diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..5598d80
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/secrets/
diff --git a/nixos/machines/srv01-home/configuration.nix b/nixos/machines/srv01-home/configuration.nix
index 7facbb0..838db84 100644
--- a/nixos/machines/srv01-home/configuration.nix
+++ b/nixos/machines/srv01-home/configuration.nix
@@ -193,6 +193,50 @@
       ];
     };
   };
+
+  users.users.restic = {
+    isNormalUser = true;
+  };
+  
+  security.wrappers.restic = {
+    source = "${pkgs.restic.out}/bin/restic";
+    owner = "restic";
+    group = "users";
+    permissions = "u=rwx,g=,o=";
+    capabilities = "cap_dac_read_search=+ep";
+  };
+
+  services.restic.backups.srv01-home = {
+    user = "restic";
+    paths = [ "/srv" ];
+    exclude = [];
+    pruneOpts = [
+      "--keep-daily 7"
+      "--keep-weekly 5"
+      "--keep-monthly 12"
+      "--keep-yearly 75"
+    ];
+    repositoryFile = "/etc/dotfiles-nixos/secrets/restic-repository-srv01-home";
+    initialize = true;
+    timerConfig = {
+      OnCalendar = "02:00";
+      Persistent = true;
+    };
+    passwordFile = "/etc/dotfiles-nixos/secrets/restic-password-srv01-home";
+  };
+
+  systemd.services.restic-backups-srv01-home = {
+    serviceConfig = {
+      EnvironmentFile = "/etc/dotfiles-nixos/secrets/b2.env";
+    };
+  };
+
+  # environment = {
+  #   B2_ACCOUNT_ID = "my_account_id_abc123";
+  #   B2_ACCOUNT_KEY = "my_account_key_def456";
+  # };
+
+
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It's perfectly fine and recommended to leave