diff --git a/hosts/cube/restic/default.nix b/hosts/cube/restic/default.nix
index 23654d7..e71c2b2 100644
--- a/hosts/cube/restic/default.nix
+++ b/hosts/cube/restic/default.nix
@@ -1,29 +1,53 @@
-{ config, lib, ... }: with lib;
+{ config, lib, pkgs, ... }: with lib;
 
 systemConfiguration {
   secrets.resticPassword.file = ./password.age;
 
-  services.restic.backups.general = {
-    passwordFile = config.secrets.resticPassword.path;
-    initialize   = true;
+  services.restic.backups = let
+    defaultConfig = name: {
+      repository   = "sftp:backup@disk:${config.networking.hostName}-${name}";
+      passwordFile = config.secrets.resticPassword.path;
+      initialize   = true;
 
-    repository = "sftp:backup@disk:${config.networking.hostName}-varlib";
+      pruneOpts = [
+        "--keep-daily 3"
+        "--keep-weekly 5"
+        "--keep-monthly 12"
+        "--keep-yearly 75"
+      ];
 
-    paths = map (dir: "/var/lib/${dir}") [
-      "dkim"
-      "forgejo"
-      "gitea-runner"
-      "grafana"
-      "mail"
-      "matrix-sliding-sync"
-      "matrix-synapse"
-      "nextcloud"
-      "postfix"
-    ];
+      timerConfig = {
+        OnCalendar = "daily";
+        Persistent = true;
+      };
+    };
+  in {
+    general = (defaultConfig "general") // {
+      paths = map (dir: "/var/lib/${dir}") [
+        "dkim"
+        "forgejo"
+        "gitea-runner"
+        "grafana"
+        "mail"
+        "matrix-sliding-sync"
+        "matrix-synapse"
+        "nextcloud"
+        "postfix"
+      ];
+    };
 
-    timerConfig = {
-      OnCalendar = "daily";
-      Persistent = true;
+    postgresql = (defaultConfig "postgresql") // {
+      paths = [ "/tmp/postgresql-dump.sql.gz" ];
+
+      backupPrepareCommand = ''
+        ${config.services.postgresql.package}/bin/pg_dumpall --clean \
+        | ${lib.getExe pkgs.gzip} --rsyncable \
+        > /tmp/postgresql-dump.sql.gz
+      '';
+
+      backupCleanupCommand = ''
+        rm /tmp/postgresql-dump.sql.gz
+      '';
     };
   };
 }