diff --git a/hosts/vps/modules/services/default.nix b/hosts/vps/modules/services/default.nix
index 53755a6..b0ce7a6 100644
--- a/hosts/vps/modules/services/default.nix
+++ b/hosts/vps/modules/services/default.nix
@@ -7,5 +7,6 @@
     ./caddy.nix
     ./forgejo.nix
     ./trilium-server.nix
+    ./restic.nix
   ];
 }
diff --git a/hosts/vps/modules/services/restic.nix b/hosts/vps/modules/services/restic.nix
new file mode 100644
index 0000000..b6d6145
--- /dev/null
+++ b/hosts/vps/modules/services/restic.nix
@@ -0,0 +1,32 @@
+{ config, ... }:
+
+{
+  sops.secrets = {
+    "restic/password" = {};
+    "restic/env" = {};
+  };
+
+  services.restic.backups.b2 = {
+    initialize = true;
+    inhibitsSleep = true;
+    passwordFile = config.sops.secrets."restic/password".path;
+    paths = [
+      "/var/lib/zipline"
+      "/var/lib/postgresql"
+      "/var/lib/forgejo"
+      "/var/lib/trilium"
+      "/var/lib/bitwarden_rs"
+    ];
+    repository = "s3:https://s3.us-east-005.backblazeb2.com/restic-backups-vps";
+    environmentFile = config.sops.secrets."restic/env".path;
+    pruneOpts = [
+      "--keep-daily 7"
+      "--keep-weekly 3"
+      "--keep-monthly 3"
+    ];
+    timerConfig = {
+      OnCalendar = "daily";
+      Persistent = true;
+    };
+  };
+}
diff --git a/hosts/vps/modules/users.nix b/hosts/vps/modules/users.nix
index caa5915..8670254 100644
--- a/hosts/vps/modules/users.nix
+++ b/hosts/vps/modules/users.nix
@@ -1,8 +1,15 @@
+let
+  authorizedKeys = [
+    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOyVXtny3ca64wdJAwcUro+U4sY4r6v97ypIXdedOuhc toast@nixos'' 
+    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ8finfQLaXSqxB16XjsVogN8NRAkNj3Un7JTXlLiLYj u0_a173@localhost''
+    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiWeuDQdMc7EUT60GAg18t6dOQrIFok0HcbuZSBP+9o android@y2q''
+  ];
+in
 {
   users.users.toast = {
     isNormalUser = true;
     extraGroups = [ "wheel" ];
-    openssh.authorizedKeys.keys = [ ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOyVXtny3ca64wdJAwcUro+U4sY4r6v97ypIXdedOuhc toast@nixos'' ];
+    openssh.authorizedKeys.keys = authorizedKeys;
   };
-  users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOyVXtny3ca64wdJAwcUro+U4sY4r6v97ypIXdedOuhc toast@nixos'' ];
+  users.users.root.openssh.authorizedKeys.keys = authorizedKeys;
 }
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index cb64f20..4117bcd 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -5,7 +5,7 @@ openrouter_api_key: ENC[AES256_GCM,data:c0GHwhX5S4cfOXs6iR8TWVwhW90bvehWdy8lJBmb
 context7_api_key: ENC[AES256_GCM,data:3fvSGzii2MqlfMCFYIUcC8Fa18KBh2K91rYPtXe04+UzNb/ElBEVMoH4Gw==,iv:4cZlsYZVum/Ui3MNAzSMb8JxOCNchUzuwlh890Lc4vo=,tag:RDjeujPxDQC5eRqDcKfbvA==,type:str]
 restic:
     password: ENC[AES256_GCM,data:LhO9evxJ1jO+/jVefT1ImRB7mdQB6VWxMdXPzAX4v9ICy5V+QlPDHdug3fKgZfzZ2EJtxy0LeQqHhyACKvPACA==,iv:Ag5BXn7gViL2J7qALn6WoQ1zwS69/NkjU9iP7pw2g0U=,tag:nUSCMkojdSA3+aJ4OKM8rw==,type:str]
-    env: ENC[AES256_GCM,data:1FJTGyT115aL0kZWUE52wqLbLYJ3ArrM9+Xm8DvtWzjzJAM5UdRzN0LZtToxFE6jn7Z3DmCQT4lI08EeVtHgcEABteDyk40v2Z6PFq0EjWS/Y13iOi507yE1NsiHKAF3Ew==,iv:OuKSnQDVLJVtrXe7nNlU8vG5cJr2NiToC0/dGfZ+iW0=,tag:nWI6gjfawt8OWHyPX3d+eQ==,type:str]
+    env: ENC[AES256_GCM,data:ZqQ+0b/Wd8NRodjksdMNvl1bRIPfLPiw4NRDtG8tc8pVp9w/Je5WXePIB/8QQ33K2Uagqzfb0Y/pTbo4vQRLBXVWO4uofQ7YKxdiK4efTPr8Ic/uX3NuGyT+Q9hvawkICg==,iv:S9XcbSZewjEty35N0fSksTMT3q8Nnmy0HmgIF7oQ1cU=,tag:12ThSBX5qEIoW9Sp0IrKzA==,type:str]
 zipline:
     env: ENC[AES256_GCM,data:HOcqrzXnu+BcpZYgv1yzPOTV4ydJiVa0oIXQWMUNt/X6q2TUGPOTwWg/dOgzoi6jGzFxm+wJzugO4lLQurUV0DiWIWLDSm/PK+zW34yLYwMrwK1bRaF9yl7usAN6BEmpLw==,iv:9IZDQRT2JoXNTuyPZrwRSr2m3SnXaLmJcafpkraCFWA=,tag:+7EoCTiY9f0/C5jgvPQknA==,type:str]
     token: ENC[AES256_GCM,data:Ke+cJQ6Up5RUGqe/3tG7Nk40PoOQ1Vq1jN5QN4N5LXOFgclXpzN7sjx0bumFVEcgg4B7UkHmjHzjRAPtWheFu+1PaN02aQVLMGzYXgujqmccC+6roxYt4vdN0CLzf0Ii7k5KUwX3QdOV+lrVwyoBjgQyTD839YnODI7zavf+aDMlrE4+BlFjjV8MUQHsJ5G017xN0XLKOBIQsGpMl40YsvVXFrNwkZ+DkN7bXCZBiHI41W44snB1C3wkYOO+a0g4JzVjIhcHXalYgOW4Unuyyah8yDoXRxuSq7aZpQ+/AHRiuIuaHSrE5BUJu/9bJdjojNuk6VTsaLFtngViSjtyztcqMAIHFFq/KXAog8tg16dJH/V6PomrWXY=,iv:H/EcD/oNSw1mIwxsqyMeSRPsY7lnzEzTNJs6OPNfPw4=,tag:FgH9Nwxnq62uhCd/Av2kAA==,type:str]
@@ -21,7 +21,7 @@ sops:
             Z0crWElZcVFMVUd0VytoTHFqbkRDck0KY8nsRThk1hCA/yDNy5JJ0T6pTUwRZhYW
             j8grD6JYvauuYa+3tSIwqy2RPiKltx696n9nXy9iPnFUO0QY/rQGVg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-11T05:38:04Z"
-    mac: ENC[AES256_GCM,data:U4xLqOc+J8T7s5B2a8Sq/KG5Lr0ubx3GIG8fH3J+b2g4+EJPzVOLnd9jg8BR2+YYqkGI9RAvf6J2hcej7zAZcovXF1t66kaHWoExqEJCkQxs1cZccBMRjlml3OVqMuXI6NINuv+SWTWtUKfxAmjqhgXjY8zUR0pOxWrLXhPs5p4=,iv:Qjt25LF2ygYO4rVTCIIHpo9j19NVTf5UE0gCLfB9l3w=,tag:GP+hE082E8VGbmbxHOspcw==,type:str]
+    lastmodified: "2025-11-01T14:10:16Z"
+    mac: ENC[AES256_GCM,data:RIT8zBxzwhnpS5b2Q7lc35JB5OYmKoMIBWvpMnB/YhpBcAUWHiY0zRdg7vgWZ1cWvpbbA0b9O9yFgo3NB6NwnaCR8x/3wNEfTDfx295/5Ix9qTYiS4FEQ8bngEZ/VfI9jDi9CmVuLpOisxA4bisSl57OZwtDZgIFjOJdma3tDF4=,iv:xxGCrMhuQGDMnkhL+mSCh7mLT7XE+3bK+QmzBRbBEM8=,tag:w1Y7w2ei8zotp8lrVJbk0w==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2