diff --git a/backup/restic.nix b/backup/restic.nix
index 4c0ccdc..c8ea30d 100644
--- a/backup/restic.nix
+++ b/backup/restic.nix
@@ -6,19 +6,19 @@ in
 
   systemd = {
     services = {
-      "restic-scheduled-backup" = {
+      "restic-backup" = {
         description = "Userdata restic backup trigger";
         serviceConfig = {
           Type = "simple";
           User = "restic";
-          ExecStart = "${pkgs.restic}/bin/restic -r rclone:backblaze:${cfg.backblaze.bucket}:/sfbackup --verbose --json backup /var";
+          ExecStart = "${pkgs.restic}/bin/restic -o rclone.args=serve restic --stdio -r rclone:backblaze:${cfg.backblaze.bucket}:/sfbackup --verbose --json backup /var";
         };
       };
     };
     timers = {
       "restic-scheduled-backup" = {
         wantedBy = [ "timers.target" ];
-        partOf = [ "restic-scheduled-backup.service" ];
+        partOf = [ "restic-backup.service" ];
         timerConfig = {
           OnCalendar = "daily";
         };
diff --git a/webserver/nginx.nix b/webserver/nginx.nix
index 6e925ad..fcb2f92 100644
--- a/webserver/nginx.nix
+++ b/webserver/nginx.nix
@@ -1,4 +1,4 @@
-{ pkgs, config, ... }:
+{ pkgs, config, lib, ... }:
 let
   domain = config.services.userdata.domain;
 in
@@ -11,6 +11,7 @@ in
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
     clientMaxBodySize = "1024m";
+    sslProtocols = lib.mkForce "TLSv1.2 TLSv1.3";
 
     virtualHosts = {
       "${domain}" = {