diff --git a/hosts/hel1-a/configuration.nix b/hosts/hel1-a/configuration.nix
index bc12223..50b056e 100644
--- a/hosts/hel1-a/configuration.nix
+++ b/hosts/hel1-a/configuration.nix
@@ -117,7 +117,7 @@ in {
 
     nsd = {
       enable = true;
-      interfaces = [ "0.0.0.0" "::" ];
+      interfaces = ["0.0.0.0" "::"];
       zones = {
         "jakstys.lt.".data = myData.jakstysLTZone;
       };
diff --git a/hosts/vm/configuration.nix b/hosts/vm/configuration.nix
index 3d144cf..41ef56b 100644
--- a/hosts/vm/configuration.nix
+++ b/hosts/vm/configuration.nix
@@ -10,6 +10,16 @@ in {
     stateVersion = "23.05";
     timeZone = "UTC";
     stubPasswords = true;
+
+    base.snapshot = {
+      enable = true;
+      pools = {
+        var_lib = {
+          mountpoint = "/var/lib";
+          zfs_name = "rpool/nixos/var/lib";
+        };
+      };
+    };
   };
 
   environment = {
@@ -22,7 +32,7 @@ in {
   services = {
     nsd = {
       enable = true;
-      interfaces = [ "0.0.0.0" "::" ];
+      interfaces = ["0.0.0.0" "::"];
       zones = {
         "jakstys.lt.".data = myData.jakstysLTZone;
       };
diff --git a/modules/base/default.nix b/modules/base/default.nix
index 99dccca..d54c1c9 100644
--- a/modules/base/default.nix
+++ b/modules/base/default.nix
@@ -8,6 +8,7 @@
   imports = [
     ./sshd
     ./initrd
+    ./snapshot
   ];
 
   options.mj = {
@@ -51,11 +52,17 @@
     };
 
     users = let
-      withPasswordFile = file: attrs: (if config.mj.stubPasswords then {
-        initialPassword = "live";
-      } else {
-        passwordFile = file;
-      }) // attrs;
+      withPasswordFile = file: attrs:
+        (
+          if config.mj.stubPasswords
+          then {
+            initialPassword = "live";
+          }
+          else {
+            passwordFile = file;
+          }
+        )
+        // attrs;
     in {
       mutableUsers = false;
 
@@ -67,7 +74,7 @@
           openssh.authorizedKeys.keys = [myData.ssh_pubkeys.motiejus];
         };
 
-        root = withPasswordFile config.age.secrets.root-passwd-hash.path { };
+        root = withPasswordFile config.age.secrets.root-passwd-hash.path {};
       };
     };
 
diff --git a/modules/base/snapshot/default.nix b/modules/base/snapshot/default.nix
new file mode 100644
index 0000000..1d18fa5
--- /dev/null
+++ b/modules/base/snapshot/default.nix
@@ -0,0 +1,46 @@
+{
+  config,
+  lib,
+  myData,
+  ...
+}:
+with lib; {
+  options.mj.base.snapshot = {
+    enable = mkEnableOption "Enable zfs snapshots";
+
+    pools = mkOption {
+      default = {};
+      type = with types;
+        attrsOf (submodule (
+          {...}: {
+            options = {
+              mountpoint = mkOption {type = str;};
+              zfs_name = mkOption {type = str;};
+              #paths = mkOption { type = listOf str; };
+              #backup_at = mkOption { type = str; };
+            };
+          }
+        ));
+    };
+  };
+
+  config = with config.mj.base.snapshot;
+    mkIf enable {
+      sanoid = {
+        enable = true;
+        templates.prod = {
+          hourly = 24;
+          daily = 7;
+          autosnap = true;
+          autoprune = true;
+        };
+        datasets =
+          lib.mapAttrs' (name: value: {
+            name = value.zfs_name;
+            value = {use_template = ["prod"];};
+          })
+          pools;
+        extraArgs = ["--verbose"];
+      };
+    };
+}