,6 +179,7 @@ ACTION=="add", SUBSYSTEM=="tty", \
        address localhost
      '';
   };
+  services.mlabs-backup.enable = true;
 
   services.gitea = {
     enable = true;