diff --git a/group_vars/all/backup.yml b/group_vars/all/backup.yml
index b14726a..2b91d52 100644
--- a/group_vars/all/backup.yml
+++ b/group_vars/all/backup.yml
@@ -3,13 +3,13 @@
 # Hosts not listed here are skipped by the `backup` role.
 # The value under each host is rendered verbatim as the borgmatic
 # config file (see https://torsion.org/borgmatic/docs/reference/configuration/).
-backup_hosts: {}
-  # jim:
-  #   source_directories:
-  #     - /home
-  #     - /etc
-  #   repositories:
-  #     - path: ssh://user@backup.example.com/./backups/jim
-  #   keep_daily: 7
-  #   keep_weekly: 4
-  #   keep_monthly: 6
+backup_hosts:
+  testipaclient:
+    source_directories:
+      - /home/jakub
+    repositories:
+      - path: /var/backups/borg/jakub-home
+        label: jakub-home
+    keep_daily: 7
+    keep_weekly: 4
+    keep_monthly: 6
diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml
index d2020c6..ebfa3f4 100644
--- a/roles/backup/tasks/main.yml
+++ b/roles/backup/tasks/main.yml
@@ -28,3 +28,22 @@
         owner: root
         group: root
         mode: '0640'
+
+    - name: Ensure root has an SSH key for the borg server
+      ansible.builtin.user:
+        name: root
+        generate_ssh_key: true
+        ssh_key_type: ed25519
+        ssh_key_file: .ssh/id_ed25519
+        ssh_key_comment: "borgmatic@{{ inventory_hostname }}"
+      register: root_ssh
+
+    - name: Show root's SSH public key (add this to the borg server's authorized_keys)
+      ansible.builtin.debug:
+        msg: "{{ root_ssh.ssh_public_key }}"
+
+    - name: Enable and start borgmatic timer
+      ansible.builtin.systemd:
+        name: borgmatic.timer
+        enabled: true
+        state: started