diff --git a/home-manager/profiles/management.nix b/home-manager/profiles/management.nix
index 205e4cf..06fdc94 100644
--- a/home-manager/profiles/management.nix
+++ b/home-manager/profiles/management.nix
@@ -20,6 +20,7 @@ in
       pkgs.exercism
       pkgs.git
       pkgs.nix-tree
+      pkgs.unstable.attic-client
       unlock-luks
     ];
     shellAliases = {
diff --git a/lib/mk_computer.nix b/lib/mk_computer.nix
index 1d11e50..585607d 100644
--- a/lib/mk_computer.nix
+++ b/lib/mk_computer.nix
@@ -47,6 +47,7 @@ inputs.nixpkgs.lib.nixosSystem {
     "${inputs.self}/modules"
 
     inputs.agenix.nixosModules.age
+    inputs.attic.nixosModules.atticd
     {
       environment.systemPackages = [ inputs.agenix.packages.${system}.default ];
       az-username = username;
diff --git a/lib/mk_raspi.nix b/lib/mk_raspi.nix
index d93a14f..4bb2d11 100644
--- a/lib/mk_raspi.nix
+++ b/lib/mk_raspi.nix
@@ -54,6 +54,7 @@ inputs.nixpkgs.lib.nixosSystem {
     "${inputs.self}/modules"
 
     inputs.agenix.nixosModules.age
+    inputs.attic.nixosModules.atticd
     {
       environment.systemPackages = [ inputs.agenix.packages.${system}.default ];
       az-username = username;
diff --git a/modules/default.nix b/modules/default.nix
index 7214dbf..a64b586 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -21,6 +21,7 @@
     ./programs/restic-management
     ./programs/scripts
     ./programs/steam
+    ./services/attic
     ./services/common-x86
     ./services/data-share
     ./services/docker
diff --git a/modules/misc/common/default.nix b/modules/misc/common/default.nix
index 9daa70c..41dad95 100644
--- a/modules/misc/common/default.nix
+++ b/modules/misc/common/default.nix
@@ -138,11 +138,13 @@
         "https://nix-community.cachix.org"
         "https://cache.nixos.org"
         "https://devenv.cachix.org"
+        "http://management.2li.local:8080/prod"
       ];
       trusted-public-keys = [
         "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
         "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
         "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
+        "prod:46pIZhqoueg1P4IPp8ciArCUgSXWJZAq63CwLTQN/uA="
       ];
       min-free = 1000000000;
       max-free = 10000000000;
diff --git a/modules/services/attic/default.nix b/modules/services/attic/default.nix
new file mode 100644
index 0000000..16725f0
--- /dev/null
+++ b/modules/services/attic/default.nix
@@ -0,0 +1,75 @@
+{
+  config,
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.az-attic-server;
+  cacheStorage = "/mnt/binary-cache";
+  atticPort = 8080;
+in
+{
+  options = {
+    services.az-attic-server.enable = lib.mkEnableOption "Enable attic server and related services";
+  };
+
+  config = lib.mkIf cfg.enable {
+    age.secrets.atticEnv = {
+      file = "${inputs.self}/scrts/attic_env.age";
+      mode = "600";
+      owner = "65312";
+      group = "65312";
+    };
+    fileSystems."${cacheStorage}" = {
+      device = "10.7.89.108:binary-cache";
+      fsType = "nfs";
+      options = [
+        "hard"
+        "noatime"
+        "rw"
+      ];
+    };
+    environment.systemPackages = [ pkgs.unstable.attic-client ];
+
+    networking.firewall.allowedTCPPorts = [ atticPort ];
+    services.atticd = {
+      enable = true;
+      credentialsFile = config.age.secrets.atticEnv.path;
+      settings = {
+        listen = "[::]:${toString atticPort}";
+        api-endpoint = "http://management.2li.local/";
+        allowed-hosts = [ ];
+        storage = {
+          type = "local";
+          path = "${cacheStorage}";
+        };
+        chunking = {
+          nar-size-threshold = 64 * 1024; # 64 KiB
+          # The preferred minimum size of a chunk, in bytes
+          min-size = 16 * 1024; # 16 KiB
+          # The preferred average size of a chunk, in bytes
+          avg-size = 64 * 1024; # 64 KiB
+          # The preferred maximum size of a chunk, in bytes
+          max-size = 256 * 1024; # 256 KiB
+        };
+        database.url = "postgresql:///atticd?host=/run/postgresql";
+        garbage-collection = {
+          interval = "24h";
+          default-retention-period = "6 months";
+        };
+      };
+    };
+    services.postgresql = {
+      enable = true;
+      ensureUsers = [
+        {
+          name = "atticd";
+          ensureDBOwnership = true;
+        }
+      ];
+      ensureDatabases = [ "atticd" ];
+    };
+  };
+}
diff --git a/scrts/attic_env.age b/scrts/attic_env.age
new file mode 100644
index 0000000..e2cca19
--- /dev/null
+++ b/scrts/attic_env.age
@@ -0,0 +1,35 @@
+age-encryption.org/v1
+-> ssh-rsa 7S8lxw
+JK2+T8L5jPVphZu1yDWgrLBE969FLg5tW0laWB73xT4skMxRin5zgUfCKP8ltM5d
+iR7IxbcXzGkNYl8MJIfWvwqQmyFe+MsYYIzoqwN0XPlzjRlVfaCQYikgDxDraplP
+dWfUr5JihIq/aMhLzKgJPVjl5N/yc2JxBk+bIydaSCg2WppVWzaUGSD5B4WZFeGB
+JR7pyRhYbDU96JqXIVl3IGl8YgWYHbIQRguoktFYitLF+CNx8ntA5t3oucsTazOP
+I3XnItzlFT/KIzI47VcIOdTWg/g0VW8ryTiylF452HD2OXq2p2UioAcB8GxS4Ws7
+FtJNvmFibI/tt7LGc56Ta8KVq8FySSo+/J+XcEVcgYw/j+oTtG9zDE/aDXCM2DJT
+0hIAx/7uxiFdv92Udy/TRjgVoFLGowEXkdYzRWFqzgtyw7BarE4aFIcshoBO4zNZ
+p5b5IRwpd0m0tiBjDbgWZk/OsBfEYxczYV11Um440tGhYwZOK8Ha7SxgGmUbjitt
+
+-> ssh-ed25519 Xj0rlw KCPa3OySLuUPtOCM09eZdEgYqQos5UMvFk9s7VtE/1A
+vJj8mS8DCz3rD7CSy2Pv1y+qE2FzYqUPzlw43yCA1Gc
+-> ssh-rsa Ws+JZA
+jOFVlB3bPA46otF2tIJBS9ttSSMk8aaYndsFfxVkblZN7DRGtE4Tr/Lo4FH040yv
+lzuvASpQgpBJ0+HQobhNdeYHGsgtNuMIgzCRdDoZ81jKlboll0LpjxwyRtvxPLUN
+g3XbOZD1YFDZkqJxvm0AczBrEpBSaZGuML3XFXVPXPnHZP6aCnt/alGjSlw2DivR
+AnD0rTOnTv5wa5xqMw2wCTH9Z9LHuGt2HpMO05AgPOGV3H7vQSrTc1RD2eJeXTqB
+mf4CJiB5T4Phfq0Qk9nipw749C6K4CYp8zmJhFLbajw0cKbPjymucdP2xmYQHAJw
+xFqiw2x8P3cf4l3fTAEikGTXzUNxhPnyZTVxSdLzRSu6POE2ETxitJAS7AkzkjPv
+0+y4EVRbSLhEN64V8UkVUl/mKUAWCSpOjnRFSKpw4ncely4SP9szsD72lamaVPgr
+wRJBHK/WVxIdlOvSf8CLKWKTr92N/F+Y+09aFoyqZLMAsk6MArsdpX0+Fm5UE1Hc
+
+-> ssh-ed25519 skmU/w lCetiZmPi4xLEb2nCn2KrsFmux1O7WUlnxiL5U4xbh0
+Zc0e2tlBo9OcS573pI8mR4Lu4NAX8dgnvOd71bAB/a8
+-> ssh-ed25519 YoupUg kYVqQmUTUQ1ynNWosiCLHgnNvXLp6nbyVkK8eshyxW0
+rSpyW+3KOls4TwQhDbx6FhtW5v5OiGl6xSuTMT+kk8M
+-> ssh-ed25519 KXqA9w OdrpyguIFQxu00qlsODcVBcw5nOUQTxNFfIIDkvB0n0
+tvoYs/hoLqUiVpaFEl7dYdqsO4H7MCSSmWVh0pfrqbk
+-> ssh-ed25519 O6+Deg ADHvSzstkZmgduyHRgMWXoL7LpEygDO3cl1DIKDtWHs
+n3bBt5fih3O2v5S3+MnaIytPi2UTqDddr9bvVEFBqQQ
+--- JjLEt5SJfC5hlZD2VP+UWW6f0ROdWVuNcfbDOSG5PLw
+�gQ�
+��"�������|>"v��x�l��*e7���'��ʜ�����L��v+�x	a�ݞaGH�,���c�!��<�:ޝ����F�6���H[�,�o�ρ"�TJ�I�c{�#v�G���Q��%�|.
+)�ș����'c���'�y��
u�&��	��k
\ No newline at end of file
diff --git a/scrts/secrets.nix b/scrts/secrets.nix
index 99688ec..07f47a8 100644
--- a/scrts/secrets.nix
+++ b/scrts/secrets.nix
@@ -46,6 +46,7 @@ let
   all = users ++ systems;
 in
 {
+  "attic_env.age".publicKeys = defaultKeys;
   "dkim_2li.ch.age".publicKeys = defaultKeys ++ [ mail ];
   "dkim_zweili.ch.age".publicKeys = defaultKeys ++ [ mail ];
   "freshrss_db_pass.age".publicKeys = defaultKeys ++ [ ttrss ];
diff --git a/systems/management/default.nix b/systems/management/default.nix
index 51b331b..9b0c835 100644
--- a/systems/management/default.nix
+++ b/systems/management/default.nix
@@ -12,6 +12,7 @@
   # Features
   profiles.az-server.enable = true;
   services = {
+    az-attic-server.enable = true;
     az-data-share.enable = true;
     az-docker.enable = true;
     az-logs-share.enable = true;