diff --git a/roles/any.software.baikal-podman/files/baikal.Caddyfile b/roles/any.software.baikal-podman/files/baikal.Caddyfile
new file mode 100644
index 0000000..0a8be0a
--- /dev/null
+++ b/roles/any.software.baikal-podman/files/baikal.Caddyfile
@@ -0,0 +1,5 @@
+dav.roosens.me {
+    reverse_proxy localhost:8005 {
+        header_down +X-Robots-Tag "none"
+    }
+}
diff --git a/roles/any.software.baikal-podman/files/baikal.backup.sh b/roles/any.software.baikal-podman/files/baikal.backup.sh
new file mode 100644
index 0000000..a8e5e71
--- /dev/null
+++ b/roles/any.software.baikal-podman/files/baikal.backup.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+data_dir='/mnt/data1/baikal'
+snapshot_dir="${data_dir}.snapshot"
+
+# Read-only snapshot for atomic backup
+btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $?
+
+/usr/local/bin/restic backup "$snapshot_dir"
+
+# Always remove snapshot subvolume, even if restic fails
+btrfs subvolume delete "$snapshot_dir"
diff --git a/roles/any.software.baikal-podman/handlers/main.yml b/roles/any.software.baikal-podman/handlers/main.yml
new file mode 100644
index 0000000..907b3c4
--- /dev/null
+++ b/roles/any.software.baikal-podman/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+- name: 'restart baikal'
+  ansible.builtin.systemd_service:
+    name: 'baikal'
+    state: 'restarted'
+
+    scope: 'user'
+    daemon_reload: true
diff --git a/roles/any.software.baikal-podman/meta/main.yml b/roles/any.software.baikal-podman/meta/main.yml
new file mode 100644
index 0000000..32c83bc
--- /dev/null
+++ b/roles/any.software.baikal-podman/meta/main.yml
@@ -0,0 +1,4 @@
+---
+dependencies:
+  - role: any.tools.caddy
+    become: true
diff --git a/roles/any.software.baikal-podman/tasks/main.yml b/roles/any.software.baikal-podman/tasks/main.yml
new file mode 100644
index 0000000..5a184c9
--- /dev/null
+++ b/roles/any.software.baikal-podman/tasks/main.yml
@@ -0,0 +1,39 @@
+---
+- name: Ensure data directories are present
+  ansible.builtin.file:
+    path: '{{ item }}'
+    state: directory
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+  become: true
+  loop:
+    - '{{ baikal_specific_dir }}'
+    - '{{ baikal_config_dir }}'
+
+- name: Ensure Quadlet files are present
+  ansible.builtin.template:
+    src: "baikal.container.j2"
+    dest: "/home/debian/.config/containers/systemd/baikal.container"
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+  notify: 'restart baikal'
+
+- name: Ensure Caddyfile is present
+  ansible.builtin.copy:
+    src: 'baikal.Caddyfile'
+    dest: '/etc/caddy/baikal.Caddyfile'
+    owner: root
+    group: root
+    mode: '0644'
+  become: true
+  notify: 'reload caddy'
+
+# - name: Ensure backup script is present
+#   ansible.builtin.copy:
+#     src: 'baikal.backup.sh'
+#     dest: '/etc/backups/baikal.backup.sh'
+#     owner: 'root'
+#     group: 'root'
+#     mode: '0644'
diff --git a/roles/any.software.baikal-podman/templates/baikal.container.j2 b/roles/any.software.baikal-podman/templates/baikal.container.j2
new file mode 100644
index 0000000..3d91d93
--- /dev/null
+++ b/roles/any.software.baikal-podman/templates/baikal.container.j2
@@ -0,0 +1,14 @@
+# vim: ft=systemd
+[Container]
+Image=docker.io/ckulka/baikal:0.9.4-nginx
+
+PublishPort=127.0.0.1:8005:80
+
+Volume={{ baikal_config_dir }}:/var/www/baikal/config
+Volume={{ baikal_specific_dir }}:/var/www/baikal/Specific
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=default.target