diff --git a/modules/servers/per-server/bragi/secrets.nix b/modules/servers/per-server/bragi/secrets.nix
index 06b7035..fb99c72 100644
--- a/modules/servers/per-server/bragi/secrets.nix
+++ b/modules/servers/per-server/bragi/secrets.nix
@@ -7,6 +7,9 @@
       navidrome = {
         file = ../../../../secrets/navidrome.age;
       };
+      attic-env = {
+        file = ../../../../secrets/attic-env.age;
+      };
     };
   };
 }
diff --git a/modules/servers/per-server/bragi/services/attic.nix b/modules/servers/per-server/bragi/services/attic.nix
new file mode 100644
index 0000000..ce5ab84
--- /dev/null
+++ b/modules/servers/per-server/bragi/services/attic.nix
@@ -0,0 +1,47 @@
+{config, ...}: {
+  # imports = [inputs.attic.nixosModules.atticd];
+
+  services.atticd = {
+    enable = true;
+
+    environmentFile = "${config.age.secrets.attic-env.path}";
+
+    settings = {
+      listen = "127.0.0.1:8484";
+
+      api-endpoint = "https://cache.cronyakatsuki.xyz/";
+
+      storage = {
+        type = "s3";
+        region = "us-east-005";
+        bucket = "76302220-b368-4328-b566-2a038235b314--attic";
+        endpoint = "s3.us-east-005.backblazeb2.com";
+      };
+
+      jwt = {};
+      chunking = {
+        nar-size-threshold = 64 * 1024; # 64 KiB
+        min-size = 16 * 1024; # 16 KiB
+        avg-size = 64 * 1024; # 64 KiB
+        max-size = 256 * 1024; # 256 KiB
+      };
+    };
+  };
+
+  services.traefik.dynamicConfigOptions.http = {
+    services.attic.loadBalancer.servers = [
+      {
+        url = "http://localhost:8484";
+      }
+    ];
+
+    routers.attic = {
+      rule = "Host(`cache.cronyakatsuki.xyz`)";
+      tls = {
+        certResolver = "porkbun";
+      };
+      service = "attic";
+      entrypoints = "websecure";
+    };
+  };
+}
diff --git a/secrets/attic-env.age b/secrets/attic-env.age
new file mode 100644
index 0000000..dc07492
Binary files /dev/null and b/secrets/attic-env.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index c1093fa..3226494 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -47,4 +47,5 @@ in {
   "linkwarden-db.age".publicKeys = systems ++ users;
   "paperless-ngx.age".publicKeys = systems ++ users;
   "forgejo-runner-token.age".publicKeys = systems ++ users;
+  "attic-env.age".publicKeys = systems ++ users;
 }