diff --git a/hosts/nuc/backups.nix b/hosts/nuc/backups.nix
new file mode 100644
index 0000000..323371d
--- /dev/null
+++ b/hosts/nuc/backups.nix
@@ -0,0 +1,31 @@
+{
+  config,
+  pkgs,
+  ...
+}: let
+  restic-backup-id = "c351536f-39a4-4725-9d92-04fcb26b6306";
+in {
+  services.restic.backups = {
+    daily = {
+      initialize = true;
+
+      repositoryFile = config.age.secrets."restic/repo".path;
+      passwordFile = config.age.secrets."restic/password".path;
+
+      user = "emiller";
+      paths = [
+        "${config.users.users.emiller.home}/sync"
+        "${config.users.users.emiller.home}/archive"
+      ];
+
+      pruneOpts = [
+        "--keep-daily 7"
+        "--keep-weekly 5"
+        "--keep-monthly 12"
+      ];
+
+      backupPrepareCommand = "${pkgs.curl}/bin/curl -m 10 --retry 5 https://hc-ping.com/${restic-backup-id}/start";
+      backupCleanupCommand = "${pkgs.curl}/bin/curl -m 10 --retry 5 https://hc-ping.com/${restic-backup-id}/$EXIT_STATUS";
+    };
+  };
+}
diff --git a/hosts/nuc/secrets/restic/password.age b/hosts/nuc/secrets/restic/password.age
new file mode 100644
index 0000000..c3092c5
--- /dev/null
+++ b/hosts/nuc/secrets/restic/password.age
@@ -0,0 +1,12 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHFtNVNrZyByOWlv
+d2QyQ0F3ZFZnRzNSSERCU2ozS3FrMDZKeWZRMk4vNk5HTGRuN2pvCmx5czVsTzMy
+dzkxM1ZVWEZXNEljN0Q0a1YwSG1ES1BzdmdYT1JyNjh4R2sKLT4gcGl2LXAyNTYg
+Si9UWXN3IEFqbEZjWW4rT3RsQ0J1eEJ3TS9oZ3pJS29GaUpLdkZYdUhvVXRhYVJO
+VTR5CkxhYWUzaFNxSU1hYzVjUFB5L05zajNYakhwZ2N6VDFpTUQzVHhLMlY0YzgK
+LT4gNSZFPi1ncmVhc2UgPHt6UjFLCi8yMzBoc1R0azlmVTVIQk9ucjJaaVBkWkYy
+aDFtVDhjOGhwcldMTkRaWElJa2hBTHpqRVJKL3FXM1AzNzhKdVUKUjl4cXlYekQx
+Qm8wdDdtRmRWdwotLS0gVmpZQWtmL3RRMFhFWDBPY28yS1VpV2FzRkh2Y2wwUjU3
+MVBtUmRpWjcrWQoRMSiMsvdhVFYtCDn37pJ0w7EQoa6tYr3uCfGPVHep33IL5Lqc
+80gVGn2RejXnI3AvDctlp4DsF+I=
+-----END AGE ENCRYPTED FILE-----
diff --git a/hosts/nuc/secrets/restic/repo.age b/hosts/nuc/secrets/restic/repo.age
new file mode 100644
index 0000000..dffb4b4
--- /dev/null
+++ b/hosts/nuc/secrets/restic/repo.age
@@ -0,0 +1,12 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHFtNVNrZyBGd09l
+aUc2QlFnb0NmcFY5NEc3NEJkZlg5RDltL0JTYzdSRDdsMlptN0ZFCi9iYTJWQmZq
+Z1lGZG5xcm4xWFM5SHVqU2RLRmM5VzljditRSWExZXBZMTQKLT4gcGl2LXAyNTYg
+Si9UWXN3IEFsbVllZWlFZExxWEtnb3o2d2xLRkR4Wm1jMVl5c2RZZlc4TmpNd0VQ
+clFnCklFbWhWUGpHRXE2N21hZDlKRnFjUklDN0QzN2ZHMitpV081QzdPS3J4QzAK
+LT4gUSI1ZF1NNi1ncmVhc2UKNWRLOURvMjZOdVJaUlF4ci9zcW5XTDhGMEtqWm43
+MGpTV3BhbmI4Ci0tLSA0Q0ZvQnlTU1ZTclpJM0s2Tkp4eFBnTm5CdjFydzZLMStM
+R3Rva3BMbTQ4CmGFQaouP+2EmTNoQhon3UOL8CfO4oMYlnb+INtdnshk5hhQaIow
+lYGUY8k9UorGmWVdUAfmZ/DqfsuZwjnyVrRZ76B5L7I+TWN043DZnHeb9/xeKSWy
+nO5EFwbSDUtN6evY
+-----END AGE ENCRYPTED FILE-----
diff --git a/hosts/nuc/secrets/secrets.nix b/hosts/nuc/secrets/secrets.nix
new file mode 100644
index 0000000..8159920
--- /dev/null
+++ b/hosts/nuc/secrets/secrets.nix
@@ -0,0 +1,7 @@
+let
+  edmundmiller = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPBsb81evtCCcWSZcLbFaXWrAeCWFrPXPjUvjH4ZKbQC edmundmiller";
+  nuc = "nuc ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBPG2vvh8XkVObXANO9/CBfczftZrmpbjg2w5onK/Tv";
+in {
+  "restic/repo.age".publicKeys = [edmundmiller nuc];
+  "restic/password.age".publicKeys = [edmundmiller nuc];
+}