diff --git a/flake.nix b/flake.nix
index f47f7d3..4670bcb 100644
--- a/flake.nix
+++ b/flake.nix
@@ -123,8 +123,6 @@
       sshUser = "root";
     };
 
-    checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
-
     packages.x86_64-linux = {
       proxmox = import ./packages/proxmox.nix {inherit inputs configLib;};
       iso = import ./packages/iso.nix {inherit inputs configLib;};
diff --git a/hosts/cirrostratus/nginx.nix b/hosts/cirrostratus/nginx.nix
index 284c38a..585cd51 100644
--- a/hosts/cirrostratus/nginx.nix
+++ b/hosts/cirrostratus/nginx.nix
@@ -8,6 +8,7 @@
   imports = [
     ../../configs/nixos/nginx.nix
   ];
+  services.nginx.clientMaxBodySize="100m";
   services.nginx.virtualHosts = {
     "gabevenberg.com" = {
       enableACME = true;
diff --git a/hosts/cirrostratus/restic.nix b/hosts/cirrostratus/restic.nix
index 0034774..2f15f48 100644
--- a/hosts/cirrostratus/restic.nix
+++ b/hosts/cirrostratus/restic.nix
@@ -27,8 +27,33 @@ in {
       path = "/backup/restic/.htpasswd";
       owner="restic";
     };
+    secrets.restic-url = {
+      sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
+      owner = config.host.user;
+    };
+    secrets.restic-password = {
+      sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
+      owner = config.host.user;
+    };
   };
+
   environment.systemPackages = with pkgs; [
     restic
   ];
+
+  services.restic.backups = lib.mkIf (inputs ? nix-secrets) {
+    remote = {
+      repositoryFile = config.sops.secrets.restic-url.path;
+      passwordFile = config.sops.secrets.restic-password.path;
+      initialize = true;
+      paths = [
+        "/storage/syncthing"
+      ];
+      timerConfig = {
+        OnCalendar = "daily";
+        Persistent = true;
+        RandomizedDelaySec = "4h";
+      };
+    };
+  };
 }