diff --git a/configuration.nix b/configuration.nix
index d585eb9..b2e2088 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -14,6 +14,7 @@
         ./modules/nginx.nix
         ./modules/gitea.nix
         ./modules/pds.nix
+        ./modules/restic.nix
     ];
 
     nix.settings.experimental-features = [ "nix-command" "flakes" ];
@@ -43,6 +44,7 @@
 
     users.users.admin = {
         isNormalUser = true;
+        shell = pkgs.zsh;
         openssh.authorizedKeys.keys = [
             "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBEyvP3QsMUk8k+h/gjmHUZvic/lKVfQDNISIhwiJ4OArcvo8Y1c9Hg+wagVkSw3xA+ggBQw/E7VYoMvx/JtcAQsAAAAEc3NoOg== ssh:"
         ];
@@ -59,11 +61,14 @@
 
     # Global packages
     environment.systemPackages = with pkgs; [
+        zsh
+        fish
         neovim
         nano
         git
     ];
 
+    programs.zsh.enable = true;
     programs.bash.completion.enable = true;
 
     security.sudo = {
diff --git a/modules/gitea.nix b/modules/gitea.nix
index a645fed..c944527 100644
--- a/modules/gitea.nix
+++ b/modules/gitea.nix
@@ -3,6 +3,8 @@
     services.gitea = {
         enable = true;
 
+        dump.enable = true;
+
         settings = {
             service.DISABLE_REGISTRATION = true;
             server = {
diff --git a/modules/restic.nix b/modules/restic.nix
new file mode 100644
index 0000000..70fb8ec
--- /dev/null
+++ b/modules/restic.nix
@@ -0,0 +1,45 @@
+{pkgs, config, ...}:
+{
+    systemd.tmpfiles.rules = [
+        "d /backup - root backup-sync -"
+    ];
+
+    services.restic.backups = {
+        garden = {
+            initialize = true;
+            paths = [
+                "/var/www" # Webserver data
+                "/var/lib/pds" # ATProto PDS
+                "/home" # User data
+                "${config.services.gitea.stateDir}/dump" # Gitea repository
+            ];
+
+            pruneOpts = [
+                "--keep-daily 14"
+            ];
+
+            # Stop bluesky-pds during backup to ensure usable database files.
+            backupPrepareCommand = "systemctl stop bluesky-pds";
+            backupCleanupCommand =
+            ''
+            systemctl start bluesky-pds
+            chgrp -R backup-sync /backup
+            chmod -R g+rX /backup
+            '';
+
+            repository = "/backup";
+            passwordFile = "/root/restic_pass";
+        };
+    };
+
+    # User used for fetching the backup repository
+    users.groups.backup-sync = {};
+    users.users.backup-sync = {
+        isSystemUser = true;
+        group = "backup-sync";
+        shell = pkgs.zsh;
+        openssh.authorizedKeys.keys = [
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBCzn4bk+onpJHltUmc/Axqux1l+gdZ1iXuC4ra2FTs1"
+        ];
+    };
+}