diff --git a/Dockerfile b/Dockerfile
index d93a8d9..19c46f1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,3 +2,22 @@ ARG ALPINE_VERSION=3.13.6
 ARG BASE_IMAGE=sutty/monit
 FROM ${BASE_IMAGE}:${ALPINE_VERSION}
 MAINTAINER "f <f@sutty.nl>"
+
+ENV BORG_HOST_ID borg
+ENV BORG_PASSPHRASE ""
+ENV KEEP 30
+ENV SSH_ALIAS ""
+ENV SSH_SERVER ""
+ENV SSH_USER root
+ENV SSH_PORT 22
+
+RUN apk add --no-cache borgbackup openssh-client
+
+COPY ./monit.conf /etc/monit.d/borg.conf
+COPY ./backup.sh /usr/local/bin/backup
+COPY ./ssh_config /root/.ssh/config
+RUN chmod 755 /usr/local/bin/backup
+RUN chmod -R u=rX,g=,o= /root/.ssh
+
+VOLUME /srv/data
+VOLUME /srv/backups
diff --git a/backup.sh b/backup.sh
new file mode 100644
index 0000000..02f9af6
--- /dev/null
+++ b/backup.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+set -e
+
+# Password can't be empty
+test -n "${BORG_PASSPHRASE}"
+test -n "${DEST}"
+test -n "${SSH_ALIAS}"
+
+DATE="$(date +%F)"
+ORIG=/srv/data
+
+if ! grep -q "${SSH_ALIAS}" /root/.ssh/config ; then
+  echo "Host ${SSH_ALIAS}"                      >> /root/.ssh/config
+  echo "  Port ${SSH_PORT:-22}"                 >> /root/.ssh/config
+  echo "  HostName ${SSH_SERVER:-${SSH_ALIAS}}" >> /root/.ssh/config
+  echo "  User ${SSH_USER:-root}"               >> /root/.ssh/config
+  echo "  IdentityFile ${ORIG}/id_ed25519"      >> /root/.ssh/config
+fi
+
+ssh -fN ${SSH_ALIAS}
+
+for signal in TERM QUIT HUP EXIT INT KILL; do
+  trap "ssh -O exit \"${SSH_ALIAS}\"" ${signal}
+done
+
+# It'll fail the second time
+borg init --encryption=repokey "${SSH_ALIAS}:${DEST}" || :
+borg create -v --stats "${SSH_ALIAS}:${DEST}::${DATE}" "${ORIG}"
+borg prune -v --stats --keep-daily ${KEEP} "${SSH_ALIAS}:${DEST}"
+
+exit $?
diff --git a/monit.conf b/monit.conf
new file mode 100644
index 0000000..c96f0fc
--- /dev/null
+++ b/monit.conf
@@ -0,0 +1,4 @@
+check program backup
+  with path "/usr/local/bin/backup"
+  if status != 0 then alert
+  every "53 3 * * *"
diff --git a/ssh_config b/ssh_config
new file mode 100644
index 0000000..eafda2b
--- /dev/null
+++ b/ssh_config
@@ -0,0 +1,7 @@
+Host *
+  Protocol 2
+  ControlMaster auto
+  ControlPath /tmp/ssh-%r@%h:%p
+  VerifyHostKeyDNS yes
+  HashKnownHosts yes
+  StrictHostKeyChecking ask