diff --git a/modules/nixos/services/homeserver/restic/backups.nix b/modules/nixos/services/homeserver/restic/backups.nix
index ee86741..dbd4da3 100644
--- a/modules/nixos/services/homeserver/restic/backups.nix
+++ b/modules/nixos/services/homeserver/restic/backups.nix
@@ -1,7 +1,10 @@
 { config, pkgs, lib, ... }:
 
 {
-  sops.secrets."restic/password" = {};
+  sops.secrets = {
+    "restic/password" = {};
+    "restic/rest-auth.env" = {};
+  };
 
   systemd.services = {
     db-backup = {
@@ -49,7 +52,8 @@
       '';
 
       initialize = true;
-      repository = "/mnt/external/backup/restic";
+      repository = "rest:http://localhost:8001/drone";
+      environmentFile = config.sops.secrets."restic/rest-auth.env".path;
       passwordFile = config.sops.secrets."restic/password".path;
       timerConfig = {
         OnCalendar = "03:00";
diff --git a/modules/nixos/services/homeserver/restic/default.nix b/modules/nixos/services/homeserver/restic/default.nix
index af1fc42..a9b2945 100644
--- a/modules/nixos/services/homeserver/restic/default.nix
+++ b/modules/nixos/services/homeserver/restic/default.nix
@@ -3,5 +3,6 @@
 {
   imports = [
     ./backups.nix
+    ./rest-server.nix
   ];
 }
\ No newline at end of file
diff --git a/modules/nixos/services/homeserver/restic/rest-server.nix b/modules/nixos/services/homeserver/restic/rest-server.nix
new file mode 100644
index 0000000..8c0a123
--- /dev/null
+++ b/modules/nixos/services/homeserver/restic/rest-server.nix
@@ -0,0 +1,28 @@
+{ config, ... }:
+
+{
+  sops.secrets."restic/rest-server/.htpasswd" = {
+    owner = "restic";
+    group = "restic";
+  };
+
+  services.caddy.virtualHosts."restic.taild5f7e6.ts.net".extraConfig =
+  assert config.services.caddy.enable;
+  ''
+    import default-settings
+
+    bind tailscale/restic
+
+    reverse_proxy localhost:8001
+  '';
+
+  services.restic.server = {
+    enable = true;
+    dataDir = "/mnt/external/backup/restic";
+    listenAddress = "127.0.0.1:8001";
+    htpasswd-file = config.sops.secrets."restic/rest-server/.htpasswd".path;
+
+    privateRepos = true;
+    appendOnly = true;
+  };
+}
\ No newline at end of file
diff --git a/secrets/drone.yaml b/secrets/drone.yaml
index 1cb1e46..c7cc016 100755
--- a/secrets/drone.yaml
+++ b/secrets/drone.yaml
@@ -17,6 +17,9 @@ nextcloud:
     adminpass: ENC[AES256_GCM,data:eSQQkhcXB4s9pnJ1hToGgyEr+rGlMIKHLsU0EemMOng=,iv:USq1winT7GPGVKwDjfF+cFs/dj395zgXyTVQ/x1KNS0=,tag:Me6MKsZwUc4sjZIPfZmk+A==,type:str]
 restic:
     password: ENC[AES256_GCM,data:sWFhBWXpYktef9Ajf5eDlOljcMmJur1PkKSalrmt9yXPYto117YMeI7zyXDZqlk9bDoqj28d8/pl2lP0itBpOZc+GoPZfDns+RyJUrP0S/0pV5gXA72/9g4Yqg9eSuXdeAbFYb9CnuHUi8+HJnIULPKOaqpwpwKaRsDAN5KVsAA=,iv:RCXcp0/cpT6WHM6v4zZtwD+w1epYp/JXvSWON8/Txyk=,tag:ffdQYuuIfuJQJGIXi1HaMw==,type:str]
+    rest-auth.env: ENC[AES256_GCM,data:MAJVkdiutkhY8MCLrg1EMumAblektgO85VQLD65McX/VYInYDihxwJOV21+SAJSaN/8vA/MqUEmzsrUb04hgvqPYjXIyyUYpDrE8us47eqjF3SoZJsf70Ukps0lv3+L3LViRSpKJ+2v2v7GenaA/jAk=,iv:5yzIiEpQ1jvl9SDu/MxsAl25PmxmmuPxjRAa+iEGJRU=,tag:9UBXGt0vXj3F0YndwkeQaw==,type:str]
+    rest-server:
+        .htpasswd: ENC[AES256_GCM,data:605u/QTk6j1s3Wn3Lg2M0BDhy4WbVFIZRYijhLeGmPHC2sZUY0Ngoq8bkr/Jf97Erh+CM4oqiHXA+Jct8Yq0ml6MMFKk0v602yHRxIEn5MOBETygUz889kJnNLGsXDHJeJFCX5J5qmlnj9DZ+93hNEQJAzEP2CvzH/JoHJA/bMrCGl0aZyExrxJi,iv:wuTER92WYPUGm0QNpfoOepZSGcOmq2M16Xa3RVJFYAo=,tag:qgLqtf41735ajBvlEBlJCw==,type:str]
 vaultwarden:
     secrets.env: ENC[AES256_GCM,data:bvAAiZ/MTqwHzaNFw8C23R4w2wg7v01yL/Oz3PLty6VRCgivwvySVShV3ijde/zW/N4d6dYlG76sCemlWi/79/UcIV8sZivnLZ124oYh2iuBMNv9cLrwG/PiPYO74lyq+WcIhIimnur4f/o5PbqoanDfVTru50v5+3ovwuK1MsjOaLGU,iv:rrDfCcmzl3vpr6JVoNU5rlxYfCCZi3hUzEX5IlEoThU=,tag:dSEY6NOxRggyd28pbvV30w==,type:str]
 sops:
@@ -30,7 +33,7 @@ sops:
             N0U5bkt4aXJOS3N0Z2N4YTg4TDVUVncKCQLUTMmdM/IPzV3NDRhPdta1tvXxy/6P
             RYbLzlUryw+tqfTp8nDrdxyOWScLNzPOswAq0Qf7VMcEQ5bJEkAOhQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-11-18T17:23:13Z"
-    mac: ENC[AES256_GCM,data:1+R7ctuEqovBsKdq7VyhTIVhEewbiFKqS7Cy9VYZtAdBJyvWRtEvAG3/OOr/zzkkswLHP90iE5HExDCrH/TBnSakJzqYeUxmEi84H0CGvnq4nxCs+0QYGIrlAiDqIOr1+ESpKFq+3VGJwb5mdzYVqeFXwIKE44+L4YvhtsXH3ys=,iv:LXJ31X5riqNm1XQuH/jIWuWl3Rts+PQyMxChPlx8S88=,tag:QGDnbzPaj4/hm5Rky0Soaw==,type:str]
+    lastmodified: "2025-11-23T02:32:16Z"
+    mac: ENC[AES256_GCM,data:lN8ZOO1V1bl4dP1J2qAHSwLGx6AlM9vXHvHZ7BNHtdqWqf+H4ufOQV1TAfviyfG7fFbNbHov4NO2Oukr5ynfnjrgjcNtJgApgIEFgttyoJlW3oULNTo5N9b+15T7fSeOZj+utKlISh/K2Yagt+36ZM4ND6LN/T9+AlODFXYPENA=,iv:eBgMfO/1gPfLSerO0JlBJdhFb5GVuDbbWIVb8goIb7I=,tag:QyUxt9iprJNYxZk9WTDH4g==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0