diff --git a/hosts/brontes/configuration.nix b/hosts/brontes/configuration.nix
index 4a083e0..a83739e 100644
--- a/hosts/brontes/configuration.nix
+++ b/hosts/brontes/configuration.nix
@@ -40,6 +40,15 @@
         enable = true;
         tags = [ "client" ];
       };
+      rsync-backup = {
+        enable = true;
+        sources = [
+          "/home/ny/Downloads"
+          "/home/ny/notes"
+        ];
+        target = "/home/ny/test";
+        incremental.enable = true;
+      };
     };
 
     media.enableAll = true;
diff --git a/options/services/default.nix b/options/services/default.nix
index 7e1355c..c7f654e 100644
--- a/options/services/default.nix
+++ b/options/services/default.nix
@@ -2,5 +2,6 @@
   imports = [
     ./nysh.nix
     ./tailscale.nix
+    ./rsync
   ];
 }
diff --git a/options/services/rsync/default.nix b/options/services/rsync/default.nix
new file mode 100644
index 0000000..749bcec
--- /dev/null
+++ b/options/services/rsync/default.nix
@@ -0,0 +1,167 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  inherit (lib)
+    mkIf
+    mkEnableOption
+    mkOption
+    stringToCharacters
+    head
+    concatStringsSep
+    ;
+  inherit (lib.types)
+    listOf
+    nonEmptyStr
+    package
+    enum
+    str
+    ;
+  cfg = config.modules.services.rsync-backup;
+in
+{
+  # Used to back up multiple source destinations to a target destination regularly,
+  # with possibility to enable incremental backups for versioning.
+
+  # TODO: systemd unit
+  # - [x] script taking configurable args
+  # - [x] sync from/to paths
+  # - [ ] support
+  #       - [ ] nfs
+  #       - [ ] sftp
+  #       - [x] ssh
+  #       - [x] local
+  # - retention limit for incremental backups
+
+  options.modules.services.rsync-backup = {
+    enable = mkEnableOption "rsync backups";
+
+    sources = mkOption {
+      type = listOf nonEmptyStr;
+      default = [ ]; # TODO: validate if at least 1 element
+      apply = map (s: "\"${s}\"");
+      description = ''
+        A list of absolute paths to the files or folders that should get synchronized.
+        It isn't necessary to wrap them in escaped double quotation marks.
+      '';
+    };
+
+    exclude = mkOption {
+      type = str;
+      default = "";
+    };
+
+    target = mkOption {
+      type = nonEmptyStr;
+      description = ''
+        The target to where the data should be backed up.
+        If it is a directory, it will be created automatically by rsync.
+        Append a : to the string if it is an ssh target and ensure that passwordless access is available.
+      '';
+    };
+
+    targetType = mkOption {
+      type = enum [
+        "local"
+        "ssh"
+      ];
+      default = if head (stringToCharacters cfg.target) == "/" then "local" else "ssh";
+      description = ''
+        Guesses if the given target is local or ssh, very rudimentary therefore it might be necessary to specify manually (or rewrite the logic).
+      '';
+    };
+
+    package = mkOption {
+      type = package;
+      default = pkgs.rsync;
+      description = ''
+        The rsync package to use.
+      '';
+    };
+
+    flags = mkOption {
+      type = listOf str;
+      default = [
+        "--archive"
+        "--verbose"
+      ];
+    };
+
+    flagsFinal = mkOption {
+      type = listOf str;
+      default = cfg.flags ++ [
+        (mkIf cfg.incremental.enable "--delete")
+        (mkIf (cfg.exclude != "") "--exclude=\"${cfg.exclude}\"")
+        (mkIf cfg.incremental.enable "--backup-dir=\"${cfg.incremental.finalIncrementPath}\"")
+      ];
+      apply = concatStringsSep " ";
+    };
+
+    interval = mkOption {
+      type = nonEmptyStr;
+      default = "1d";
+    };
+
+    incremental = {
+      enable = mkEnableOption "incremental backups";
+      format = mkOption {
+        type = nonEmptyStr;
+        default = "%Y-%m-%d-%-H-%M-%S-$RANDOM";
+        description = ''
+          The increment folder name. Refer to `man date` for specifics about the format.
+          Omit the leading +.
+        '';
+      };
+      finalIncrementPath = mkOption {
+        type = nonEmptyStr;
+        default = "${cfg.target}/increment/$(date +${cfg.incremental.format})/";
+      };
+      # TODO: add retention
+    };
+
+    unitName = mkOption {
+      type = nonEmptyStr;
+      default = "rsync-backup";
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    systemd.timers.${cfg.unitName} = {
+      enable = true;
+      unitConfig = {
+        Description = "Triggers rsync-backup regularly.";
+      };
+      timerConfig = {
+        Unit = "${cfg.unitName}.service";
+        OnBootSec = cfg.interval;
+      };
+    };
+
+    systemd.services.${cfg.unitName} = {
+      script =
+        let
+          destination = if cfg.incremental.enable then "${cfg.target}/backup" else cfg.target;
+        in
+        ''
+          ${cfg.package}/bin/rsync \
+              ${cfg.flagsFinal} \
+              ${concatStringsSep " " cfg.sources} \
+              "${destination}"
+        '';
+
+      requires = mkIf (cfg.targetType == "ssh") [ "network.target" ];
+      unitConfig = {
+        Description = "Backs up files from a source location to a specified destination.";
+      };
+      serviceConfig = {
+        Type = "simple";
+        Restart = "on-failure";
+        RestartSec = 300;
+      };
+    };
+  };
+}