diff --git a/backup.nix b/backup.nix
new file mode 100644
index 0000000..73d3084
--- /dev/null
+++ b/backup.nix
@@ -0,0 +1,41 @@
+{ config, pkgs, ... }:
+
+let
+  user = "misskey-backup";
+  group = user;
+
+  # shell script file to be sourced. must have values "MISSKEY_BACKUP_BUCKET" "MISSKEY_BACKUP_PREFIX" and "S3CFG"
+  backupConfigFile = "/etc/misskey-backup";
+  backupScript = pkgs.writeShellApplication {
+    name = "misskey-backup";
+
+    runtimeInputs = with pkgs; [
+      gzip
+      config.services.postgresql.package
+      s3cmd
+      coreutils
+    ];
+
+    extraShellCheckFlags = [ "-x" "/etc/misskey-backup" ];
+
+    text = ''
+      source "${backupConfigFile}"
+      pg_dump misskey | gzip | s3cmd put --config "$S3CFG" - "s3://$MISSKEY_BACKUP_BUCKET/$MISSKEY_BACKUP_PREFIX/misskey-pgdump-$(date --iso-8601).sql.gz"
+    '';
+  };
+in {
+  users.users."${user}" = {
+    isSystemUser = true;
+    inherit group;
+  };
+  users.groups."${group}" = { };
+  services.postgresql.ensureUsers = [{ name = user; }];
+
+  services.cron = {
+    enable = true;
+    systemCronJobs = [
+      # run every monday at ass in the morning, EST"
+      "0 8 0 0 1 ${user} ${backupScript}"
+    ];
+  };
+}
diff --git a/configuration.nix b/configuration.nix
index bd7a164..835906f 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -6,6 +6,7 @@
     ./ogdo.nix
     ./postfix.nix
     ./nebula.nix
+    ./backup.nix
   ];
 
   nix.settings = {