diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix
index ccce527..4fee350 100644
--- a/hosts/talos/default.nix
+++ b/hosts/talos/default.nix
@@ -75,6 +75,49 @@
     };
 
     pipewire.enable = true;
+
+    restic-backup = {
+      enable = true;
+      repo = "b2:talos-backup";
+      passwordFile = config.age.secrets."restic-backup/talos-password".path;
+      environmentFile = config.age.secrets."restic-backup/talos-credentials".path;
+
+      timerConfig = {
+        OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day
+      };
+
+      paths = [
+        "/home/alarsyo"
+      ];
+      exclude = [
+        "/home/alarsyo/Downloads"
+
+        # Rust builds using half my storage capacity
+        "/home/alarsyo/**/target"
+        "/home/alarsyo/work/rust/build"
+
+        # don't backup nixpkgs
+        "/home/alarsyo/work/nixpkgs"
+
+        "/home/alarsyo/go"
+
+        # C build crap
+        "*.a"
+        "*.o"
+        "*.so"
+
+        ".direnv"
+
+        # test vms
+        "*.qcow2"
+
+        # secrets stay offline
+        "/home/alarsyo/**/secrets"
+
+        # ignore all dotfiles as .config and .cache can become quite big
+        "/home/alarsyo/.*"
+      ];
+    };
   };
 
   my.gui.enable = true;
diff --git a/hosts/talos/secrets.nix b/hosts/talos/secrets.nix
index 387f511..e5fae61 100644
--- a/hosts/talos/secrets.nix
+++ b/hosts/talos/secrets.nix
@@ -13,8 +13,8 @@
         // attrs;
     in
       lib.mapAttrs toSecret {
-        #"restic-backup/hephaestus-credentials" = {};
-        #"restic-backup/hephaestus-password" = {};
+        "restic-backup/talos-credentials" = {};
+        "restic-backup/talos-password" = {};
 
         "users/alarsyo-hashed-password" = {};
         "users/root-hashed-password" = {};
diff --git a/modules/secrets/restic-backup/talos-credentials.age b/modules/secrets/restic-backup/talos-credentials.age
new file mode 100644
index 0000000..967a671
--- /dev/null
+++ b/modules/secrets/restic-backup/talos-credentials.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 k2gHjw WWJQxqfxQzLmBFPpTzuKBMhAl+ZxnQdvnaDvfpwxR00
+tEsf6xSw/MP/qJnr/SyLlkEEf/LaI7IxjVzaxRwh5FI
+-> ssh-ed25519 nh0dAQ yRu0VZqx+DuB3SSQaVtg+txuRu9OyJDfLDNCKg9XYk0
+xTpucapaejG2EMrZLIDt46JD3QYM4XXT1Y2F77HPQO8
+--- uZjO0dDIFesU2B/GkjpqrOJas1+K6hGbQAdFV/t1GOk
+BVÍµÇ\Õ	8Û‘¾ºý[%½l^>9\Eö5¹šþ¿Új(6èÜgå;(I7CS4èv6ièÉÐþSªÐXïC»ï`OòT™ŒÓÚ\ô;I·Ýœò6ƒ_k˜éy-‡±¹½qKl†¾ôKþÓ hŠ?tô
\ No newline at end of file
diff --git a/modules/secrets/restic-backup/talos-password.age b/modules/secrets/restic-backup/talos-password.age
new file mode 100644
index 0000000..244ab8d
Binary files /dev/null and b/modules/secrets/restic-backup/talos-password.age differ
diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix
index 2496adb..f9c389c 100644
--- a/modules/secrets/secrets.nix
+++ b/modules/secrets/secrets.nix
@@ -35,6 +35,8 @@ in {
   "restic-backup/hades-credentials.age".publicKeys = [alarsyo hades];
   "restic-backup/hephaestus-password.age".publicKeys = [alarsyo hephaestus];
   "restic-backup/hephaestus-credentials.age".publicKeys = [alarsyo hephaestus];
+  "restic-backup/talos-password.age".publicKeys = [alarsyo talos];
+  "restic-backup/talos-credentials.age".publicKeys = [alarsyo talos];
 
   "users/root-hashed-password.age".publicKeys = machines ++ [alarsyo];
   "users/alarsyo-hashed-password.age".publicKeys = machines ++ [alarsyo];