diff --git a/hosts/sora/hardware.nix b/hosts/sora/hardware.nix
index 04bc863..df001ef 100644
--- a/hosts/sora/hardware.nix
+++ b/hosts/sora/hardware.nix
@@ -5,10 +5,12 @@
     efiInstallAsRemovable = true;
     device = "nodev";
   };
+
   fileSystems."/boot" = {
     device = "/dev/disk/by-uuid/B793-1B2C";
     fsType = "vfat";
   };
+
   boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
   boot.initrd.kernelModules = ["nvme"];
   fileSystems."/" = {
diff --git a/hosts/sora/services/attic.nix b/hosts/sora/services/attic.nix
new file mode 100644
index 0000000..df4034c
--- /dev/null
+++ b/hosts/sora/services/attic.nix
@@ -0,0 +1,44 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  sops.secrets.attic = {};
+
+  environment.systemPackages = [pkgs.attic];
+
+  services.atticd = {
+    enable = true;
+    credentialsFile = config.sops.secrets.attic.path;
+    settings = {
+      listen = "[::]:8200";
+      allowed-hosts = ["cache.flake.sh"];
+      database.url = "postgres://attic:attic@100.94.214.100:5432/attic";
+      api-endpoint = "https://cache.flake.sh";
+      require-proof-of-possession = false;
+      chunking = {
+        nar-size-threshold = 0;
+
+        min-size = 16 * 1024; # 16 KiB
+
+        avg-size = 64 * 1024; # 64 KiB
+
+        max-size = 256 * 1024; # 256 KiB
+      };
+      garbage-collection = {
+        interval = "12 hours";
+        default-retention-period = "4 weeks";
+      };
+      compression = {
+        type = "zstd";
+        level = 9;
+      };
+      storage = {
+        type = "s3";
+        region = "us-east-1";
+        bucket = "flakesh-binary-cache";
+        endpoint = "https://s3.flake.sh/";
+      };
+    };
+  };
+}
diff --git a/hosts/sora/services/davfs.nix b/hosts/sora/services/davfs.nix
new file mode 100644
index 0000000..14c1d20
--- /dev/null
+++ b/hosts/sora/services/davfs.nix
@@ -0,0 +1,20 @@
+{pkgs, ...}: {
+  environment.systemPackages = [pkgs.davfs2];
+  users.users.davfs2 = {
+    group = "davfs2";
+    isSystemUser = true;
+  };
+  users.groups.davfs2 = {};
+  sops.secrets.davfs2 = {
+    owner = "root";
+    group = "root";
+    mode = "0600";
+    path = "/etc/davfs2/secrets";
+  };
+
+  fileSystems."/var/lib/mounted" = {
+    device = "https://u384391.your-storagebox.de";
+    fsType = "davfs";
+    options = ["rw,file_mode=0660,dir_mode=0755" "0" "0"];
+  };
+}
diff --git a/hosts/sora/services/default.nix b/hosts/sora/services/default.nix
index 314e881..f751df5 100644
--- a/hosts/sora/services/default.nix
+++ b/hosts/sora/services/default.nix
@@ -5,6 +5,8 @@
     ./uptimekuma.nix
     ./ntfy-sh.nix
     ./tailscale.nix
+    ./attic.nix
+    ./minio.nix
     ./factorio.nix
     # ./minecraft.nix
     # ./foundryvtt.nix
diff --git a/hosts/sora/services/minio.nix b/hosts/sora/services/minio.nix
new file mode 100644
index 0000000..341f8ff
--- /dev/null
+++ b/hosts/sora/services/minio.nix
@@ -0,0 +1,25 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ./davfs.nix
+  ];
+  environment.systemPackages = [pkgs.minio-client];
+  sops.secrets.minio = {
+    owner = "minio";
+    group = "minio";
+    mode = "0600";
+    restartUnits = ["minio.service"];
+  };
+  services.minio = {
+    enable = true;
+    region = "us-east-1";
+    consoleAddress = "100.104.42.96:9006";
+    listenAddress = "100.104.42.96:9005";
+    rootCredentialsFile = config.sops.secrets.minio.path;
+    dataDir = ["/var/lib/mounted/minio/data"];
+    configDir = "/var/lib/mounted/minio/config";
+  };
+}
diff --git a/hosts/sora/services/traefik.nix b/hosts/sora/services/traefik.nix
index 22ec9d3..28391a6 100644
--- a/hosts/sora/services/traefik.nix
+++ b/hosts/sora/services/traefik.nix
@@ -41,6 +41,11 @@
               accessControlAllowOriginList = "https://daphbot.notohh.dev";
             };
           };
+          cors-allow-all = {
+            headers = {
+              accessControlAllowOriginList = "*";
+            };
+          };
         };
         routers = {
           api = {
@@ -133,6 +138,28 @@
             tls.domains = [{main = "*.flake.sh";}];
             tls.certresolver = "production";
           };
+          attic = {
+            rule = "Host(`cache.flake.sh`)";
+            entrypoints = ["websecure"];
+            service = "attic";
+            tls.domains = [{main = "*.flake.sh";}];
+            tls.certresolver = "production";
+          };
+          minio = {
+            rule = "Host(`s3.flake.sh`)";
+            entrypoints = ["websecure"];
+            service = "minio";
+            tls.domains = [{main = "*.flake.sh";}];
+            tls.certresolver = "production";
+            middlewares = "cors-allow-all";
+          };
+          minio-web = {
+            rule = "Host(`minio.flake.sh`)";
+            entrypoints = ["websecure"];
+            service = "minioadmin";
+            tls.domains = [{main = "*.flake.sh";}];
+            tls.certresolver = "production";
+          };
         };
         services = {
           forgejo.loadBalancer = {
@@ -151,6 +178,9 @@
           neko.loadBalancer.servers = [{url = "http://100.104.42.96:8085";}];
           justlog.loadBalancer.servers = [{url = "http://100.121.201.47:8025";}];
           ntfy-sh.loadBalancer.servers = [{url = "http://100.104.42.96:8090";}];
+          attic.loadBalancer.servers = [{url = "http://100.104.42.96:8200";}];
+          minio.loadBalancer.servers = [{url = "http://100.104.42.96:9005";}];
+          minio-web.loadBalancer.servers = [{url = "http://100.104.42.96:9006";}];
         };
       };
     };