diff --git a/nix/apps/does-it-build/default.nix b/nix/apps/does-it-build/default.nix
index 388347e..7941ae7 100644
--- a/nix/apps/does-it-build/default.nix
+++ b/nix/apps/does-it-build/default.nix
@@ -39,12 +39,10 @@ in
     };
   };
 
-  services.custom-backup.jobs = [
-    {
-      app = "does-it-build";
-      file = "/var/lib/does-it-build/db.sqlite";
-    }
-  ];
+  services.custom-backup-restic.jobs = [{
+    app = "does-it-build";
+    path = "/var/lib/does-it-build/db.sqlite";
+  }];
 
   users.users.does-it-build = {
     isSystemUser = true;
diff --git a/nix/apps/forgejo/default.nix b/nix/apps/forgejo/default.nix
index bf6a407..e0016b8 100644
--- a/nix/apps/forgejo/default.nix
+++ b/nix/apps/forgejo/default.nix
@@ -1,4 +1,4 @@
-{ config, ... }: {
+{ config, lib, pkgs, ... }: {
   age.secrets.forgejo_s3_key_secret.file = ../../secrets/forgejo_s3_key_secret.age;
 
 
@@ -51,8 +51,23 @@
     '';
   };
 
-  services.custom-backup.jobs = [{
+  services.custom-backup-restic.jobs = [{
     app = "forgejo";
-    file = "/var/lib/forgejo/data/forgejo.db";
+    # this is a mess. do not question it. it is a beautiful mess.
+    dynamicFilesFrom = "${lib.getExe pkgs.sudo} --user=forgejo ${lib.getExe (pkgs.writeShellApplication {
+      name = "backup-forgejo.sh";
+      runtimeInputs = [ pkgs.unzip ];
+      text = ''
+        rm -rf /tmp/forgejo-backup
+        mkdir -p /tmp/forgejo-backup
+        {
+          cd /tmp/forgejo-backup
+          ${lib.getExe config.services.forgejo.package} dump -c ${config.services.forgejo.customDir}/conf/app.ini
+          unzip forgejo-dump-* >/dev/null
+          rm forgejo-dump-*
+        } >&2
+        echo /tmp/forgejo-backup
+      '';
+    })}";
   }];
 }
diff --git a/nix/apps/killua/default.nix b/nix/apps/killua/default.nix
index a9d23db..6188e0d 100644
--- a/nix/apps/killua/default.nix
+++ b/nix/apps/killua/default.nix
@@ -25,10 +25,10 @@ in
     };
   };
 
-  services.custom-backup.jobs = [
+  services.custom-backup-restic.jobs = [
     {
       app = "killua";
-      file = "${dataDir}/trivia_questions.json";
+      path = dataDir;
     }
   ];
 
diff --git a/nix/hive.nix b/nix/hive.nix
index a7b70b3..f31e3b2 100644
--- a/nix/hive.nix
+++ b/nix/hive.nix
@@ -178,6 +178,7 @@
       ./modules/podman
       ./modules/registry
       ./modules/backup
+      ./modules/restic
 
       # apps
       ./apps/website
@@ -227,6 +228,7 @@
       ./modules/wg-mesh
       ./modules/garage
       ./modules/backup
+      ./modules/restic
 
       # apps
       ./apps/website
diff --git a/nix/modules/restic/default.nix b/nix/modules/restic/default.nix
new file mode 100644
index 0000000..a7e4472
--- /dev/null
+++ b/nix/modules/restic/default.nix
@@ -0,0 +1,74 @@
+{ config, lib, ... }: with lib;
+let
+  jobOptions = { ... }: {
+    options = {
+      app = mkOption {
+        type = types.str;
+        description = "The app name, used as the directory in the bucket";
+      };
+      environmentFile = mkOption {
+        type = types.nullOr types.path;
+        default = null;
+      };
+      path = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+      };
+      dynamicFilesFrom = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+      };
+      pgDump = mkOption {
+        type = types.nullOr (types.submodule ({ ... }: {
+          options = {
+            containerName = mkOption {
+              type = types.str;
+            };
+            dbName = mkOption {
+              type = types.str;
+            };
+            userName = mkOption {
+              type = types.str;
+            };
+          };
+        }));
+        default = null;
+      };
+      #mongo_dump = { };
+    };
+  };
+in
+{
+  options.services.custom-backup-restic = {
+    jobs = mkOption {
+      default = [ ];
+      type = types.listOf (types.submodule jobOptions);
+      description = "Backup jobs to execute";
+    };
+  };
+
+  config = {
+    age.secrets.restic_backup.file = ../../secrets/restic_backup.age;
+    age.secrets.generic_backup_password.file = ../../secrets/generic_backup_password.age;
+
+    services.restic.backups =
+      builtins.listToAttrs (map
+        (job: {
+          name = job.app;
+          value = {
+            paths = if job.path != null then [ job.path ] else null;
+            dynamicFilesFrom = job.dynamicFilesFrom;
+            initialize = true;
+            timerConfig = {
+              OnCalendar = "00:00";
+              RandomizedDelaySec = "5h";
+            };
+            passwordFile = config.age.secrets.generic_backup_password.path;
+            repository = "s3:http://localhost:3900/backups-restic/${job.app}";
+            environmentFile = config.age.secrets.restic_backup.path;
+          };
+        })
+        config.services.custom-backup-restic.jobs);
+  };
+}
+
diff --git a/nix/secrets/backup_s3_secret.age b/nix/secrets/backup_s3_secret.age
index 6b09fe8..4dccf37 100644
Binary files a/nix/secrets/backup_s3_secret.age and b/nix/secrets/backup_s3_secret.age differ
diff --git a/nix/secrets/caddy_s3_key_secret.age b/nix/secrets/caddy_s3_key_secret.age
index 1c4045d..00e655f 100644
Binary files a/nix/secrets/caddy_s3_key_secret.age and b/nix/secrets/caddy_s3_key_secret.age differ
diff --git a/nix/secrets/docker_registry_password.age b/nix/secrets/docker_registry_password.age
index ac42c39..d673c45 100644
--- a/nix/secrets/docker_registry_password.age
+++ b/nix/secrets/docker_registry_password.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg 8JUZfDdX9AEAdOITGWTvE7DRH7VPUqsM9T7u7AhExlQ
-UJhh3gVlfXc6ij/DFdd3a4I2QfZu8mZ0CrLaotxQ+Ck
---- eUV5GMuqhgxWHxZZ5Ee3QobSg42A3ja8h1nuxAeWt1Y
-D�Ѭv�Z�_�%���C��F�._�
:��R���1Uj����O�P�+�}
\ No newline at end of file
+-> ssh-ed25519 qM6TYg kxQujT+O6ZGlzTONdS/18DUVoxNapwtxitQo8GKr2hc
+b7KjCjuvhmWcqNB6BvNruL17Ww6yWkVKjjm/MGd+jlE
+--- q3EzroLr8b0T2gKQ4xUR67YOLSwFP1V8UxAnKY0PP24
+�l�0�g1�CXq�i��{T��tg���͇߭�ەߑ�����Es5�hxk-
\ No newline at end of file
diff --git a/nix/secrets/forgejo_s3_key_secret.age b/nix/secrets/forgejo_s3_key_secret.age
index 29ccd9f..9e4e8f3 100644
--- a/nix/secrets/forgejo_s3_key_secret.age
+++ b/nix/secrets/forgejo_s3_key_secret.age
@@ -1,8 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg UP4wmNgpJ9JErCdgk4oCAjwVw8w8MOE9IRdZfDADYgQ
-xXd++OFcjJvkyYzow0WAVy0n2AV/0MZUXy+MYbIwZxo
---- 6aQIiK6E6tp6wXkaRdJcMfVYHh5zFzSmL9r2iU60wEo
-��Sps}z��
-��
-�����@\H�_)������U��۽圁*��
-�J�48�i]��D����+_�u����,Ζ2�m��j(����.�ٯlA
\ No newline at end of file
+-> ssh-ed25519 qM6TYg yxVVZ7LOgN9NiKsl1+dN7Rp6Rsf0zlqb25Y6w43styk
+gQ5g7TL8+lyGp0SxdcoRg0nTpu1w6WbZZK0ERyqRpkc
+--- 5uKpMbkW4zZ035mNXCuty+64IZ360gly/ezxnwtRX/0
+�ˁ���Sϸ>q!���O߷�����T��CU����Һ���[�*󅬟��\w�݋tc����g?
|B����;��"*�d�W����v�/v�nqe
\ No newline at end of file
diff --git a/nix/secrets/garage_secrets.age b/nix/secrets/garage_secrets.age
index f5d9cb4..d9d0ee2 100644
--- a/nix/secrets/garage_secrets.age
+++ b/nix/secrets/garage_secrets.age
@@ -1,14 +1,14 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg P1fCQKmzsmKh0JnB185cO8KhfJ1Nyf9c4Ld90TdMg1w
-quzrkpAmOStHDT1CUwE7hMBf5NyoGZ/tF0vUatVGrl8
--> ssh-ed25519 91VHug C6sFv6lpxgOQNnABrtZEwv82n71wzKo67dQ4hE0LaW0
-dkHAjqWF201gRr9DivqUfycT3/lkrhDJajUnxVBaws4
--> ssh-ed25519 XzACZQ 7OpgE7ZvoFOd380AkrS4wZZQtpiXwKG9xq+w5EzzxD0
-w4aGa7AUwTvcl6DEfwJhFp4uOD1gyQG+MZkgUCHN5KA
--> ssh-ed25519 51bcvA pYE+ZDrXfjSf0cKBZwo0OZ4BXQvTZhDll9/fn11Mj3I
-l/2Z0lN2irj216+5EEIDvRd2sGWFCWWnqOXqGUtRR1w
--> ssh-ed25519 vT7ExA 9WGSmvdL9I0Hv6aPPQgUSEXmUBfJfv6Zbi3ywG2BBTQ
-qTsDY/NN/RVJcznCjoGC0ABYhWaorzEBB206X214HRo
---- yUwt0ca0wolODUhl1JwYyiF4PoLzd7N0KkEef9de4YQ
-i�@>j�P�N+�s6
����V�+8eL��"���,W���1�����~�(�71��Nw�2U��1u���Oݘ8c���I��am��c����_9~8
�Iŀ�����Ö~.К(��T�օR�q���<X�#w���!?A}
-KT|���Me�����DM���j�
~�V 9���Co?t�]����`�I�WK
\ No newline at end of file
+-> ssh-ed25519 qM6TYg L6XQVJyw/T2kwH2iOa3dAxwxlAInVTKXek5QHUKsU3g
+Mm8VXH3CITbrJTqBcjdMHGm1k7Kztd4irHqWnF0yKWM
+-> ssh-ed25519 91VHug 2PoHH6c5lVj6hfTH6+2NLzJcpXh20LgYgUHYrpY9Wg4
+iSaKgUoh0eSjeoiZ7mggn7LWV9C9xsM2foZrpJZY/ok
+-> ssh-ed25519 XzACZQ xyYG90gHM9XHAxIv2cFU/WvZsdLo6prAPQgRKADP0UY
+XdiJz1Zmh3S+IvaOCZBqrF8DSWBrrqePjy+ZiEwuaSA
+-> ssh-ed25519 51bcvA IYyt435x3NPiTKDKCVb8dIK5naOSyU/Wh7dOLQ6SRAM
+M0s39vyjDY24Mlb16UHy9lFEseaJxzZhtCvszKxwVSA
+-> ssh-ed25519 vT7ExA ZBvUjCU8vYFddKgNfnuROuiDnDXhitG6eR6ek4+1R1E
+fiyuqamkakZ4t1MosIUqZaR0WEh7XVAwJiwH8lz3bsc
+--- zvHNHd6bOMd0f3eIrl1qzyRh6zUe7G8mdrraYGtrnXU
+��%iFr�љ�`|)�+�ώ�ܝ��S����G�NP��>�?E{֦�mda�d�j`Ԉ���V���u�n����Z�ֻX���U旽}��>�j_�D�_;	5�Opa�;	
+���~4b�wZ'7��0�^�2��+w�Z0j;�4�yTdp��1'9� �7Z�sb���.J�*(��y�W�
_�P��g`S^G��r�
\ No newline at end of file
diff --git a/nix/secrets/generic_backup_password.age b/nix/secrets/generic_backup_password.age
new file mode 100644
index 0000000..c666d43
--- /dev/null
+++ b/nix/secrets/generic_backup_password.age
@@ -0,0 +1,14 @@
+age-encryption.org/v1
+-> ssh-ed25519 qM6TYg IBVFRlOVLHcuS6xa7UVGA1z9NTBtNwGbt94c/yTB8wE
+T+VtsTngND9kAd6DAtksXN4xYs+E8JZSxDeOm+G23tc
+-> ssh-ed25519 91VHug nUkRwHgpn2i56NNY0VAuG+r3CX1rjt1M0ZVKj+ijwGo
+ea8Ry6JIJlPOObY+v2Q5MkdcZqCeDLAOxC583WY38Hg
+-> ssh-ed25519 XzACZQ 7f+8YcecMvwnOgwxjRMUUUm9Sp4cyKpIZWWMDrrCtzg
+Bqhd2kpuTg3Xchme5wHfg4zkuikeM4H9GdOZVUv+HZk
+-> ssh-ed25519 51bcvA DUk4CsGXhdj4uIqzYpoGmtHs5dnjIBUb0c9zj1DEum4
+hGe3j5Ycn/WVV5wgg+vZuh2KhnamHACkHrDWcVgkSjo
+-> ssh-ed25519 vT7ExA Zf67OkbMvOpgABZDuXw3U94KqX32VG8nnjo3Xmkbih0
+5K5fnBxkQDaYwuMPhyNU5ZrZLjkgknG7dzMzyuANMuU
+--- Jon4j4/xeZqS/6KsWszsVOoVOgJgsPEKxmtC7PcocCA
+�솳���~��
+��N�+jK�߬�/�]Ӡ!䂶��.7\���k~<��f�C�T.�O
��ť*a�
��
\ No newline at end of file
diff --git a/nix/secrets/grafana_admin_password.age b/nix/secrets/grafana_admin_password.age
index 32a39a9..59a4c17 100644
--- a/nix/secrets/grafana_admin_password.age
+++ b/nix/secrets/grafana_admin_password.age
@@ -1,5 +1,6 @@
 age-encryption.org/v1
--> ssh-ed25519 XzACZQ lWHvBQNaeM4hMI6u36HvYCqLS3G/ScLbwOThzdGSzSA
-PGPpaoY0V84v6CRutJk+K6M9BM7XaRwp2awPsB/Db6k
---- hlo1/uWQVHBmhfMRLPiA+9H0TGKYF/+gxUzzdAM4rYU
-�+@96Y����~� I��]O�h�M�6T{3�X����(q�Z��VR]CLp�O-���>`/-�
���.2���YM�j�����y�UȰ�^G�n���S
\ No newline at end of file
+-> ssh-ed25519 XzACZQ OeTS5wU4ac+Qh7s1PXbdFH3LDlRW1LV+qFtoVGI47XQ
+JsixYPLzpnF45ODQH7nuVowXzwbNQi8lWx1Bp2YFVWc
+--- MEG4bfGwoFRm9HizYdqtK7KApYhYH+QjAIEp7CpLznA
+C����/wC
+F��z�?�M���k�r���x�N��'NTz��W��b��{�����Aj3X6m�ݲ�J@��OI�{u���
��?��A,C�d��^
\ No newline at end of file
diff --git a/nix/secrets/hugochat_db_password.age b/nix/secrets/hugochat_db_password.age
index 29bd6d1..f5e1cd0 100644
Binary files a/nix/secrets/hugochat_db_password.age and b/nix/secrets/hugochat_db_password.age differ
diff --git a/nix/secrets/killua_env.age b/nix/secrets/killua_env.age
index 17ffe17..3ac6770 100644
Binary files a/nix/secrets/killua_env.age and b/nix/secrets/killua_env.age differ
diff --git a/nix/secrets/loki_env.age b/nix/secrets/loki_env.age
index a612e8d..f55d3a3 100644
Binary files a/nix/secrets/loki_env.age and b/nix/secrets/loki_env.age differ
diff --git a/nix/secrets/minio_env_file.age b/nix/secrets/minio_env_file.age
index d35a568..e1d3f36 100644
Binary files a/nix/secrets/minio_env_file.age and b/nix/secrets/minio_env_file.age differ
diff --git a/nix/secrets/openolat_db_password.age b/nix/secrets/openolat_db_password.age
index b33e54c..4073e15 100644
Binary files a/nix/secrets/openolat_db_password.age and b/nix/secrets/openolat_db_password.age differ
diff --git a/nix/secrets/pyroscope_s3_secret.age b/nix/secrets/pyroscope_s3_secret.age
index 7e59d24..a2c7dd5 100644
Binary files a/nix/secrets/pyroscope_s3_secret.age and b/nix/secrets/pyroscope_s3_secret.age differ
diff --git a/nix/secrets/registry_htpasswd.age b/nix/secrets/registry_htpasswd.age
index 86928bc..de9e94a 100644
--- a/nix/secrets/registry_htpasswd.age
+++ b/nix/secrets/registry_htpasswd.age
@@ -1,5 +1,6 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg qhB01I5HcTnTHTJTEYLEtJi416tlC1EMD4yjoBIK7gw
-h8CcWgY/GslHI1FbXi5k5QXFs7YbM7wr7JWtez6ct84
---- oLyc6wK3Bgl/zxjpZJYWoGAxWnXx4LN/+iT+r8RPOco
-\,�	�Ęf���#
`���nS�K���PVv�Vʵ<����-:��xg�������M(Y�iu���c��l^�a��pਬ%^���+"�w��V��
\ No newline at end of file
+-> ssh-ed25519 qM6TYg amvNJk2G0JJHgGOwAWCtYIJgylqBAYDSXTKNYKwb4mo
+aBXr7jN0/VUDTxCGvn+obz3JIU0boKcm4BbwFAidm1o
+--- B6s8naj3JiQdjBDdwzY+PqW01QZFgKMpKSOVXHDfbHw
+�T�1��Q�q��Ҕ�?)W�Ő�����ژ��4�z�c"C�+ŌH�mQ)���ԋ�#�1H����nc��^�a��G���.��'�
+$�bc��
\ No newline at end of file
diff --git a/nix/secrets/registry_s3_key_secret.age b/nix/secrets/registry_s3_key_secret.age
index 3368ad9..fbd3450 100644
Binary files a/nix/secrets/registry_s3_key_secret.age and b/nix/secrets/registry_s3_key_secret.age differ
diff --git a/nix/secrets/restic_backup.age b/nix/secrets/restic_backup.age
new file mode 100644
index 0000000..0465e54
Binary files /dev/null and b/nix/secrets/restic_backup.age differ
diff --git a/nix/secrets/s3_mc_admin_client.age b/nix/secrets/s3_mc_admin_client.age
index 2d40a5e..3e366bf 100644
Binary files a/nix/secrets/s3_mc_admin_client.age and b/nix/secrets/s3_mc_admin_client.age differ
diff --git a/nix/secrets/secrets.nix b/nix/secrets/secrets.nix
index 246b464..8e25b6b 100644
--- a/nix/secrets/secrets.nix
+++ b/nix/secrets/secrets.nix
@@ -26,6 +26,8 @@ in
   "forgejo_s3_key_secret.age".publicKeys = [ vps1 ];
   "upload_files_s3_secret.age".publicKeys = [ vps1 ];
   "pyroscope_s3_secret.age".publicKeys = [ vps3 ];
+  "restic_backup.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
+  "generic_backup_password.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
   "wg_private_dns1.age".publicKeys = [ dns1 ];
   "wg_private_dns2.age".publicKeys = [ dns2 ];
   "wg_private_vps1.age".publicKeys = [ vps1 ];
diff --git a/nix/secrets/upload_files_s3_secret.age b/nix/secrets/upload_files_s3_secret.age
index d5157e1..3bca9a4 100644
Binary files a/nix/secrets/upload_files_s3_secret.age and b/nix/secrets/upload_files_s3_secret.age differ
diff --git a/nix/secrets/wg_private_dns1.age b/nix/secrets/wg_private_dns1.age
index eeb11f0..a54f3eb 100644
--- a/nix/secrets/wg_private_dns1.age
+++ b/nix/secrets/wg_private_dns1.age
@@ -1,6 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 LZU5Eg PttdTzbbxLbUw+V+mCZjRREsWuIHhGeVvIKkPCAkvQQ
-3adTE4nRuPaMYo3wslgO2kND5dVYv5NOKYpi129kRrE
---- eKBS0RAp1BiY55dJ2vdJZdkJIA6wk/OA+JA2aTvLAFE
-�F�]Y@J��U�M������4�9�1���4��cb�ϓ�B9�^�.��\™�~���g�kS�Gz��
-����
\ No newline at end of file
+-> ssh-ed25519 LZU5Eg o+MPatbYPM3sZq0MCqvvxlvKMQwlbajHURPQ+0g0qm8
+UUurAYkPWXCaow746EV4dAQ+qTJnHIehcorUmanBc+o
+--- BV+bxd0OIc3J4uT39al2odyn8ScDpq58SiwnW5pvRj4
+��T7W
 �|�fJ��%"c���q�{T�P~f�v,;�:免��-�Ϛ�4��a� �-�u�\L
�_-�VH������%
\ No newline at end of file
diff --git a/nix/secrets/wg_private_dns2.age b/nix/secrets/wg_private_dns2.age
index 49b5616..64b2ad2 100644
Binary files a/nix/secrets/wg_private_dns2.age and b/nix/secrets/wg_private_dns2.age differ
diff --git a/nix/secrets/wg_private_vps1.age b/nix/secrets/wg_private_vps1.age
index e24e248..6354b7b 100644
Binary files a/nix/secrets/wg_private_vps1.age and b/nix/secrets/wg_private_vps1.age differ
diff --git a/nix/secrets/wg_private_vps2.age b/nix/secrets/wg_private_vps2.age
index 340cdad..4d30264 100644
Binary files a/nix/secrets/wg_private_vps2.age and b/nix/secrets/wg_private_vps2.age differ
diff --git a/nix/secrets/wg_private_vps3.age b/nix/secrets/wg_private_vps3.age
index ca2fb19..a63f54e 100644
--- a/nix/secrets/wg_private_vps3.age
+++ b/nix/secrets/wg_private_vps3.age
@@ -1,6 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 XzACZQ 4f3Sm/Xpuu+lgnR+C5sLxrsADC4KjAwRCvb91zrPlg4
-Iok5RHD15fZmRWIay0nHzy1rtZjgt3Pbq23z6n6Zr78
---- 4pu7oE7I2dV3Gd3r+cbezJWZULNS4n98B//0D+Vj55U
-����%3�
'=ڨ@x^�-`�[
-��J�_�;�W�LEʨ�@-��S���Ayʛ���	e�u�q��z�L����Q��
\ No newline at end of file
+-> ssh-ed25519 XzACZQ lm64+fQEWa9hF98cV/x1U3Mz+6zuM23dAV3XkwE7iz4
+7Rgqd13DThp/JLryCe5xTdXwDujaTj4viR2CBTdXYLs
+--- pwebssA2O2VjzPFRAQ0/65+qiiF/MijCIIXexwH5mgk
+\��f����v�̤�[��ڟ�I���[�5��*׷90�'�4���+�V�;L��~j����
����;��S��2y�b
\ No newline at end of file
diff --git a/nix/secrets/wg_private_vps4.age b/nix/secrets/wg_private_vps4.age
index ca7a4a9..dcf6aaf 100644
Binary files a/nix/secrets/wg_private_vps4.age and b/nix/secrets/wg_private_vps4.age differ
diff --git a/nix/secrets/wg_private_vps5.age b/nix/secrets/wg_private_vps5.age
index 6d19556..cbd582e 100644
--- a/nix/secrets/wg_private_vps5.age
+++ b/nix/secrets/wg_private_vps5.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 vT7ExA cGTbCRJ9dO5DMMYVZyMGswdyx6q114yInksFITtJR1U
-EmFSgbzljek+luv2MncANyEoCRlCxrQN1OOrn5ejf6U
---- Sap30+9H/NG4GrkJTxjXUI0rxIugDMB5JIlh0PgSPhk
-��X�@~����L�_��A�m3 �����XS)g�rǐ�nwH��%l���
J����cD����ϣ��5�PK�S��
\ No newline at end of file
+-> ssh-ed25519 vT7ExA G9mqOZiAvq+ot4OUevoxvNPIkgWgS8KqMY76uGsxeGs
+AMEwoZoFc+axirDc5q+FM3e76IedkxblC3vVqUjmPL8
+--- oXGSsFKfJRPvcU1X3zHN7M6vd0IxBpNowyh4sPesq3A
+��i3������c����M�TN0��}r"Зs����~��OrP����FP`Q���<�%�:7�3�
\ No newline at end of file
diff --git a/nix/secrets/widetom_bot_token.age b/nix/secrets/widetom_bot_token.age
index 42dec43..e414467 100644
Binary files a/nix/secrets/widetom_bot_token.age and b/nix/secrets/widetom_bot_token.age differ
diff --git a/nix/secrets/widetom_config_toml.age b/nix/secrets/widetom_config_toml.age
index 03983cd..4d13ac2 100644
Binary files a/nix/secrets/widetom_config_toml.age and b/nix/secrets/widetom_config_toml.age differ
diff --git a/secrets-git-crypt/generic_backup_password b/secrets-git-crypt/generic_backup_password
new file mode 100644
index 0000000..97c322e
Binary files /dev/null and b/secrets-git-crypt/generic_backup_password differ
diff --git a/secrets-git-crypt/restic_backup b/secrets-git-crypt/restic_backup
new file mode 100644
index 0000000..03838fa
Binary files /dev/null and b/secrets-git-crypt/restic_backup differ