diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix
index 3462ee3..1a0e794 100644
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@@ -111,6 +111,12 @@
         group = "users";
       };
 
+      wifibackup = {
+        enable = true;
+        toPath = "/home/motiejus/M-Active/wifi";
+        toUser = config.mj.username;
+      };
+
       remote-builder.client = let
         host = myData.hosts."fra1-a.servers.jakst";
       in {
diff --git a/modules/services/default.nix b/modules/services/default.nix
index 8b37e25..801f94a 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -15,6 +15,7 @@
     ./sshguard
     ./syncthing
     ./tailscale
+    ./wifibackup
     ./zfsunlock
   ];
 }
diff --git a/modules/services/wifibackup/default.nix b/modules/services/wifibackup/default.nix
new file mode 100644
index 0000000..508857e
--- /dev/null
+++ b/modules/services/wifibackup/default.nix
@@ -0,0 +1,72 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}: let
+  mergeNmConnections = pkgs.writeShellApplication {
+    name = "merge-nmconnections";
+    text = ''
+      CURRENT1="$1"
+      CURRENT2="$2"
+      NEW="$3"
+      NEW1="$4"
+      NEW2="$5"
+
+      sed -i -E '/^(uuid|interface-name)=/d' "$CURRENT1"
+      sed -i -E '/^(uuid|interface-name)=/d' "$CURRENT2"
+
+      if cmp "$1" "$2"; then
+          mv "$CURRENT1" "$NEW"
+      else
+          mv "$CURRENT1" "$NEW1"
+          mv "$CURRENT2" "$NEW2"
+          exit 1
+      fi
+    '';
+  };
+in {
+  options.mj.services.wifibackup = with lib.types; {
+    enable = lib.mkEnableOption "enable wifi code backups to M-Active";
+    fromPath = lib.mkOption {
+      type = path;
+      default = "/etc/NetworkManager/system-connections";
+    };
+    toPath = lib.mkOption {
+      type = path;
+      example = "/home/motiejus/M-Active/wifi";
+    };
+    toUser = lib.mkOption {
+      type = str;
+      example = "motiejus";
+    };
+  };
+
+  config = with config.mj.services.wifibackup;
+    lib.mkIf enable {
+      systemd.timers.wifibackup = {
+        description = "wifibackup to M-Active";
+        wantedBy = ["timers.target"];
+        timerConfig.OnCalendar = "*-*-* 22:00:00 UTC";
+      };
+      systemd.services.wifibackup = {
+        description = "backup ${fromPath} to ${toPath}";
+        serviceConfig = {
+          Type = "oneshot";
+          User = "root";
+          ExecStart = ''
+            ${pkgs.unison}/bin/unison \
+                -sshargs "-i /etc/ssh/ssh_host_ed25519_key" \
+                -batch \
+                -merge "Name *.nmconnection -> ${mergeNmConnections}/bin/merge-nmconnections CURRENT1 CURRENT2 NEW NEW1 NEW2" \
+                -backuploc local \
+                -backup "Name *" \
+                -backupprefix "" \
+                -backupsuffix ".backup-$VERSION" \
+                ${fromPath} \
+                ssh://${toUser}@localhost/${toPath}/
+          '';
+        };
+      };
+    };
+}