diff --git a/README.md b/README.md
index 9e5f1b8..316dc92 100644
--- a/README.md
+++ b/README.md
@@ -29,9 +29,11 @@ This Ansible role does not create users in Etebase. And the configuration for th
 | etebase__restart_webserver | ``false`` | Set to ``true`` to restart the webserver on config change *(etebase__systemd_setup needed)*|
 | etebase__webserver_service | ``nginx.service`` | Which systemd unit should be restartet for the webserver |
 | etebase__systemd_setup | ``false`` | Set to ``true`` to start etebase as systemd unit with the systemd socket configured above |
+| etebase__create_backup | ``false`` | Should this role create a backup bevore upgrading etebase |
+| etebase__backup_destionation | ``{{ etebase__user_home }}/backup`` | Destination directory for backup |
+| etebase__backup_sqlite | ``true`` | If we do a backup we could skipping the sqlite3 database by flipping this |
 | submodules_versioncheck | ``false`` | should we do a simple version check for this ansible role |
 
-
  Options for etebase-server.ini
 ------------------------------
 
diff --git a/defaults/main.yml b/defaults/main.yml
index cfcb088..eac175d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -14,6 +14,11 @@ etebase__package_state: 'present'
 etebase__version: 'latest'
 etebase__secrets_dir: "{{ etebase__user_home }}/secrets"
 
+# backup
+etebase__create_backup: false
+etebase__backup_destionation: "{{ etebase__user_home }}/backup"
+etebase__backup_sqlite: true
+
 # hosting
 etebase__collectstatic: true
 
diff --git a/tasks/backup.yml b/tasks/backup.yml
new file mode 100644
index 0000000..969e8ca
--- /dev/null
+++ b/tasks/backup.yml
@@ -0,0 +1,99 @@
+---
+- name: Try to read variable from remote server
+  block:
+    - name: "Read yaml file"
+      become: true
+      ansible.builtin.command: "cat {{ etebase__user_home }}/etebase_version.yml"
+      changed_when: _user.changed | bool
+      register: _vars
+
+    - name: "Parse yaml into variable"
+      ansible.builtin.set_fact:
+        remote_vars: "{{ _vars.stdout | from_yaml }}"
+  rescue:
+    - name: Fail if last version can not be detected
+      ansible.builtin.fail:
+        msg: "Backup Failed. If you run this role the first time you can not backup anything because nothing is installed yet."
+
+- name: "Create Backup of {{ remote_vars.last_etebase_version_target }}"
+  when: remote_vars.last_etebase_version_target != etebase_version_target
+  block:
+    - name: Set current backup dir
+      ansible.builtin.set_fact:
+        # yamllint disable-line rule:line-length
+        etebase__current_backup_destination: "{{ etebase__backup_destionation }}/{{ remote_vars.last_etebase_version_target }}_{{ ansible_date_time.iso8601_micro }}"
+
+    - name: Create etebase backup directory
+      become: true
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        mode: 'u=rwX,g=rX,o='
+        recurse: true
+        group: "{{ etebase__group }}"
+        owner: "{{ etebase__user }}"
+      with_items:
+        - "{{ etebase__backup_destionation }}"
+        - "{{ etebase__current_backup_destination }}"
+
+    - name: Install sqlite3 requirements
+      become: true
+      ansible.builtin.package:
+        name: 'sqlite3'
+        state: "{{ etebase__package_state }}"
+      when: etebase__backup_sqlite | bool
+
+    - name: Create Backup of sqlite3 database
+      become: true
+      ansible.builtin.command:
+        cmd: "sqlite3 {{ etebase__database_name }} \".backup '{{ etebase__current_backup_destination }}/etebase_backup.db.sqlite3'\""
+        creates: "{{ etebase__current_backup_destination }}/etebase_backup.db.sqlite3"
+      when: etebase__backup_sqlite | bool
+
+    - name: Make sure file permissions fit
+      become: true
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        mode: 'u=rwX,g=rX,o='
+        recurse: true
+        group: "{{ etebase__group }}"
+        owner: "{{ etebase__user }}"
+      with_items:
+        - "{{ etebase__current_backup_destination }}"
+
+    - name: Backup static root dir
+      become: true
+      ansible.builtin.copy:
+        directory_mode: 0750
+        mode: 0640
+        group: "{{ etebase__group }}"
+        owner: "{{ etebase__user }}"
+        src: "{{ etebase__global_static_root }}"
+        dest: "{{ etebase__current_backup_destination }}"
+        remote_src: true
+
+    - name: Backup media root dir
+      become: true
+      ansible.builtin.copy:
+        directory_mode: 0750
+        mode: 0640
+        owner: "{{ etebase__user }}"
+        group: "{{ etebase__group }}"
+        src: "{{ etebase__global_media_root }}"
+        dest: "{{ etebase__current_backup_destination }}"
+        remote_src: true
+
+    - name: Create bz2 archive of backup
+      become: true
+      community.general.archive:
+        mode: 0640
+        owner: "{{ etebase__user }}"
+        group: "{{ etebase__group }}"
+        path:
+          - "{{ etebase__current_backup_destination }}"
+          - "{{ etebase__user_home }}/etebase_{{ remote_vars.last_etebase_version_target }}"
+          - "{{ etebase__venv_path }}/{{ remote_vars.last_etebase_version_target }}"
+        dest: "{{ etebase__current_backup_destination }}.tar.bz2"
+        format: bz2
+        remove: true
diff --git a/tasks/configure.yml b/tasks/configure.yml
index 78d5b06..30ac964 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -33,3 +33,12 @@
   with_items:
     - "{{ etebase__global_media_root }}"
     - "{{ etebase__secrets_dir }}"
+
+- name: Deploy yaml file for optional backup support
+  become: true
+  ansible.builtin.template:
+    src: "templates/etebase_version.yml"
+    dest: "{{ etebase__user_home }}/etebase_version.yml"
+    mode: '0640'
+    group: "{{ etebase__group }}"
+    owner: "{{ etebase__user }}"
diff --git a/tasks/create_user.yml b/tasks/create_user.yml
index 7d89610..45c2d2a 100644
--- a/tasks/create_user.yml
+++ b/tasks/create_user.yml
@@ -5,6 +5,9 @@
     name: "{{ etebase__group }}"
     system: true
     state: "present"
+  notify:
+    - "Systemctl restart etebase.service"
+    - "Systemctl restart webserver"
 
 - name: "Create Etebase User"
   become: true
@@ -16,3 +19,7 @@
     home: "{{ etebase__user_home }}"
     shell: "{{ etebase__shell }}"
     system: true
+  register: _user
+  notify:
+    - "Systemctl restart etebase.service"
+    - "Systemctl restart webserver"
diff --git a/tasks/download.yml b/tasks/download.yml
index d40e14c..5e92580 100644
--- a/tasks/download.yml
+++ b/tasks/download.yml
@@ -12,6 +12,9 @@
     update: false
     version: "{{ etebase_version_target }}"
   register: _etebase_download
+  notify:
+    - "Systemctl restart etebase.service"
+    - "Systemctl restart webserver"
 
 - name: Fix venv File owner/group
   become: true
diff --git a/tasks/filepermissions.yml b/tasks/filepermissions.yml
index 440aaac..ba0b9eb 100644
--- a/tasks/filepermissions.yml
+++ b/tasks/filepermissions.yml
@@ -10,6 +10,9 @@
     mode: 'u=rwX,g=rX,o=rX'
   with_items:
     - "{{ etebase__global_static_root }}"
+  notify:
+    - "Systemctl restart etebase.service"
+    - "Systemctl restart webserver"
 
 - name: "Set and cleanup file permissions again"
   become: true
@@ -25,3 +28,6 @@
     - "{{ etebase__secrets_dir }}"
     - "{{ etebase__venv }}"
     - "{{ etebase__user_home }}/etebase_{{ etebase_version_target }}"
+  notify:
+    - "Systemctl restart etebase.service"
+    - "Systemctl restart webserver"
diff --git a/tasks/main.yml b/tasks/main.yml
index d343fce..d21e151 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -9,6 +9,10 @@
 - name: Define Etebase Version
   ansible.builtin.include_tasks: set_version.yml
 
+- name: Run optional etebase backup
+  ansible.builtin.include_tasks: backup.yml
+  when: etebase__create_backup | bool
+
 - name: Download Etebase Repo
   ansible.builtin.include_tasks: download.yml
 
diff --git a/tasks/migrate.yml b/tasks/migrate.yml
index cd2b121..975f40c 100644
--- a/tasks/migrate.yml
+++ b/tasks/migrate.yml
@@ -19,6 +19,9 @@
     cmd: "{{ etebase__venv }}/bin/python3 ./manage.py collectstatic"
     creates: "{{ etebase__global_static_root }}/admin"
   register: _etebase_collectstatic
+  notify:
+    - "Systemctl restart etebase.service"
+    - "Systemctl restart webserver"
 
 - name: Print output of python3 manage.py collectstatic
   ansible.builtin.debug:
diff --git a/tasks/python_venv.yml b/tasks/python_venv.yml
index 3e6c602..7b822f1 100644
--- a/tasks/python_venv.yml
+++ b/tasks/python_venv.yml
@@ -20,6 +20,9 @@
     virtualenv: "{{ etebase__venv }}"
     state: "{{ etebase__package_state }}"
     umask: "0027"
+  notify:
+    - "Systemctl restart etebase.service"
+    - "Systemctl restart webserver"
 
 - name: Install etebase ASGI Server
   become: true
@@ -28,6 +31,9 @@
     virtualenv: "{{ etebase__venv }}"
     state: "{{ etebase__package_state }}"
     umask: "0027"
+  notify:
+    - "Systemctl restart etebase.service"
+    - "Systemctl restart webserver"
 
 - name: Fix venv File owner/group
   become: true
diff --git a/templates/etebase_version.yml b/templates/etebase_version.yml
new file mode 100644
index 0000000..8986966
--- /dev/null
+++ b/templates/etebase_version.yml
@@ -0,0 +1,5 @@
+---
+#
+# {{ ansible_managed }}
+#
+last_etebase_version_target: '{{ etebase_version_target }}'
diff --git a/vars/main.yml b/vars/main.yml
index 0506204..4e776c7 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -4,5 +4,5 @@ etebase__repo_api: 'https://api.github.com/repos/etesync/server/tags'
 etebase__venv: "{{ etebase__venv_path }}/{{ etebase_version_target }}"
 
 # versionscheck
-playbook_version_number: 11   # should be a integer
+playbook_version_number: 12   # should be a integer
 playbook_version_path: 'role-do1jlr.etebase'