diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index 4da2625..4ac35c4 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -103,10 +103,12 @@ borg_keep_daily: 7
 borg_keep_weekly: 4
 borg_keep_monthly: 12
 borg_backup_directories:
-  - "/etc/"
-  - "/var/"
+  - /etc
+  - /var
 borg_backup_exclude:
-  - "/var/log/"
+  - /var/log
+  - /var/lib/docker
+  - /var/lib/lxcfs
 borg_encryption_passphrase: "{{ vault_borg_encryption_passphrase }}"
 
 borg_server_host: 10.128.0.4
diff --git a/roles/borgbackup_client/tasks/main.yml b/roles/borgbackup_client/tasks/main.yml
index f96b9a0..728d253 100644
--- a/roles/borgbackup_client/tasks/main.yml
+++ b/roles/borgbackup_client/tasks/main.yml
@@ -12,19 +12,8 @@
     - src: apt/preferences.j2
       dest: /etc/apt/preferences.d/borgmatic-bullseye
   when:
-    - ansible_distribution == "Debian"
-    - ansible_distribution_major_version | int <= 10
-
-- name: Don't pin borgmatic if we are on bullseye
-  file:
-    path: "/etc/apt/{{ item }}"
-    state: absent
-  loop:
-    - sources.list.d/bullseye.list
-    - preferences.d/borgmatic-bullseye
-  when:
-    - ansible_distribution == "Debian"
-    - ansible_distribution_release == "bullseye"
+    - "ansible_distribution == 'Debian'"
+    - "ansible_distribution_major_version in ('stretch', 'buster')"
 
 - name: Install borgmatic
   apt:
@@ -119,12 +108,6 @@
     state: started
     enabled: true
 
-- name: Start and enable borgmatic service
-  systemd:
-    name: borgmatic.service
-    state: started
-    enabled: true
-
 - include_role:
     name: update_motd
   vars:
diff --git a/roles/borgbackup_client/templates/borgmatic.service.j2 b/roles/borgbackup_client/templates/borgmatic.service.j2
index 0dc140b..0573bd8 100644
--- a/roles/borgbackup_client/templates/borgmatic.service.j2
+++ b/roles/borgbackup_client/templates/borgmatic.service.j2
@@ -19,11 +19,14 @@ IOSchedulingPriority=7
 IOWeight=100
 
 Restart=no
-# Prevent rate limiting of borgmatic log events. If you are using an older version of systemd that
-# doesn't support this (pre-240 or so), you may have to remove this option.
+# Prevent rate limiting of borgmatic log events. If you are using an older
+# version of systemd that doesn't support this (pre-240 or so), you may have
+# to remove this option.
 LogRateLimitIntervalSec=0
 
-# Delay start to prevent backups running during boot. Note that systemd-inhibit requires dbus and
-# dbus-user-session to be installed.
+# Delay start to prevent backups running during boot. Note that
+# systemd-inhibit requires dbus and dbus-user-session to be installed.
 # ExecStartPre=sleep 1m
-ExecStart=systemd-inhibit --who="borgmatic" --why="Prevent interrupting scheduled backup" /usr/bin/borgmatic -v 1
+ExecStart=systemd-inhibit --who="borgmatic" \
+    --why="Prevent interrupting scheduled backup" \
+    /usr/bin/borgmatic -v 2
diff --git a/roles/borgbackup_client/templates/borgmatic.timer.j2 b/roles/borgbackup_client/templates/borgmatic.timer.j2
index 22f1bf9..663f8ca 100644
--- a/roles/borgbackup_client/templates/borgmatic.timer.j2
+++ b/roles/borgbackup_client/templates/borgmatic.timer.j2
@@ -4,7 +4,8 @@
 Description=Timer for borgmatic backup
 
 [Timer]
-OnCalendar=daily
+OnCalendar=hourly
+RandomizedDelaySec=10m
 
 [Install]
 WantedBy=timers.target