diff --git a/modules/blocks/monitoring.nix b/modules/blocks/monitoring.nix
index 7d813ec..ca2630f 100644
--- a/modules/blocks/monitoring.nix
+++ b/modules/blocks/monitoring.nix
@@ -1,4 +1,4 @@
-{ config, options, pkgs, lib, ... }:
+{ config, pkgs, lib, ... }:
 
 let
   cfg = config.shb.monitoring;
diff --git a/modules/blocks/restic.nix b/modules/blocks/restic.nix
index 24014b3..1eb82d4 100644
--- a/modules/blocks/restic.nix
+++ b/modules/blocks/restic.nix
@@ -13,6 +13,28 @@ let
       type = lib.types.path;
     };
 
+    user = lib.mkOption {
+      description = ''
+        Unix user doing the backups.
+
+        For Restic, the same user must be used for all instances.
+      '';
+      type = lib.types.str;
+      readOnly = true;
+      default = cfg.user;
+    };
+
+    group = lib.mkOption {
+      description = ''
+        Unix group doing the backups.
+
+        For Restic, the same group must be used for all instances.
+      '';
+      type = lib.types.str;
+      readOnly = true;
+      default = cfg.group;
+    };
+
     sourceDirectories = lib.mkOption {
       description = "Source directories.";
       type = lib.types.nonEmptyListOf lib.types.str;
@@ -154,6 +176,17 @@ in
       enabledInstances = lib.attrsets.filterAttrs (k: i: i.enable) cfg.instances;
     in lib.mkMerge [
       {
+        assertions = [
+          {
+            assertion = lib.all (x: x.user == cfg.user) (lib.mapAttrsToList (n: v: v)cfg.instances);
+            message = "All Restic instances must have the same user as 'shb.restic.user'.";
+          }
+          {
+            assertion = lib.all (x: x.group == cfg.group) (lib.mapAttrsToList (n: v: v) cfg.instances);
+            message = "All Restic instances must have the same group as 'shb.restic.group'.";
+          }
+        ];
+
         users.users = {
           ${cfg.user} = {
             name = cfg.user;
diff --git a/modules/services/arr.nix b/modules/services/arr.nix
index 3cbb4cc..2452794 100644
--- a/modules/services/arr.nix
+++ b/modules/services/arr.nix
@@ -1,4 +1,4 @@
-{ config, options, pkgs, lib, ... }:
+{ config, pkgs, lib, ... }:
 
 let
   cfg = config.shb.arr;
diff --git a/modules/services/nextcloud-server.nix b/modules/services/nextcloud-server.nix
index c252164..7e0f7a4 100644
--- a/modules/services/nextcloud-server.nix
+++ b/modules/services/nextcloud-server.nix
@@ -1,8 +1,7 @@
-{ config, options, pkgs, lib, ... }:
+{ config, pkgs, lib, ... }:
 
 let
   cfg = config.shb.nextcloud;
-  opt = options.shb.nextcloud;
 
   fqdn = "${cfg.subdomain}.${cfg.domain}";
   fqdnWithPort = if isNull cfg.port then fqdn else "${fqdn}:${toString cfg.port}";