diff --git a/backups/base/backup-cronjob.yaml b/backups/base/backup-cronjob.yaml
index 56003e9..9acb423 100644
--- a/backups/base/backup-cronjob.yaml
+++ b/backups/base/backup-cronjob.yaml
@@ -8,17 +8,16 @@ spec:
     spec:
       template:
         spec:
+          volumes:
+            - name: backup-storage
+              emptyDir: {}
           restartPolicy: Never
           containers:
             - name: backup-container
               image: docker.sunet.se/drive/duplicity:bookworm-slim-1
-              command: ["bash"]
-              securityContext:
-                privileged: true
-              args: ["-c", "mkdir -p $(MOUNT_POINT) && rclone mount source:$(SOURCE_BUCKET) $(MOUNT_POINT) --daemon && duplicity $(MOUNT_POINT) rclone://destination:$(DESTINATION_BUCKET) --no-encryption --full-if-older-than 1M; umount $(MOUNT_POINT)"]
+              command: ["duplicity"]
+              args: ["/backup_storage", "rclone://destination:$(BUCKET)", "--no-encryption", "--full-if-older-than", "1M" ]
               env:
-                - name: MOUNT_POINT
-                  value: /backup_data
                 - name: RCLONE_CONFIG_DESTINATION_ACL
                   value: private
                 - name: RCLONE_CONFIG_DESTINATION_TYPE
@@ -27,6 +26,16 @@ spec:
                   value: s3.sto3.safedc.net
                 - name: RCLONE_CONFIG_DESTINATION_PROVIDER
                   value: Ceph
+              volumeMounts:
+                - name: backup-storage
+                  mountPath: /backup_storage
+                  mountPropagation: HostToContainer
+            - name: mount-container
+              image: rclone/rclone:1.69.0
+              args: ["mount", "--allow-non-empty", "--daemon", "source:$(BUCKET)", "/backup_storage"]
+              securityContext:
+                privileged: true
+              env:
                 - name: RCLONE_CONFIG_SOURCE_ACL
                   value: private
                 - name: RCLONE_CONFIG_SOURCE_TYPE
@@ -35,3 +44,7 @@ spec:
                   value: s3.sto4.safedc.net
                 - name: RCLONE_CONFIG_SOURCE_PROVIDER
                   value: Ceph
+              volumeMounts:
+                - name: backup-storage
+                  mountPath: /backup_storage
+                  mountPropagation: Bidirectional
diff --git a/backups/overlays/test/xrootd/backup-cronjob.yaml b/backups/overlays/test/xrootd/backup-cronjob.yaml
index f05d93c..477cf23 100644
--- a/backups/overlays/test/xrootd/backup-cronjob.yaml
+++ b/backups/overlays/test/xrootd/backup-cronjob.yaml
@@ -12,7 +12,7 @@ spec:
           containers:
             - name: backup-container
               env:
-                - name: DESTINATION_BUCKET
+                - name: BUCKET
                   value: "xrootd-test-mirror"
                 - name: RCLONE_CONFIG_DESTINATION_ACCESS_KEY_ID
                   valueFrom:
@@ -24,7 +24,9 @@ spec:
                     secretKeyRef:
                       name: xrootd-secret
                       key: "destination-secret-access-key"
-                - name: SOURCE_BUCKET
+            - name: mount-container
+              env:
+                - name: BUCKET
                   value: "xrootd-test"
                 - name: RCLONE_CONFIG_SOURCE_ACCESS_KEY_ID
                   valueFrom: