diff --git a/group_vars/all/restic.yml b/group_vars/all/restic.yml
index 3a3c808f..3dccc7c1 100644
--- a/group_vars/all/restic.yml
+++ b/group_vars/all/restic.yml
@@ -1,9 +1,17 @@
 ---
 glob_restic:
-  to_exclude:
-    - /var/lib/lxcfs
-  to_backup:
-    - /etc
-    - /var
+  config:
+    base:
+      to_exclude:
+        - /var/cache
+        - /var/lib/lxcfs
+      to_backup:
+        - /etc
+        - /var
+      retention:
+        - [--keep-daily, 2]
+        - [--keep-weekly, 2]
+        - [--keep-monthly, 2]
+        - [--keep-yearly, 1]
   remote:
-    - rest:http://{{ ansible_hostname }}:{{ vault.restic[ansible_hostname].rest_password }}@172.16.10.14/{{ ansible_hostname }}/base
+    - rest:http://{{ ansible_hostname }}:{{ vault.restic[ansible_hostname].rest_password }}@172.16.10.14/{{ ansible_hostname }}/
diff --git a/host_vars/apprentis.adm.crans.org.yml b/host_vars/apprentis.adm.crans.org.yml
index 7a6e61c3..a21e8fc3 100644
--- a/host_vars/apprentis.adm.crans.org.yml
+++ b/host_vars/apprentis.adm.crans.org.yml
@@ -7,3 +7,17 @@ loc_unattended:
 
 loc_needrestart:
   override: []
+
+loc_borg:
+  to_backup:
+    - /etc
+    - /home_nounou
+    - /var
+
+loc_restic:
+  config:
+    base:
+      to_backup:
+        - /etc
+        - /home_nounou
+        - /var
diff --git a/host_vars/cameron.adm.crans.org.yml b/host_vars/cameron.adm.crans.org.yml
index c273cef5..478a4d10 100644
--- a/host_vars/cameron.adm.crans.org.yml
+++ b/host_vars/cameron.adm.crans.org.yml
@@ -10,6 +10,27 @@ loc_borg:
     - /var/mail
     - /var/lib/lxcfs
 
+loc_restic:
+  config:
+    base:
+      to_exclude:
+        - /var/cache
+        - /var/mail
+        - /var/lib/lxcfs
+    pool:
+      to_exclude:
+        - "*.pyc"
+        - "\\#*\\#"
+        - "*~"
+      to_backup:
+        - /pool/home
+        - /pool/mail
+      retention:
+        - [--keep-daily, 4]
+        - [--keep-weekly, 4]
+        - [--keep-monthly, 6]
+      backup_extra_param: " --exclude-if-present .nobackup"
+
 loc_service_home:
   name: home
   install_dir: /var/local/services/home
diff --git a/host_vars/cephiroth.adm.crans.org.yml b/host_vars/cephiroth.adm.crans.org.yml
deleted file mode 100644
index c0f8db57..00000000
--- a/host_vars/cephiroth.adm.crans.org.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-interfaces:
-  disable: true
-
-loc_needrestart:
-  override: []
-
-loc_borg:
-  to_backup:
-    - /etc
-    - /home_nounou
-    - /var
-
-loc_slapd:
-  ip: "{{ lookup('ldap', 'ip4', 'cephiroth', 'adm') }}"
-  replica: true
-  replica_rid: 5
diff --git a/host_vars/ft.adm.crans.org.yml b/host_vars/ft.adm.crans.org.yml
index b29692fc..168e7162 100644
--- a/host_vars/ft.adm.crans.org.yml
+++ b/host_vars/ft.adm.crans.org.yml
@@ -11,6 +11,14 @@ loc_borg:
     - /home_nounou
     - /var
 
+loc_restic:
+  config:
+    base:
+      to_backup:
+        - /etc
+        - /home_nounou
+        - /var
+
 loc_slapd:
   ip: "{{ lookup('ldap', 'ip4', 'ft', 'adm') }}"
   replica: true
diff --git a/host_vars/owl.adm.crans.org.yml b/host_vars/owl.adm.crans.org.yml
index 3170721e..cb7377df 100644
--- a/host_vars/owl.adm.crans.org.yml
+++ b/host_vars/owl.adm.crans.org.yml
@@ -16,3 +16,11 @@ loc_borg:
   to_exclude:
     - /var/mail
     - /var/lib/lxcfs
+
+loc_restic:
+  config:
+    base:
+      to_exclude:
+        - /var/cache
+        - /var/mail
+        - /var/lib/lxcfs
diff --git a/host_vars/routeur-sam.adm.crans.org/restic.yml b/host_vars/routeur-sam.adm.crans.org/restic.yml
new file mode 100644
index 00000000..08611345
--- /dev/null
+++ b/host_vars/routeur-sam.adm.crans.org/restic.yml
@@ -0,0 +1,8 @@
+---
+loc_restic:
+  config:
+    base:
+      to_backup:
+        - /etc
+        - /home_nounou
+        - /var
diff --git a/host_vars/sam.adm.crans.org.yml b/host_vars/sam.adm.crans.org.yml
index 66942904..cf432bd0 100644
--- a/host_vars/sam.adm.crans.org.yml
+++ b/host_vars/sam.adm.crans.org.yml
@@ -11,6 +11,15 @@ loc_borg:
     - /home_nounou
     - /var
 
+
+loc_restic:
+  config:
+    base:
+      to_backup:
+        - /etc
+        - /home_nounou
+        - /var
+
 loc_slapd:
   ip: "{{ lookup('ldap', 'ip4', 'sam', 'adm') }}"
   replica: true
diff --git a/host_vars/tealc.adm.crans.org.yml b/host_vars/tealc.adm.crans.org.yml
index 52ff43b1..20e4fee5 100644
--- a/host_vars/tealc.adm.crans.org.yml
+++ b/host_vars/tealc.adm.crans.org.yml
@@ -41,6 +41,25 @@ loc_borg:
     - /var
     - /pool/home
 
+loc_restic:
+  config:
+    base:
+      to_backup:
+        - /etc
+        - /var
+    pool:
+      to_exclude:
+        - "*.pyc"
+        - "\\#*\\#"
+        - "*~"
+      to_backup:
+        - /pool/home
+      retention:
+        - [--keep-daily, 4]
+        - [--keep-weekly, 4]
+        - [--keep-monthly, 6]
+      backup_extra_param: " --exclude-if-present .nobackup"
+
 loc_rsyslog_server:
   name: tealc
   root: /pool/logs
diff --git a/host_vars/zamok.adm.crans.org.yml b/host_vars/zamok.adm.crans.org.yml
index 93291237..7088e979 100644
--- a/host_vars/zamok.adm.crans.org.yml
+++ b/host_vars/zamok.adm.crans.org.yml
@@ -19,6 +19,16 @@ loc_borg:
     - /var/lib/lxcfs
     - /var/lib/mysql
 
+loc_restic:
+  config:
+    base:
+      to_exclude:
+        - /var/cache
+        - /var/mail
+        - /var/lib/podman
+        - /var/lib/lxcfs
+        - /var/lib/mysql
+
 loc_thelounge:
   host: "\"{{ lookup('ldap', 'ip4', 'zamok', 'adm') }}\""
   oidentd: "\"/usr/local/lib/thelounge/.oidentd.conf\""
diff --git a/plays/restic_client.yml b/plays/restic_client.yml
index 89e182ad..27fa65a9 100755
--- a/plays/restic_client.yml
+++ b/plays/restic_client.yml
@@ -3,6 +3,6 @@
 
 - hosts: server
   vars:
-    restic: "{{ glob_restic | default({}) | combine(loc_borg | default({})) }}"
+    restic: "{{ glob_restic | default({}) | combine(loc_restic | default({}), recursive=true) }}"
   roles:
     - restic-client
diff --git a/roles/restic-client/handlers/main.yml b/roles/restic-client/handlers/main.yml
index 4da8318a..77496d24 100644
--- a/roles/restic-client/handlers/main.yml
+++ b/roles/restic-client/handlers/main.yml
@@ -1,5 +1,6 @@
 ---
 - name: Restart timer
   service:
-    name: restic-base.timer
+    name: restic-{{ item }}.timer
     state: restarted
+  loop: "{{ restic.config.keys() }}"
diff --git a/roles/restic-client/tasks/main.yml b/roles/restic-client/tasks/main.yml
index 1cc9132a..b5b0be61 100644
--- a/roles/restic-client/tasks/main.yml
+++ b/roles/restic-client/tasks/main.yml
@@ -18,26 +18,45 @@
 
 - name: Deploy restic config
   template:
-    src: "{{ item }}.j2"
-    dest: /etc/{{ item }}
+    src: "restic/base{{ item.1 }}.j2"
+    dest: /etc/restic/{{ item.0 }}{{ item.1 }}
     mode: 0600
     owner: root
     group: root
-  loop:
-    - restic/base.env
-    - restic/base-excludes
-    - restic/base-includes
-    - restic/base-password
-    - restic/base-repo
-    - systemd/system/restic-base.service
-    - systemd/system/restic-base.timer
+  with_nested:
+    - "{{ restic.config }}"
+    - { .env, -excludes, -includes, -password, -repo }
   notify: Restart timer
 
-- name: Init restic repository
+- name: Deploy restic systemd
+  template:
+    src: "systemd/system/restic-base{{ item.1 }}.j2"
+    dest: /etc/systemd/system/restic-{{ item.0 }}{{ item.1 }}
+    mode: 0600
+    owner: root
+    group: root
+  with_nested:
+    - "{{ restic.config }}"
+    - { .service, .timer }
+  notify: Restart timer
+
+- name: Init restic repository (Debian >=12)
   command:
-    cmd: "restic init --repository-file /etc/restic/base-repo --password-file /etc/restic/base-password"
+    cmd: "restic init --repository-file /etc/restic/{{ item }}-repo --password-file /etc/restic/base-password"
   register: restic_init
   ignore_errors: true
+  loop: "{{ restic.config.keys() }}"
+  when:
+    - ansible_facts['distribution_major_version'] >= "12"
+
+- name: Init restic repository (Debian <12)
+  command:
+    cmd: "restic init --repo {{ restic.remote.0 + item }} --password-file /etc/restic/{{ item }}-password"
+  register: restic_init
+  ignore_errors: true
+  loop: "{{ restic.config.keys() }}"
+  when:
+    - ansible_facts['distribution_major_version'] < "12"
 
 - name: Indicate role in motd
   template:
@@ -47,5 +66,6 @@
 
 - name: Enable timer
   service:
-    name: restic-base.timer
+    name: restic-{{ item }}.timer
     enabled: true
+  loop: "{{ restic.config.keys() }}"
diff --git a/roles/restic-client/templates/restic/base-excludes.j2 b/roles/restic-client/templates/restic/base-excludes.j2
index c0f493be..74c44686 100644
--- a/roles/restic-client/templates/restic/base-excludes.j2
+++ b/roles/restic-client/templates/restic/base-excludes.j2
@@ -1,3 +1,3 @@
-{% for dir in restic.to_exclude %}
+{% for dir in restic.config[item.0].to_exclude %}
 {{ dir }}
 {% endfor %}
diff --git a/roles/restic-client/templates/restic/base-includes.j2 b/roles/restic-client/templates/restic/base-includes.j2
index abd7ea10..9e65415d 100644
--- a/roles/restic-client/templates/restic/base-includes.j2
+++ b/roles/restic-client/templates/restic/base-includes.j2
@@ -1,3 +1,3 @@
-{% for dir in restic.to_backup %}
+{% for dir in restic.config[item.0].to_backup %}
 {{ dir }}
 {% endfor %}
diff --git a/roles/restic-client/templates/restic/base-password.j2 b/roles/restic-client/templates/restic/base-password.j2
index 1d8595e8..71801274 100644
--- a/roles/restic-client/templates/restic/base-password.j2
+++ b/roles/restic-client/templates/restic/base-password.j2
@@ -1 +1 @@
-{{ vault.restic[ansible_hostname].repo_password }}
+{{ vault.restic[ansible_hostname].repo_password[item.0] }}
diff --git a/roles/restic-client/templates/restic/base-repo.j2 b/roles/restic-client/templates/restic/base-repo.j2
index 30fda05f..405c63a1 100644
--- a/roles/restic-client/templates/restic/base-repo.j2
+++ b/roles/restic-client/templates/restic/base-repo.j2
@@ -1,3 +1,3 @@
 {% for repo in restic.remote %}
-{{ repo }}
+{{ repo }}{{ item.0 }}
 {% endfor %}
diff --git a/roles/restic-client/templates/restic/base.env.j2 b/roles/restic-client/templates/restic/base.env.j2
index 8b7a1504..61cdf890 100644
--- a/roles/restic-client/templates/restic/base.env.j2
+++ b/roles/restic-client/templates/restic/base.env.j2
@@ -1,7 +1,11 @@
 {{ ansible_header | comment }}
 
-RESTIC_REPOSITORY_FILE="/etc/restic/base-repo"
-RESTIC_PASSWORD_FILE="/etc/restic/base-password"
+{% if ansible_facts['distribution_major_version'] >= "12" %}
+RESTIC_REPOSITORY_FILE="/etc/restic/{{ item.0 }}-repo"
+{% else %}
+RESTIC_REPOSITORY="{{ restic.remote.0 + item.0 }}"
+{% endif %}
+RESTIC_PASSWORD_FILE="/etc/restic/{{ item.0 }}-password"
 
 RESTIC_CACHE_DIR="/var/cache/restic"
 RESTIC_COMPRESSION="max"
diff --git a/roles/restic-client/templates/systemd/system/restic-base.service.j2 b/roles/restic-client/templates/systemd/system/restic-base.service.j2
index 671871fc..ba9e831c 100644
--- a/roles/restic-client/templates/systemd/system/restic-base.service.j2
+++ b/roles/restic-client/templates/systemd/system/restic-base.service.j2
@@ -5,9 +5,9 @@ After=network-online.target
 Wants=network-online.target
 
 [Service]
-EnvironmentFile=/etc/restic/base.env
-ExecStart=restic backup --files-from=/etc/restic/base-includes --exclude-file=/etc/restic/base-excludes
-ExecStart=restic forget --prune --keep-daily 2 --keep-weekly 2 --keep-monthly 2 --keep-yearly 1
+EnvironmentFile=/etc/restic/{{ item.0 }}.env
+ExecStart=restic backup --files-from=/etc/restic/{{ item.0 }}-includes --exclude-file=/etc/restic/{{ item.0 }}-excludes{{ restic.config[item.0].backup_extra_param | default("") }}
+ExecStart=restic forget --prune{% for freq, n in restic.config[item.0].retention %} {{ freq }} {{ n }}{% endfor %}
 
 Type=oneshot
 User=root
diff --git a/roles/restic-client/templates/systemd/system/restic-base.timer.j2 b/roles/restic-client/templates/systemd/system/restic-base.timer.j2
index 4aad3f85..d7583d82 100644
--- a/roles/restic-client/templates/systemd/system/restic-base.timer.j2
+++ b/roles/restic-client/templates/systemd/system/restic-base.timer.j2
@@ -3,7 +3,7 @@
 [Unit]
 
 [Timer]
-OnCalendar={{ 24 | random(seed=inventory_hostname) }}:{{ 60 | random(seed=inventory_hostname) }}
+OnCalendar={{ 24 | random(seed=inventory_hostname+item.0) }}:{{ 60 | random(seed=inventory_hostname+item.0) }}
 Persistent=true
 
 [Install]