diff --git a/modules/services/restic/restic.nix b/modules/services/restic/restic.nix
index 8f5c9f4..f624feb 100644
--- a/modules/services/restic/restic.nix
+++ b/modules/services/restic/restic.nix
@@ -21,17 +21,29 @@
         };
       };
 
-      config = {
+      config = let
+        resticRepository = "rest:https://soteria.john-stream.com/${cfg.repoName}";
+        caCert = "${config.mtls.certDir}/root_ca.crt";
+        mtlsClientCert = "${config.mtls.certDir}/${config.mtls.bundleFilename}";
+      in
+      {
+        home.sessionVariables = {
+          RESTIC_REPOSITORY = resticRepository;
+          RESTIC_PASSWORD_FILE = cfg.passwordFile;
+          RESTIC_CACERT = caCert;
+          RESTIC_TLS_CLIENT_CERT = mtlsClientCert;
+        };
+
         services.restic = {
           enable = true;
           backups.${cfg.repoName} = {
+            repository = resticRepository;
             passwordFile = cfg.passwordFile;
-            paths = cfg.paths;
-            repository = "rest:https://soteria.john-stream.com/${cfg.repoName}";
             extraBackupArgs = [
-              "--tls-client-cert ${config.mtls.certDir}/${config.mtls.bundleFilename}"
-              "--cacert ${config.mtls.certDir}/root_ca.crt"
+              "--tls-client-cert ${mtlsClientCert}"
+              "--cacert ${caCert}"
             ];
+            paths = cfg.paths;
             timerConfig = {
               OnCalendar = "00:05";
               Persistent = true;