diff --git a/nixos/modules/borgbackup.nix b/nixos/modules/borgbackup.nix
index cd5c794..b5cbe40 100644
--- a/nixos/modules/borgbackup.nix
+++ b/nixos/modules/borgbackup.nix
@@ -112,16 +112,24 @@ in {
           allowSubRepos = true;
         };
       };
-      # Configure backup of files on the department's fs account
+      # Configure backup of files on the department's fs account:
+      # This job first copies the files to the local account 'fsaccount' in tmpfs
+      # and then takes a regular backup of the mirrored folder.
+
+      # See also https://borgbackup.readthedocs.io/en/stable/deployment/pull-backup.html
+      # which does not work due to missing permissions.
       jobs.fsaccount = {
         preHook = ''
           mkdir -p /home/fsaccount/sicherung # Create if it does not exist
           ${pkgs.rsync}/bin/rsync -e 'ssh -i /run/secrets/backupKey' -r fachschaft@gw1.mathematik.tu-darmstadt.de:/home/fachschaft/* /home/fsaccount/sicherung
         '';
         paths = "/home/fsaccount/sicherung";
-        encryption.mode = "none";
+        encryption.mode = "none"; # Otherwise the key is next to the backup or we have human interaction.
         environment = {
           BORG_RSH = "ssh -i /run/secrets/backupKey";
+          # “Borg ensures that backups are not created on random drives that ‘just happen’ to contain a Borg repository.”
+          # https://borgbackup.readthedocs.io/en/stable/deployment/automated-local.html
+          # We don't want this in order to not need to persist borg cache and simplify new deployments.
           BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK = "yes";
         };
         repo = "borg@localhost:fsaccount";
@@ -131,6 +139,16 @@ in {
         readWritePaths = ["/home/fsaccount"];
       };
     };
+    # Extra user for FS account backup
+    users.users = {
+      fsaccount = {
+        description = "FS Account backup";
+        isSystemUser = true;
+        home = "/home/fsaccount";
+        createHome = true;
+        group = "users";
+      };
+    };
     environment.persistence.${config.impermanence.name} = {
       users.fsaccount.files = [
         {
@@ -149,15 +167,5 @@ in {
       inherit (config.users.users.fsaccount) group;
       mode = "0400";
     };
-    # Extra user for FS account backup
-    users.users = {
-      fsaccount = {
-        description = "FS Account backup";
-        isSystemUser = true;
-        home = "/home/fsaccount";
-        createHome = true;
-        group = "users";
-      };
-    };
   };
 }