diff --git a/home/dot_config/borgmatic.d/kestrel_common.yaml b/home/dot_config/borgmatic.d/kestrel_common.yaml
new file mode 100644
index 00000000..b053852d
--- /dev/null
+++ b/home/dot_config/borgmatic.d/kestrel_common.yaml
@@ -0,0 +1,15 @@
+source_directories:
+    - "/home/tstarr"
+
+exclude_patterns:
+    - "/home/tstarr/.?*"
+    - "/home/tstarr/mnt"
+    - "/home/tstarr/tmp"
+    - "/home/tstarr/sync"
+    - "/home/tstarr/media/roms"
+    - "/home/tstarr/box"
+    - "/home/tstarr/Downloads"
+
+archive_name_format: 'kestrel.borg-{now}'
+
+<<: !include common.yaml
diff --git a/home/dot_config/borgmatic.d/kestrel_rsync.yaml b/home/dot_config/borgmatic.d/kestrel_rsync.yaml
new file mode 100644
index 00000000..69d3f023
--- /dev/null
+++ b/home/dot_config/borgmatic.d/kestrel_rsync.yaml
@@ -0,0 +1,7 @@
+repositories:
+  - path: ssh://fm2120@fm2120.rsync.net//data2/home/fm2120/store/kestrel.borg
+    label: rsync
+
+remote_path: borg1
+
+<<: !include kestrel_common.yaml
diff --git a/home/dot_config/borgmatic.d/kestrel_torus.yaml b/home/dot_config/borgmatic.d/kestrel_torus.yaml
new file mode 100644
index 00000000..982d2622
--- /dev/null
+++ b/home/dot_config/borgmatic.d/kestrel_torus.yaml
@@ -0,0 +1,5 @@
+repositories:
+  - path: ssh://tstarr@torus//engi/store/kestrel.borg
+    label: torus
+
+<<: !include kestrel_common.yaml
diff --git a/provision/hosts/kestrel/backup.nix b/provision/hosts/kestrel/backup.nix
index 1ae3fc40..e251d2c8 100644
--- a/provision/hosts/kestrel/backup.nix
+++ b/provision/hosts/kestrel/backup.nix
@@ -25,6 +25,11 @@
     owner = "${user}";
     group = "users";
   };
+  age.secrets."borg/torus/password" = {
+    file = ../../secrets/borg/torus/password.age;
+    owner = "${user}";
+    group = "users";
+  };
 
   # Password-less logins for backup
   users.users."${user}".openssh.authorizedKeys.keyFiles = [