diff --git a/modules/backups/bigding/default.nix b/modules/backups/bigding/default.nix
new file mode 100644
index 0000000..aa68834
--- /dev/null
+++ b/modules/backups/bigding/default.nix
@@ -0,0 +1,45 @@
+{
+  pkgs,
+  config,
+  ...
+}: {
+  age.secrets = {
+    bigding_backup_s3_creds.file = ../../../secrets/bigding_backup_s3_creds.age;
+    bigding_backup_repo_password.file = ../../../secrets/bigding_backup_repo_password.age;
+  };
+
+  services.restic.backups = {
+    "system" = {
+      initialize = true;
+      passwordFile = config.age.secrets.bigding_backup_repo_password.path;
+      timerConfig = {
+        OnCalendar = "02:00";
+      };
+      repository = "s3:s3.eu-central-003.backblazeb2.com/bigding-backup";
+      s3CredentialsFile = config.age.secrets.bigding_backup_s3_creds.path;
+
+      paths = [
+        "/etc/group"
+        "/etc/machine-id"
+        "/etc/NetworkManager/system-connections"
+        "/etc/passwd"
+        "/etc/subgid"
+        "/home"
+        "/root"
+        "/var/lib/prometheus2"
+        "/var/lib/jellyfin"
+        "/var/lib/fail2ban"
+        "/var/lib/matrix-synapse"
+        "/var/lib/golink"
+        "/var/lib/tailscale"
+        "/var/lib/caddy"
+        "/var/backup"
+      ];
+
+      backupPrepareCommand = ''
+        ${pkgs.postgresql_13}/bin/pg_dumpall --clean -U postgres | ${pkgs.zstd}/bin/zstd --rsyncable > /var/backup/pgdump.sql.zst
+      '';
+
+    };
+  };
+}
diff --git a/modules/default.nix b/modules/default.nix
index 6cedf83..ef33fdf 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -1,6 +1,7 @@
 {
   bigding = {
     imports = [
+      ./backups/bigding
       ./caddy
       ./dungflix
       ./fail2ban
diff --git a/modules/gitea/default.nix b/modules/gitea/default.nix
index b7b693b..8da0145 100644
--- a/modules/gitea/default.nix
+++ b/modules/gitea/default.nix
@@ -9,6 +9,13 @@
     database = {
       type = "sqlite3";
     };
+    dump = {
+      enable = true;
+      type = "tar.zst";
+      file = "gitea.zip";
+      backupDir = "/var/backup";
+      interval = "01:30";
+    };
     settings = {
       server = {
         ROOT_URL = "https://git.broccoli.town/";
@@ -21,6 +28,7 @@
       repository = {
         ENABLE_PUSH_CREATE_USER = true;
       };
+      };
     };
   };
 }
diff --git a/modules/synapse/default.nix b/modules/synapse/default.nix
index ae8d476..c672fa1 100644
--- a/modules/synapse/default.nix
+++ b/modules/synapse/default.nix
@@ -16,6 +16,9 @@ in {
         };
       }
     ];
+    authentication = ''
+      local all all trust
+    '';
     ensureDatabases = [
       "synapse"
     ];
diff --git a/secrets/bigding_backup_repo_password.age b/secrets/bigding_backup_repo_password.age
new file mode 100644
index 0000000..441b6d8
--- /dev/null
+++ b/secrets/bigding_backup_repo_password.age
@@ -0,0 +1,18 @@
+age-encryption.org/v1
+-> ssh-ed25519 eYYv1Q p2lKm8m7/Kqkcv2OAa1QJ30SmpMRcPE2JIVVMMAapyI
+rxFk8qX5U2tFVMOnC5bwPbkn67DbZ+rrx4577/2YN3o
+-> ssh-ed25519 Bp5IaA B4MihkBHyFOLAoTCrma189xstle91PIP1llXfcXw/xA
+EtOgYylN6wGcOzeXGd+t4rMAtwuzAJPsXU2EorBGKMw
+-> ssh-ed25519 T/DpgA B7QEsjY0SXgZLD9Tlzy1JcZXVLX6OOnXosgTOtsisRw
+yzanbQl1c1gBXToGO3trFiAYjj4XJPg/X2U5RdxRXrU
+-> ssh-ed25519 qMgRFg WsKoCC0piMrxNzlcYRFDqpSDOULXCSY9ymBhHjfwyj0
+f4+/oTEqO2Fx8/O1rKy+1aGw2uatIJNpZFCwz8f9WAw
+-> ssh-ed25519 dMZXNw 1jYYtlUP/8no2KjB5No9aIPQwm1u+6ySv+tYdIn0W2I
+mvDqK645jo7zPjRLuhCyy9nz7GAK+LVa/6Er5yfuPKQ
+-> ssh-ed25519 70Nt2Q ux4w1776iy3VxBmjGQKA+3Y14FJ8ByGhaGpezPMdrlk
+iWTL1amQzDBzKRM4mKY2wOgdDwi1OhwNAY7raSesFx8
+-> \7].}^Ee-grease lKlBD]z~ @ pzb#Y
+KUqMwST0vaSIY314aYy2zXzCHzMOzbJT4v3yQltQ1UgmmgfFgbYUKTBfqKICcfFx
+Y3zNnJGXadK8fP2z8phy
+--- +s2dxNBUCXWaM/gHSDOnaOTDnC0IXTdz79lIdmuDE68
+&Ádó>Ï¼*\ZA¥Ïüä1=˜ë©ÈËwŒ?Y°ÆnVà¦ºiU=be²‡Î…è­
\ No newline at end of file
diff --git a/secrets/bigding_backup_s3_creds.age b/secrets/bigding_backup_s3_creds.age
new file mode 100644
index 0000000..914f062
--- /dev/null
+++ b/secrets/bigding_backup_s3_creds.age
@@ -0,0 +1,19 @@
+age-encryption.org/v1
+-> ssh-ed25519 eYYv1Q wDo9ZqcS199Yro1WHDNgJdMdHkxtBqOWdE63fPe8RTI
+akdPFIdAnv+nz9Zbm4PWv3tsC2/2yn4RB9Mv7Wm+nlY
+-> ssh-ed25519 Bp5IaA +KlqTrICIkPaFx4OsOz3x0av0uIoeDkA0UWV7UkkfG4
+lIk4Nb7e/xzj3z22IrUZluqWrrLklKg/dqx2XXOMHjQ
+-> ssh-ed25519 T/DpgA 9AsUq5oLyqgknwgE307UGu7qCGA+Pkk5oLofw5+WbBM
+GFVIAOIaLyRWx4s/ayCktgJzlVtIQ42wrGLkc+A36Cw
+-> ssh-ed25519 qMgRFg 85vDW4bZKq94dcvCYT+ICAu6M9MkTd7AhXwWzKCBQTc
+2fks5tUlKzbDNQHUUeCIbPq/q/Yxv1OdNhdSzaxsmHA
+-> ssh-ed25519 dMZXNw J7LL3rnlitOYWy/YB/UYqC7Hcwo+c7bk5jFcloOz8U0
+xAlzpaRrdHHUUipCnepdaipybG+K/plPgwpk2vh9MLs
+-> ssh-ed25519 70Nt2Q UpCw1D3qQliTTTjn2CjEbaQi8oYvqFTQsHu4Bip7fj4
+dnGDTeIIg8chPyWwqRxyvW6xcdveLDkQEhQvPofO96I
+-> z2Nh'{-grease O ;_a
+TP3riu9VIpcrd34vsqK2DIhGb2sG+554+hwfSww
+--- qm5o64795oKWg6cl/HrcdFOW6n1l8FEJDPZW76Yyl94
+2w´©F½ûOLacLài‰«P¦NÆYNg
+6g&ú÷&#‡:1,¯XÚû°)½·H¯%‹§ý8Øúsñ¼wãU½fW«‘DMAº!Uk’Õh°¥‰³Ü”‰p„–G;p˜°BB¯3•1­nŒÌª›pVÙ.qƒ
+x#pX
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 21d13ad..8a1f5e4 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -24,4 +24,6 @@ in {
   "dungflix_crypt_remote_pass.age".publicKeys = users ++ [system2 system4];
   "age_identity.age".publicKeys = users ++ [system1 system3];
   "minisign_private_key.age".publicKeys = users ++ [system1 system3];
+  "bigding_backup_s3_creds.age".publicKeys = users ++ [system4];
+  "bigding_backup_repo_password.age".publicKeys = users ++ [system4];
 }