diff --git a/api/api-module.nix b/api/api-module.nix
index 6b01d37..bd65ad6 100644
--- a/api/api-module.nix
+++ b/api/api-module.nix
@@ -43,6 +43,12 @@ in
         B2 account key
       '';
     };
+    b2Bucket = mkOption {
+      type = types.str;
+      description = ''
+        B2 bucket
+      '';
+    };
     resticPassword = mkOption {
       type = types.str;
       description = ''
@@ -62,6 +68,7 @@ in
         ENABLE_SWAGGER = (if cfg.enableSwagger then "1" else "0");
         B2_ACCOUNT_ID = cfg.b2AccountId;
         B2_ACCOUNT_KEY = cfg.b2AccountKey;
+        B2_BUCKET = cfg.b2Bucket;
         RESTIC_PASSWORD = cfg.resticPassword;
       } // config.networking.proxy.envVars;
       path = [ "/var/" "/var/dkim/" pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gzip pkgs.gitMinimal config.nix.package.out pkgs.nixos-rebuild pkgs.restic pkgs.mkpasswd ];
diff --git a/api/api.nix b/api/api.nix
index e503220..ff9c106 100644
--- a/api/api.nix
+++ b/api/api.nix
@@ -6,6 +6,7 @@
     enableSwagger = config.services.userdata.api.enableSwagger;
     b2AccountId = config.services.userdata.backblaze.accountId;
     b2AccountKey = config.services.userdata.backblaze.accountKey;
+    b2Bucket = config.services.userdata.backblaze.bucket;
     resticPassword = config.services.userdata.resticPassword;
   };
 
diff --git a/configuration.nix b/configuration.nix
index e33f4e8..1281ac4 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -59,8 +59,8 @@ in
   environment.variables = {
     DOMAIN = config.services.userdata.domain;
   };
-  system.autoUpgrade.enable = true;
-  system.autoUpgrade.allowReboot = false;
+  system.autoUpgrade.enable = config.services.userdata.autoUpgrade.enable;
+  system.autoUpgrade.allowReboot = config.services.userdata.autoUpgrade.allowReboot;
   system.autoUpgrade.channel = https://nixos.org/channels/nixos-21.05-small;
   nix = {
     optimise.automatic = true;
diff --git a/files.nix b/files.nix
index 5c59961..0083f70 100644
--- a/files.nix
+++ b/files.nix
@@ -14,17 +14,24 @@ in
         CLOUDFLARE_DNS_API_TOKEN=${cfg.cloudflare.apiKey}
         CLOUDFLARE_ZONE_API_TOKEN=${cfg.cloudflare.apiKey}
       '';
+      rcloneConfig = builtins.replaceStrings [ "\n" "\"" "\\" ] [ "\\n" "\\\"" "\\\\" ] ''
+        [backblaze]
+        type = b2
+        account = ${cfg.backblaze.accountId}
+        key = ${cfg.backblaze.accountKey}
+      '';
     in
     [
       (if cfg.bitwarden.enable then "d /var/lib/bitwarden 0777 bitwarden_rs bitwarden_rs -" else "")
       (if cfg.bitwarden.enable then "d /var/lib/bitwarden/backup 0777 bitwarden_rs bitwarden_rs -" else "")
       (if cfg.pleroma.enable then "d /var/lib/pleroma 0600 pleroma pleroma - -" else "")
       "d /var/lib/restic 0600 restic - - -"
-      "f /var/lib/restic/pass 0400 restic - - ${resticPass}"
-      (if cfg.pleroma.enable then "f /var/lib/pleroma/secrets.exs 0755 pleroma pleroma - -" else "")
-      "f /var/domain 0444 selfprivacy-api selfprivacy-api - ${domain}"
-      (if cfg.nextcloud.enable then "f /var/lib/nextcloud/db-pass 0440 nextcloud nextcloud - ${nextcloudDBPass}" else "")
-      (if cfg.nextcloud.enable then "f /var/lib/nextcloud/admin-pass 0440 nextcloud nextcloud - ${nextcloudAdminPass}" else "")
-      "f /var/lib/cloudflare/Credentials.ini 0440 nginx acmerecievers - ${cloudflareCredentials}"
+      "f+ /var/lib/restic/pass 0400 restic - - ${resticPass}"
+      "f+ /root/.config/rclone/rclone.conf 0400 root root - ${rcloneConfig}"
+      (if cfg.pleroma.enable then "f+ /var/lib/pleroma/secrets.exs 0755 pleroma pleroma - -" else "")
+      "f+ /var/domain 0444 selfprivacy-api selfprivacy-api - ${domain}"
+      (if cfg.nextcloud.enable then "f+ /var/lib/nextcloud/db-pass 0440 nextcloud nextcloud - ${nextcloudDBPass}" else "")
+      (if cfg.nextcloud.enable then "f+ /var/lib/nextcloud/admin-pass 0440 nextcloud nextcloud - ${nextcloudAdminPass}" else "")
+      "f+ /var/lib/cloudflare/Credentials.ini 0440 nginx acmerecievers - ${cloudflareCredentials}"
     ];
 }
diff --git a/nextcloud/nextcloud.nix b/nextcloud/nextcloud.nix
index e6a9a7a..2cacf85 100644
--- a/nextcloud/nextcloud.nix
+++ b/nextcloud/nextcloud.nix
@@ -18,7 +18,7 @@ in
 
     config = {
       # Further forces Nextcloud to use HTTPS
-      overwriteProtocol = "http";
+      overwriteProtocol = "https";
 
       # Nextcloud PostegreSQL database configuration, recommended over using SQLite
       dbtype = "sqlite";
diff --git a/social/pleroma.nix b/social/pleroma.nix
index ef4eeb9..8e918cf 100644
--- a/social/pleroma.nix
+++ b/social/pleroma.nix
@@ -15,9 +15,9 @@ in
       group = "pleroma";
       configs = [
         (builtins.replaceStrings
-        [ "$DOMAIN" "$LUSER" "$DB_PASSWORD" ]
-        [ cfg.domain cfg.username cfg.databasePassword ]
-        (builtins.readFile ./config.exs))
+          [ "$DOMAIN" "$LUSER" "$DB_PASSWORD" ]
+          [ cfg.domain cfg.username cfg.databasePassword ]
+          (builtins.readFile ./config.exs))
       ];
     };
     postgresql = {
diff --git a/userdata/schema.json b/userdata/schema.json
index b6548ff..5115459 100644
--- a/userdata/schema.json
+++ b/userdata/schema.json
@@ -3,6 +3,17 @@
     "$id": "https://git.selfprivacy.org/inex/selfprivacy-nixos-config/raw/branch/master/userdata/schema.json",
     "type": "object",
     "properties": {
+        "autoUpgrade": {
+            "type": "object",
+            "properties": {
+                "enable": {
+                    "type": "boolean"
+                },
+                "allowReboot": {
+                    "type": "boolean"
+                }
+            }
+        },
         "hostname": {
             "type": "string"
         },
@@ -15,6 +26,12 @@
         "hashedMasterPassword": {
             "type": "string"
         },
+        "sshKeys": {
+            "type": "array",
+            "items": {
+                "type": "string"
+            }
+        },
         "timezone": {
             "type": "string"
         },
diff --git a/users.nix b/users.nix
index f1b825c..acc5636 100644
--- a/users.nix
+++ b/users.nix
@@ -9,6 +9,7 @@ in
       "${cfg.username}" = {
         isNormalUser = true;
         hashedPassword = cfg.hashedMasterPassword;
+        openssh.authorizedKeys.keys = cfg.sshKeys;
       };
     } // builtins.listToAttrs (builtins.map
       (user: {
@@ -16,6 +17,7 @@ in
         value = {
           isNormalUser = true;
           hashedPassword = user.hashedPassword;
+          openssh.authorizedKeys.keys = user.sshKeys;
         };
       })
       cfg.users);
diff --git a/variables-module.nix b/variables-module.nix
index ead690e..2c465cc 100644
--- a/variables-module.nix
+++ b/variables-module.nix
@@ -15,6 +15,7 @@ in
       default = true;
       type = types.nullOr types.bool;
     };
+    # General server options
     hostname = mkOption {
       description = "The hostname of the server.";
       type = types.nullOr types.str;
@@ -25,6 +26,28 @@ in
       '';
       type = types.nullOr types.str;
     };
+    timezone = mkOption {
+      description = ''
+        Timezone used by the server
+      '';
+      type = types.nullOr types.str;
+      default = "Europe/Uzhgorod";
+    };
+    autoUpgrade = {
+      enable = mkOption {
+        description = "Enable auto-upgrade of the server.";
+        default = true;
+        type = types.nullOr types.bool;
+      };
+      allowReboot = mkOption {
+        description = "Allow the server to reboot during the upgrade.";
+        default = false;
+        type = types.nullOr types.bool;
+      };
+    };
+    ########################
+    # Server admin options #
+    ########################
     username = mkOption {
       description = ''
         Username that was defined at the initial setup process
@@ -37,6 +60,16 @@ in
       '';
       type = types.nullOr types.str;
     };
+    sshKeys = mkOption {
+      description = ''
+        SSH keys of the user that was defined at the initial setup process
+      '';
+      type = types.nullOr (types.listOf types.str);
+      default = [ ];
+    };
+    ###############
+    # API options #
+    ###############
     api = {
       token = mkOption {
         description = ''
@@ -52,6 +85,9 @@ in
         type = types.bool;
       };
     };
+    #############
+    #  Secrets  #
+    #############
     backblaze = {
       bucket = mkOption {
         description = "Bucket name used for userdata backups";
@@ -72,6 +108,9 @@ in
         type = types.nullOr types.str;
       };
     };
+    ##############
+    #  Services  #
+    ##############
     databasePassword = mkOption {
       description = ''
         Password for the database
@@ -126,12 +165,18 @@ in
         type = types.nullOr types.bool;
       };
     };
+    #############
+    #  Backups  #
+    #############
     resticPassword = mkOption {
       description = ''
         Password for the restic
       '';
       type = types.nullOr types.str;
     };
+    #########
+    #  SSH  #
+    #########
     ssh = {
       enable = mkOption {
         default = true;
@@ -142,7 +187,7 @@ in
           Root SSH Keys
         '';
         type = types.nullOr (types.listOf types.str);
-        default = [""];
+        default = [ "" ];
       };
       passwordAuthentication = mkOption {
         description = ''
@@ -152,19 +197,15 @@ in
         type = types.nullOr types.bool;
       };
     };
-    timezone = mkOption {
-      description = ''
-        Timezone used by the server
-      '';
-      type = types.nullOr types.str;
-      default = "Europe/Uzhgorod";
-    };
+    ###########
+    #  Users  #
+    ###########
     users = mkOption {
       description = ''
         Users that will be created on the server
       '';
       type = types.nullOr (types.listOf (types.attrsOf types.anything));
-      default = [];
+      default = [ ];
     };
   };
 }