diff --git a/flake.nix b/flake.nix
index c9ee0ff..00a3338 100644
--- a/flake.nix
+++ b/flake.nix
@@ -156,6 +156,7 @@
 
           cachix-deploy = ./modules/nixos/cachix-deploy;
           community-builder = ./modules/nixos/community-builder;
+          github-org-backup = ./modules/nixos/github-org-backup.nix;
           hercules-ci = ./modules/nixos/hercules-ci;
           hydra = ./modules/nixos/hydra.nix;
           nur-update = ./modules/nixos/nur-update.nix;
diff --git a/hosts/build03/configuration.nix b/hosts/build03/configuration.nix
index 8b612e6..e61e74c 100644
--- a/hosts/build03/configuration.nix
+++ b/hosts/build03/configuration.nix
@@ -21,6 +21,7 @@
     inputs.self.nixosModules.remote-builder-darwin02
     inputs.self.nixosModules.remote-builder-darwin03
 
+    inputs.self.nixosModules.github-org-backup
     inputs.self.nixosModules.hydra
     inputs.self.nixosModules.nur-update
   ];
diff --git a/hosts/build03/secrets.yaml b/hosts/build03/secrets.yaml
index da6c06d..351dd70 100644
--- a/hosts/build03/secrets.yaml
+++ b/hosts/build03/secrets.yaml
@@ -3,6 +3,7 @@ id_buildfarm: ENC[AES256_GCM,data:18qi8jBCsntp/6mM8iFkpUS+4yQAsaL6JtLBR9fT51XSWL
 hydra-admin-password: ENC[AES256_GCM,data:t0vmchbXXIAzvM2nxm4j16N9W67yWRb439M=,iv:qr/OfyMvTzi6Znw446KtxE2erh3XWi2VTJvVL2Ot2UI=,tag:mS6HlE6nojkemjp4F59+wQ==,type:str]
 nur-update-github-token: ENC[AES256_GCM,data:KIZCx9IeuBHZei2V13iiyHzCedhkkGEd08mVJEc6F0DWQn1wtzC7+w==,iv:pNVRj/RR7wj64g640F7Vo4H10ijsxnrfFQnt6YHBug4=,tag:UlvOMNB5JZbuJaD9TcJ2UQ==,type:str]
 hydra-users: ENC[AES256_GCM,data:askAB+a3bsFvue/j9i6sYSwgOQl+rL+uh+1+z+xizzBOWdTZcvRh5uFHTkg7MV/E7tG7eRByQ7b+v/onJ4+l3rGJJ6qsWtLLLizC1rusngsAXyI9jt66eqpsyacN5kw8cKILjGearptrhUZDWdKpbaHII6fwUbWbjyV5fpoQzNmI4VELWEQMZ50yECfAfCLHx9iTdoMJHPXzhqwvAZ+TbX6TsyqbDrrNauYWNUBhCK7E2tDYAQqOGhxnQWI+gQs=,iv:Baqyd/WfloMuXTiICD2dlvENst8G6YU9rSHdRkTECkU=,tag:z4j5dYcba3aZTyWu5wvkzw==,type:str]
+hetzner-borgbackup-ssh: ENC[AES256_GCM,data:ZNrQp36c3EuERlAYez6SHTLbHK7ZmLNqDpAffTTQARL2zpnjpw1wJQJdm6d6Un1wTjYmHMJ/f1jCKgn389FGiZJwxSLUL4Ko2n5HffBTjZwTeqE1y4XFe6qvAY/LYBmD728ZWOsSWPvoVZOm1dG7LsxxwUZWk2VyDtvODuJBInn19Dn7Tw5VqPjJMJAp5CfAaW8ilEPpdeG0JQfkJkBQj0+pMlpI1EIVDvdZai5fesweUWeaajrPnIjrBbqdFvd8eG9qrTehLM7FvpnT2qllfsCOeQf/KTPEw16I6eGFFm22iPblJgHFPzpu1a2Lvwn+8HcwqSMlGI9poOeV5RwXqBhFX9vozlN8G82csAnehiZmLktyYin1kYF3nfOXFqH9fKxbvXn/1hxQP//GDeoaNlepa/K/w51pj1mgbIXIb5g/PKsHaC7Rv3iDMcYW977+lobA4WnxfWhjA6k/iBb1unkSKbrZs+iHglpOKueAq9g6HO5fJ299eY2+GcmsPU3QKm4W,iv:550mzEValpqVruLQBMMJeJHVyYfaxNHwCvXkvz66qI0=,tag:k48T+9AtJs8GTVchyEP8Jw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -63,8 +64,8 @@ sops:
             WUZQSGQyQy9halJsRTIvb1FGV08zZEEKmjlYY6epTuZKRBcVyjPvJI5XKQtP5Yag
             FMrI+M6hUeyBeCade5C+Y4eGQbt57BWLmsX7u0J1WTlkUSS5j7+wPg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-04-24T21:59:57Z"
-    mac: ENC[AES256_GCM,data:OlS4htYXpBjYSFR5zsyr7H/cjT0DEsy4OQT3Bj7NkpZVpgS6zZ5s5BlND0wzgvvqwbACUjkiwZsEjIPD4xLfPsMlUm14NjZarBeePGN+/5hGpTjMHxJsboByZtsnOzkOk0eGhSc51tYhWBd1cPRfMJ0hR63eM0BU/8gzyF1onPc=,iv:sI8Nln8lLbpjJAIIRn3eEZjT/cb99VB02pyAzEz/wrI=,tag:6/9zhsaxDdS27m5y9d2z+Q==,type:str]
+    lastmodified: "2023-07-21T12:58:43Z"
+    mac: ENC[AES256_GCM,data:zTImcUQeQsbWfWZjwJ6nPNCrYWkyUvZrud3pNWdsMLqXn0uB61n/Oav3i3m1zyz7eQObutG1OR+0aUlLMk0v7Xbz9rZCrMKN+GuV7tcaeu3ksvpn21ldd8PGzmYa6M+0EKkVqeTKXYHYY06OsxfeWafT52XA+0/uKE+3ldS2o3U=,iv:CSWcScdbdu+6lWt/6WFBBO8GqygNsKVNzII3bbxh8jg=,tag:tBwvCs0usPFBgoWRw3G5eQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3
diff --git a/modules/nixos/github-org-backup.nix b/modules/nixos/github-org-backup.nix
new file mode 100644
index 0000000..1f6f6ae
--- /dev/null
+++ b/modules/nixos/github-org-backup.nix
@@ -0,0 +1,59 @@
+{ config, pkgs, ... }:
+{
+  # upstream docs show how to restore these backups
+  # https://github.com/gabrie30/ghorg/blob/92965c8b25ca423223888e1138d175bfc2f4b39b/README.md#creating-backups
+  systemd.services.github-org-backup = {
+    environment.HOME = "/var/lib/github-org-backup";
+    path = [ pkgs.git pkgs.ghorg ];
+    # exclude nix, nixpkgs and repos > 200MB
+    script = ''
+      ghorg clone nix-community \
+        --backup \
+        --clone-wiki \
+        --concurrency 2 \
+        --exclude-match-regex '^(all-cabal-json|dream2nix-nodejs-auto|nix|nixpkgs|nur-search)$' \
+        --no-token \
+        --path /var/lib/github-org-backup \
+        --prune \
+        --prune-no-confirm
+    '';
+    startAt = "daily";
+    serviceConfig.Type = "oneshot";
+  };
+
+  sops.secrets.hetzner-borgbackup-ssh = { };
+
+  systemd.services.borgbackup-job-github-org = {
+    after = [ "github-org-backup.service" ];
+    serviceConfig.ReadWritePaths = [
+      "/var/log/telegraf"
+    ];
+  };
+
+  services.borgbackup.jobs.github-org = {
+    paths = [
+      "/var/lib/github-org-backup"
+    ];
+    repo = "u348918@u348918.your-storagebox.de:/./github-org";
+    encryption.mode = "none";
+    compression = "auto,zstd";
+    startAt = "daily";
+    environment.BORG_RSH = "ssh -oPort=23 -i ${config.sops.secrets.hetzner-borgbackup-ssh.path}";
+    preHook = ''
+      set -x
+    '';
+
+    postHook = ''
+      cat > /var/log/telegraf/borgbackup-github-org <<EOF
+      task,frequency=daily last_run=$(date +%s)i,state="$([[ $exitStatus == 0 ]] && echo ok || echo fail)"
+      EOF
+    '';
+
+    prune.keep = {
+      within = "1d"; # Keep all archives from the last day
+      daily = 7;
+      weekly = 4;
+      monthly = 0;
+    };
+  };
+}