diff --git a/applications/dns.nix b/applications/dns.nix
index 2937d60..6b7bc6b 100644
--- a/applications/dns.nix
+++ b/applications/dns.nix
@@ -343,6 +343,8 @@ in {
   };
 
   config = lib.mkIf cfg.server.enable {
+    # services.skynet_backup.normal.backups = ["/etc/skynet/dns"];
+
     # open the firewall for this
     skynet_firewall.forward = [
       "ip daddr ${cfg.server.ip} tcp dport 53 counter packets 0 bytes 0 accept"
diff --git a/applications/restic.nix b/applications/restic.nix
index 4ccf611..4d6a277 100644
--- a/applications/restic.nix
+++ b/applications/restic.nix
@@ -9,6 +9,8 @@
 with lib; let
   cfg = config.services.skynet_backup;
 
+  enable_client = cfg.normal.backups != null && cfg.normal.backups != [];
+
   # since they should all have the same config we can do this
   base = {
     paths = cfg.normal.backups;
@@ -150,49 +152,52 @@ in {
     };
   };
 
-  config = {
-    # these values are anabled for every client
+  config =
+    {
+      # these values are anabled for every client
+      environment.systemPackages = with pkgs; [
+        restic
+      ];
+    }
+    // mkIf cfg.server.enable {
+      networking.firewall.allowedTCPPorts = [
+        cfg.server.port
+      ];
 
-    environment.systemPackages = [
-      # for flakes
-      pkgs.restic
-    ];
-
-    # A list of all login accounts. To create the password hashes, use
-    # nix-shell -p apacheHttpd
-    # htpasswd -nbB "" "password" | cut -d: -f2
-
-    age.secrets.restic.file = ../secrets/backup/restic.age;
-
-    networking.firewall.allowedTCPPorts = [
-      cfg.server.port
-    ];
-
-    services.restic.backups =
-      ownServers
-      // {
-        # merge teh two configs together
-        #      backblaze = base // {
-        #        # backupos for each server are stored in a folder under their name
-        #        repository = "b2:NixOS-Main2:/${cfg.host.name}";
-        #        #environmentFile = config.age.secrets.backblaze.path;
-        #      };
+      age.secrets.restic_pw = {
+        file = ../secrets/backup/restic_pw.age;
+        path = "${config.services.restic.server.dataDir}/.htpasswd";
+        symlink = false;
+        mode = "770";
+        owner = "restic";
+        group = "restic";
       };
 
-    age.secrets.restic_pw = mkIf cfg.server.enable {
-      file = ../secrets/backup/restic_pw.age;
-      path = "${config.services.restic.server.dataDir}/.htpasswd";
-      symlink = false;
-      mode = "770";
-      owner = "restic";
-      group = "restic";
-    };
+      services.restic.server = {
+        enable = true;
+        listenAddress = "${cfg.host.ip}:${toString cfg.server.port}";
+        appendOnly = cfg.server.appendOnly;
+        privateRepos = true;
+      };
+    }
+    // mkIf enable_client {
+      # client stuff here
 
-    services.restic.server = mkIf cfg.server.enable {
-      enable = true;
-      listenAddress = "${cfg.host.ip}:${toString cfg.server.port}";
-      appendOnly = cfg.server.appendOnly;
-      privateRepos = true;
+      # A list of all login accounts. To create the password hashes, use
+      # nix-shell -p apacheHttpd
+      # htpasswd -nbB "" "password" | cut -d: -f2
+
+      age.secrets.restic.file = ../secrets/backup/restic.age;
+
+      services.restic.backups =
+        ownServers
+        // {
+          # merge teh two configs together
+          #      backblaze = base // {
+          #        # backupos for each server are stored in a folder under their name
+          #        repository = "b2:NixOS-Main2:/${cfg.host.name}";
+          #        #environmentFile = config.age.secrets.backblaze.path;
+          #      };
+        };
     };
-  };
 }