diff --git a/machines/modules/malobeo/backup.nix b/machines/modules/malobeo/backup.nix
index 9ae4b30..7f20e69 100644
--- a/machines/modules/malobeo/backup.nix
+++ b/machines/modules/malobeo/backup.nix
@@ -2,8 +2,18 @@
 with lib;
 let 
   cfg = config.malobeo.backup;
-  newfunc = (hostname: datasetNames: (map (dataset:  { name = "${hostname}_${dataset.sourceDataset}"; value = { inherit hostname; inherit dataset; }; } ) datasetNames));
+  hostToCommand = (hostname: datasetNames: 
+    (map (dataset:  { 
+      name = "${hostname}_${dataset.sourceDataset}";
+      value = { 
+        inherit hostname; 
+        inherit (dataset) sourceDataset targetDataset;
+      }; 
+    } ) datasetNames));
   peers = import ./peers.nix;
+
+  enableSnapshots = cfg.snapshots != null;
+  enableBackups = cfg.hosts != null;
 in
 {
   options.malobeo.backup = {
@@ -14,15 +24,14 @@ in
     };
 
     snapshots = mkOption {
-      type = types.listOf types.str;
-      default = [];
+      type = types.nullOr (types.listOf types.str);
+      default = null;
       description = "Automatic snapshots will be created for the given datasets";
     };
 
-    #TODO: instead listof str we need dataset here to declare the dataset name on the source host
-    #      and also the dataset name on target host (which stores the backups)
     hosts = mkOption {
-      type = types.attrsOf (types.listOf (types.submodule {
+      default = null;
+      type = types.nullOr (types.attrsOf (types.listOf (types.submodule {
         options = {
           sourceDataset = mkOption {
             type = types.str;
@@ -31,13 +40,19 @@ in
             type = types.str;
           };
         };
-      }));
+      })));
       description = "Hostname with list of datasets to backup.";
     };
+
+    sshKey = mkOption {
+      default = null;
+      type = types.nullOr types.str;
+      description = "Set path to ssh key used for pull backups. Otherwise default key is used";
+    };
   };
   
   config = mkIf (cfg.enable) {
-    services.sanoid = {
+    services.sanoid = mkIf (enableSnapshots) {
       enable = true;
   
       templates."default" = {
@@ -56,10 +71,9 @@ in
       }; }) cfg.snapshots);
     };
 
-    services.syncoid = with config; {
+    services.syncoid = mkIf (enableBackups) {
       enable = true;
-  
-      sshKey = sops.secrets.backup_key.path;
+      sshKey = cfg.sshKey;
   
       commonArgs = [
         "--no-sync-snap"
@@ -68,17 +82,12 @@ in
       interval = "*-*-* 04:15:00";
   
       commands = builtins.mapAttrs (name: value: {
-        source = "backup@${peers.${value.hostname}.address}:${value.dataset.sourceDataset}";
-        target = "${value.dataset.targetDataset}";
+        source = "backup@${peers.${value.hostname}.address}:${value.sourceDataset}";
+        target = "${value.targetDataset}";
         sendOptions = "w";
         recvOptions = "\"\"";
         recursive = true;
-      })(builtins.listToAttrs (builtins.concatLists (builtins.attrValues (builtins.mapAttrs newfunc cfg.hosts))));
-    };
-  
-    sops.secrets.backup_key = {
-      owner = config.services.syncoid.user;
-      key = "backup_key";
+      })(builtins.listToAttrs (builtins.concatLists (builtins.attrValues (builtins.mapAttrs hostToCommand cfg.hosts))));
     };
   };
 }