diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix
index 8302757..facb295 100644
--- a/hosts/zephyrus/default.nix
+++ b/hosts/zephyrus/default.nix
@@ -43,6 +43,35 @@ in
     tailscale.enable = true;
 
     pipewire.enable = true;
+
+    restic-backup = {
+      enable = true;
+      repo = "b2:zephyrus-backup";
+      passwordFile = config.age.secrets."restic-backup/zephyrus-password".path;
+      environmentFile = config.age.secrets."restic-backup/zephyrus-credentials".path;
+
+      paths = [
+        "/home/alarsyo"
+      ];
+      exclude = [
+        "/home/alarsyo/Downloads"
+
+        # Rust builds using half my storage capacity
+        "/home/alarsyo/*/target"
+        "/home/alarsyo/work/rust/build"
+
+        # don't backup nixpkgs
+        "/home/alarsyo/work/nixpkgs"
+
+        # C build crap
+        "*.a"
+        "*.o"
+        "*.so"
+
+        # ignore all dotfiles as .config and .cache can become quite big
+        "/home/alarsyo/.*"
+      ];
+    };
   };
 
   services = {
diff --git a/modules/secrets/restic-backup/zephyrus-credentials.age b/modules/secrets/restic-backup/zephyrus-credentials.age
new file mode 100644
index 0000000..dfadadb
--- /dev/null
+++ b/modules/secrets/restic-backup/zephyrus-credentials.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 ZQuVNA KjrRurc5ztGrYO2wx0ToE8E4Yz2sbNwPi4zCGAJUK3k
++U1Ox1U4Z9ssleGchzMJGpQjFaRoqMYSLhKHXj1F2/U
+-> ssh-ed25519 k2gHjw W35K39F0sREO2igYKaa3zr1LKgF6xiU5YtMq3RYqkC4
+YJV8kdjMJSoRX7iLw2bQXET9zOudFuhZeHqPqHkNjuc
+-> (aAM-grease j{6WJ 3C&
+Pfh0krD/ClkQcByosGU3CxPivvPei5tXWZHh6odkWxn29iqsKT6L1ihEgYJDlopA
+8ODR4G4ax6ZY13O+qjc
+--- ugjGDcsxbwlKmTN+4lUyrhD6GJPl0qk4i+4OLS2NRP0
+]#z…ƒã‹p¢¶X7Ó™	¼1mê%wýFÒ4õÒØ³Äcp+Q2¹ú“×ì¢pmxx>Åˆœ)Eô;~äî¢ÔsÆx[S$z¥¨&øžùrBSVÄz­ÿ÷þ\SXøærdö×\ÜóŠ5Tªfÿ|¿ô
+TÜ
\ No newline at end of file
diff --git a/modules/secrets/restic-backup/zephyrus-password.age b/modules/secrets/restic-backup/zephyrus-password.age
new file mode 100644
index 0000000..050d2cc
--- /dev/null
+++ b/modules/secrets/restic-backup/zephyrus-password.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 ZQuVNA H3/RLTRU8T3JY99f+b9xT5oIqPCDyxjRfFbJ7iR3/zE
+CTLpdnGapstc+/epugi1CxIZ3T7JZgE4Ew14B2WuanY
+-> ssh-ed25519 k2gHjw wEnvcV2UApJ1MMyIQgSSkF+zhG+fugEiCieCpPBdJyc
+polPsTGun9e6Bq6rogQBrmT32GQXiixxlKmuRpDDM0c
+-> Jt-grease rX6~
+RL6JmjlIQaG17HQQFY3hTYtTiL12Sr3RX/Scv6gO7gO8
+--- eUEOS9mtYxxW2bqzEpD+ZsyYjhHWCArPd2PiFn6wMF4
+ƒ*@ò-úñæÀ£’¬…9ÂÜpMDŸ¸™I{ázÃ¼ke°K);‰ü+úU¥îñOZâ{ÙBSx’/ÑLI¡”G «9—‰	”þ1É:YÝ½°4x:K—f¹Žq‘ö9ï˜a¥Oº[jNåÇXq¡‘,âÏæZü=*˜'€'t×„ƒÍ	²ˆö¿!vWòÛ6n›†ÅéG&QwõÚG
\ No newline at end of file
diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix
index 53ef8d1..5998d31 100644
--- a/modules/secrets/secrets.nix
+++ b/modules/secrets/secrets.nix
@@ -11,4 +11,6 @@ let
   all = users ++ machines;
 in
 {
+  "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
+  "restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ];
 }