diff --git a/.github/workflows/deploy-to-node.yaml b/.github/workflows/deploy-to-node.yaml
index 70c4b2ea..88aa72f2 100644
--- a/.github/workflows/deploy-to-node.yaml
+++ b/.github/workflows/deploy-to-node.yaml
@@ -33,6 +33,9 @@ jobs:
       WEB_EMAIL_SERVER_PORT: ${{ secrets.DEV_WEB_EMAIL_SERVER_PORT }}
       WEB_EMAIL_SERVER_USER: ${{ secrets.DEV_WEB_EMAIL_SERVER_USER }}
       WEB_NEXTAUTH_SECRET: ${{ secrets.DEV_WEB_NEXTAUTH_SECRET }}
+      S3_BUCKET_NAME: ${{ secrets.S3_BUCKET_NAME }}
+      AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }}
+      AWS_SECRET_KEY: ${{ secrets.AWS_SECRET_KEY }}
     steps:
       - name: Checkout
         uses: actions/checkout@v2
diff --git a/ansible/deploy-to-node.yaml b/ansible/deploy-to-node.yaml
index 66f25567..d8b2e24a 100644
--- a/ansible/deploy-to-node.yaml
+++ b/ansible/deploy-to-node.yaml
@@ -78,6 +78,30 @@
         - name: backend
         - name: web
 
+    - name: Copy pgbackrest.conf to managed node
+      ansible.builtin.copy:
+        src: ./pgbackrest.conf
+        dest: "./{{ stack_name }}/pgbackrest.conf"
+        mode: 0644
+
+    - name: Create pgbackrest container
+      community.docker.docker_container:
+        name: "oasst-{{ stack_name }}-pgbackrest"
+        image: woblerr/pgbackrest:2.43
+        state: "{{ 'started' if stack_name == 'production' else 'absent' }}"
+        restart_policy: always
+        network_mode: "oasst-{{ stack_name }}"
+        volumes:
+          - "./{{ stack_name }}/pgbackrest.conf:/etc/pgbackrest/pgbackrest.conf"
+          - "oasst-{{ stack_name }}-postgres-backend:/var/lib/postgresql/data"
+        env:
+          PGBACKREST_REPO1_S3_BUCKET:
+            "{{ lookup('ansible.builtin.env', 'S3_BUCKET_NAME') }}"
+          PGBACKREST_REPO1_S3_KEY:
+            "{{ lookup('ansible.builtin.env', 'AWS_ACCESS_KEY') }}"
+          PGBACKREST_REPO1_S3_KEY_SECRET:
+            "{{ lookup('ansible.builtin.env', 'AWS_SECRET_KEY') }}"
+
     - name: Run the oasst oasst-backend
       community.docker.docker_container:
         name: "oasst-{{ stack_name }}-backend"
diff --git a/ansible/pgbackrest.conf b/ansible/pgbackrest.conf
new file mode 100644
index 00000000..036826d3
--- /dev/null
+++ b/ansible/pgbackrest.conf
@@ -0,0 +1,24 @@
+[oasst]
+pg1-path=/var/lib/postgresql/data
+
+[global]
+repo1-retention-full=3 # keep last 3 backups
+repo1-type=s3
+repo1-path=/oasst-prod
+repo1-s3-region=us-east-1
+repo1-s3-endpoint=s3.amazonaws.com
+# repo1-s3-bucket=$S3_BUCKET_NAME
+# repo1-s3-key=$AWS_ACCESS_KEY
+# repo1-s3-key-secret=$AWS_SECRET_KEY
+
+# Force a checkpoint to start backup immediately.
+start-fast=y
+# Use delta restore.
+delta=y
+
+# Enable ZSTD compression.
+compress-type=zst
+compress-level=6
+
+log-level-console=info
+log-level-file=debug