diff --git a/infrastructure/server-setup/group_vars/all.yml b/infrastructure/server-setup/group_vars/all.yml
index 1529c0347..cf2927713 100644
--- a/infrastructure/server-setup/group_vars/all.yml
+++ b/infrastructure/server-setup/group_vars/all.yml
@@ -10,5 +10,4 @@ ansible_python_interpreter: /usr/bin/python3
 encrypt_data: False
 swap_file_path: /swapfile
 swap_file_size_mb: 8000
-external_backup_server_remote_directory: /home/backup/backups
 external_backup_server_user: 'backup'
diff --git a/infrastructure/server-setup/production.yml b/infrastructure/server-setup/production.yml
index 7694a407f..3b3dc7252 100644
--- a/infrastructure/server-setup/production.yml
+++ b/infrastructure/server-setup/production.yml
@@ -12,11 +12,13 @@ all:
     # This configuration variable blocks all access to the server, including SSH, except from the IP addresses specified below.
     # This should always be set when configuring a production server if there is no other firewall in front of the server.
     # SSH and other services should never be exposed to the public internet.
+    only_allow_access_from_addresses:
+      - 165.22.110.53
+    # Enable backups
     enable_backups: true
+    external_backup_server_remote_directory: /home/backup/backups
     # external_backup_server_ssh_port: Defined in --extra-vars by the provisioning pipeline
     # external_backup_server_ip: Defined in --extra-vars by the provisioning pipeline
-    only_allow_access_from_addresses:
-      - 165.22.110.53
     users:
       # If you need to remove access from someone, do not remove them from this list, but instead set their state: absent
       - name: riku
@@ -50,6 +52,5 @@ backups:
   hosts:
     farajaland-qa:
       ansible_host: '165.22.110.53'
-      vars:
-        # @todo how many days to store backups for?
-        amount_of_backups_to_keep: 3
+      # @todo how many days to store backups for?
+      amount_of_backups_to_keep: 3
diff --git a/infrastructure/server-setup/staging.yml b/infrastructure/server-setup/staging.yml
index e866d947e..1a4af906d 100644
--- a/infrastructure/server-setup/staging.yml
+++ b/infrastructure/server-setup/staging.yml
@@ -13,7 +13,9 @@ all:
     # SSH and other services should never be exposed to the public internet.
     only_allow_access_from_addresses:
       - 165.22.110.53
-    enable_backups: false
+    # Enable backups but write them to a different location from where production writes them
+    enable_backups: true
+    external_backup_server_remote_directory: /home/backup/staging-backups
     periodic_restore_from_backup: true
     # external_backup_server_ssh_port: Defined in --extra-vars by the provisioning pipeline
     # external_backup_server_ip: Defined in --extra-vars by the provisioning pipeline
@@ -52,6 +54,5 @@ backups:
   hosts:
     farajaland-qa:
       ansible_host: '165.22.110.53'
-      vars:
-        # @todo how many days to store backups for?
-        amount_of_backups_to_keep: 3
+      # @todo how many days to store backups for?
+      amount_of_backups_to_keep: 3