diff --git a/hosts/genepi/backup.nix b/hosts/genepi/backup.nix
new file mode 100644
index 0000000..fa7e786
--- /dev/null
+++ b/hosts/genepi/backup.nix
@@ -0,0 +1,40 @@
+{
+  config,
+  keys,
+  pkgs,
+  ...
+}:
+let
+  storagebox-user = "u422292-sub1";
+  storagebox-host = "${storagebox-user}.your-storagebox.de";
+in
+{
+  environment.systemPackages = [
+    pkgs.sshpass
+  ];
+
+  age.secrets.restic-genepi-storagebox-key.file = ../../secrets/restic-genepi-storagebox-key.age;
+  age.secrets.restic-genepi-storagebox-password.file = ../../secrets/restic-genepi-storagebox-password.age;
+
+  programs.ssh.knownHosts = {
+    "${storagebox-host}".publicKey = keys.hosts.storagebox;
+  };
+
+  services.restic.backups = {
+    storagebox-nightly = {
+      initialize = true;
+      paths = [
+        "/persist"
+      ];
+      passwordFile = config.age.secrets.restic-genepi-storagebox-key.path;
+      repository = "sftp://${storagebox-user}@${storagebox-host}";
+      extraOptions = [
+        "sftp.command='${pkgs.sshpass}/bin/sshpass -f ${config.age.secrets.restic-genepi-storagebox-password.path} -- ssh ${storagebox-host} -l ${storagebox-user} -s sftp'"
+      ];
+      timerConfig = {
+        OnCalendar = "03:00";
+        RandomizedDelaySec = "1h";
+      };
+    };
+  };
+}
diff --git a/hosts/genepi/default.nix b/hosts/genepi/default.nix
index d4a7af8..feb7f36 100644
--- a/hosts/genepi/default.nix
+++ b/hosts/genepi/default.nix
@@ -9,6 +9,7 @@
     inputs.agenix.nixosModules.default
     inputs.impermanence.nixosModules.impermanence
     ./acme.nix
+    ./backup.nix
     ./boot.nix
     ./disk.nix
     ./dns.nix
diff --git a/parts/keys.nix b/parts/keys.nix
index dc7fe17..16c77c7 100644
--- a/parts/keys.nix
+++ b/parts/keys.nix
@@ -3,5 +3,6 @@
 
   hosts = {
     genepi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQUzjid5mfMYginIUCVWTF7rWvWz0mUZBZsl5EhDIDl root@genepi";
+    storagebox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
   };
 }
diff --git a/secrets/restic-genepi-storagebox-key.age b/secrets/restic-genepi-storagebox-key.age
new file mode 100644
index 0000000..ac4e43f
Binary files /dev/null and b/secrets/restic-genepi-storagebox-key.age differ
diff --git a/secrets/restic-genepi-storagebox-password.age b/secrets/restic-genepi-storagebox-password.age
new file mode 100644
index 0000000..96bd068
Binary files /dev/null and b/secrets/restic-genepi-storagebox-password.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 494d541..861f255 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,9 +1,17 @@
 let
   keys = import ../parts/keys.nix;
-in
-{
-  "gandi.age".publicKeys = [
+
+  keysForGenepi = [
     keys.hosts.genepi
     keys.rpqt.haze
   ];
+in
+{
+  "gandi.age".publicKeys = keysForGenepi;
+
+  # Storagebox sub-account password
+  "restic-genepi-storagebox-password.age".publicKeys = keysForGenepi;
+
+  # Restic repository key
+  "restic-genepi-storagebox-key.age".publicKeys = keysForGenepi;
 }