diff --git a/hosts.ini b/hosts.ini
index 3ec182c..a7f8161 100644
--- a/hosts.ini
+++ b/hosts.ini
@@ -23,3 +23,6 @@
 
 [matrix]
 192.168.0.2 static_ip=192.168.0.2
+
+[atuin-server]
+192.168.0.2 static_ip=192.168.0.2
diff --git a/roles/atuin-server-web/meta/main.yml b/roles/atuin-server-web/meta/main.yml
new file mode 100644
index 0000000..1dbd0f6
--- /dev/null
+++ b/roles/atuin-server-web/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: caddy
diff --git a/roles/atuin-server-web/tasks/main.yml b/roles/atuin-server-web/tasks/main.yml
new file mode 100644
index 0000000..42fbe00
--- /dev/null
+++ b/roles/atuin-server-web/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+- name: Ensure Caddyfile is present
+  template:
+    src: 'atuin-server.Caddyfile.j2'
+    dest: '/etc/caddy/atuin-server.Caddyfile'
+    owner: root
+    group: root
+    mode: '0644'
+  notify: caddy-reload
diff --git a/roles/atuin-server-web/templates/atuin-server.Caddyfile.j2 b/roles/atuin-server-web/templates/atuin-server.Caddyfile.j2
new file mode 100644
index 0000000..01b7342
--- /dev/null
+++ b/roles/atuin-server-web/templates/atuin-server.Caddyfile.j2
@@ -0,0 +1,3 @@
+atuin.roosens.me {
+    reverse_proxy {{ hostvars[groups['atuin-server'][0]].static_ip }}:8009
+}
diff --git a/roles/atuin-server/files/atuin-server.backup.sh b/roles/atuin-server/files/atuin-server.backup.sh
new file mode 100644
index 0000000..2dacdc1
--- /dev/null
+++ b/roles/atuin-server/files/atuin-server.backup.sh
@@ -0,0 +1,5 @@
+cd /etc/atuin
+
+/usr/bin/docker compose exec -T db pg_dump -U atuin atuin |
+    /usr/bin/gzip --rsyncable |
+    /usr/local/bin/restic backup --stdin --stdin-filename atuin-server-postgres.sql.gz
diff --git a/roles/atuin-server/files/atuin-server.service b/roles/atuin-server/files/atuin-server.service
new file mode 100644
index 0000000..a016890
--- /dev/null
+++ b/roles/atuin-server/files/atuin-server.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Sync server for Atuin
+After=docker.target 
+Requires=docker.target
+
+[Service]
+Type=exec
+User=atuin
+Group=atuin
+WorkingDirectory=/etc/atuin
+ExecStart=/usr/bin/docker compose up
+ExecStop=/usr/bin/docker compose down
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/atuin-server/files/compose.yml b/roles/atuin-server/files/compose.yml
new file mode 100644
index 0000000..f8b3167
--- /dev/null
+++ b/roles/atuin-server/files/compose.yml
@@ -0,0 +1,33 @@
+# vim: ft=yaml
+version: '3'
+
+services:
+  app:
+    image: 'ghcr.io/atuinsh/atuin:18.3.0'
+    command: 'server start'
+    restart: 'always'
+
+    ports:
+      - '8009:8888'
+    volumes:
+      - '/etc/atuin/server.toml:/config/server.toml'
+
+    depends_on:
+      db:
+        condition: service_healthy
+
+  db:
+    image: 'postgres:16.4-alpine'
+    restart: 'always'
+
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "atuin"]
+      interval: 10s
+      start_period: 30s
+
+    environment:
+      - POSTGRES_USER=atuin
+      - POSTGRES_PASSWORD=atuin
+      - POSTGRES_DB=atuin
+    volumes:
+      - /mnt/data1/atuin-server/postgres:/var/lib/postgresql/data
diff --git a/roles/atuin-server/files/server.toml b/roles/atuin-server/files/server.toml
new file mode 100644
index 0000000..e1e96bc
--- /dev/null
+++ b/roles/atuin-server/files/server.toml
@@ -0,0 +1,4 @@
+host = "0.0.0.0"
+port = 8888
+open_registration = true
+db_uri = "postgres://atuin:atuin@db/atuin"
diff --git a/roles/atuin-server/handlers/main.yml b/roles/atuin-server/handlers/main.yml
new file mode 100644
index 0000000..b1ce6df
--- /dev/null
+++ b/roles/atuin-server/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: 'restart atuin-server'
+  ansible.builtin.service:
+    name: 'atuin-server'
+    state: 'restarted'
diff --git a/roles/atuin-server/tasks/main.yml b/roles/atuin-server/tasks/main.yml
new file mode 100644
index 0000000..a7963c0
--- /dev/null
+++ b/roles/atuin-server/tasks/main.yml
@@ -0,0 +1,65 @@
+---
+- name: Ensure data directory is present
+  ansible.builtin.file:
+    path: '/mnt/data1/atuin-server'
+    state: directory
+    mode: '0755'
+    owner: 'root'
+    group: 'root'
+
+- name: Ensure data subvolumes are present
+  community.general.btrfs_subvolume:
+    name: '/atuin-server/{{ item }}'
+  with_items:
+    - 'postgres'
+
+- name: Ensure configuration directory is present
+  ansible.builtin.file:
+    path: '/etc/atuin'
+    state: directory
+    mode: '0755'
+
+- name: Ensure compose file is present
+  ansible.builtin.copy:
+    src: 'compose.yml'
+    dest: '/etc/atuin/compose.yml'
+    mode: '0644'
+    owner: 'root'
+    group: 'root'
+  notify: 'restart atuin-server'
+
+- name: Ensure config file is present
+  ansible.builtin.copy:
+    src: 'server.toml'
+    dest: '/etc/atuin/server.yml'
+    mode: '0644'
+    owner: 'root'
+    group: 'root'
+  notify: 'restart atuin-server'
+
+- name: Ensure backup script is present
+  ansible.builtin.copy:
+    src: 'atuin-server.backup.sh'
+    dest: '/etc/backups/atuin-server.backup.sh'
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+
+- name: Ensure service file is present
+  ansible.builtin.copy:
+    src: 'atuin-server.service'
+    dest: '/lib/systemd/system/atuin-server.service'
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+  register: res
+
+- name: systemd-reload
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+  when: 'res.changed'
+
+- name: Ensure atuin-server service is enabled
+  ansible.builtin.service:
+    name: 'atuin-server'
+    enabled: true