diff --git a/restic/docker-compose.yml b/restic/docker-compose.yml
new file mode 100644
index 0000000..0b70399
--- /dev/null
+++ b/restic/docker-compose.yml
@@ -0,0 +1,89 @@
+version: '3'
+
+services:
+  backup:
+    image: mazzolino/restic:1.7.1
+    container_name: restic-backup
+    restart: unless-stopped
+    networks:
+      - private
+    hostname: docker
+    volumes:
+      - {$HOME}/services/nextcloud:/source/nextcloud:ro
+      - /etc:/source/etc:ro
+    environment:
+      RUN_ON_STARTUP: 'true'
+      BACKUP_CRON: '0 30 3 * * *' # backups run every day at 03:30
+      RESTIC_REPOSITORY: b2:/run/secrets/b2_bucket
+      RESTIC_PASSWORD: /run/secrets/restic_password
+      RESTIC_BACKUP_SOURCES: /source
+      RESTIC_BACKUP_ARGS: >-
+        --tag docker-volumes
+        --exclude-file=/etc/restic/excludes.txt
+        --verbose
+      RESTIC_FORGET_ARGS: >-
+        --keep-last 10
+        --keep-daily 7
+        --keep-weekly 5
+        --keep-monthly 12
+      B2_ACCOUNT_ID: /run/secrets/b2_account_id
+      B2_ACCOUNT_KEY: /run/secrets/b2_account_key
+      TZ: 'Europe/Berlin'
+    secrets:
+      - b2_bucket
+      - restic_password
+      - b2_account_id
+      - b2_account_key
+
+  prune:
+    image: mazzolino/restic:1.7.1
+    container_name: restic-prune
+    restart: unless-stopped
+    hostname: docker
+    environment:
+      RUN_ON_STARTUP: 'false'
+      PRUNE_CRON: '0 0 4 * * *' # prune runs every day at 04:00
+      RESTIC_REPOSITORY: b2:/run/secrets/b2_bucket
+      RESTIC_PASSWORD: /run/secrets/restic_password
+      B2_ACCOUNT_ID: /run/secrets/b2_account_id
+      B2_ACCOUNT_KEY: /run/secrets/b2_account_key
+      TZ: 'Europe/Berlin'
+    secrets:
+      - b2_bucket
+      - restic_password
+      - b2_account_id
+      - b2_account_key
+
+  check:
+    image: mazzolino/restic:1.7.1
+    container_name: restic-check
+    restart: unless-stopped
+    hostname: docker
+    environment:
+      RUN_ON_STARTUP: 'false'
+      CHECK_CRON: '0 30 4 * * *' # check runs every day at 04:30
+      RESTIC_CHECK_ARGS: >-
+        --read-data-subset=10%
+      RESTIC_REPOSITORY: b2:/run/secrets/b2_bucket
+      RESTIC_PASSWORD: /run/secrets/restic_password
+      B2_ACCOUNT_ID: /run/secrets/b2_account_id
+      B2_ACCOUNT_KEY: /run/secrets/b2_account_key
+      TZ: 'Europe/Berlin'
+    secrets:
+      - b2_bucket
+      - restic_password
+      - b2_account_id
+      - b2_account_key
+
+networks:
+  private: {}
+
+secrets:
+  restic_password:
+    file: /etc/secure_config/.restic_password.txt
+  b2_account_id:
+    file: /etc/secure_config/.b2_account_id.txt
+  b2_account_key:
+    file: /etc/secure_config/.b2_account_key.txt
+  b2_bucket:
+    file: /etc/secure_config/.b2_bucket.txt
\ No newline at end of file