diff --git a/systems/ful/configuration.nix b/systems/ful/configuration.nix
index c73cdd6..601a645 100644
--- a/systems/ful/configuration.nix
+++ b/systems/ful/configuration.nix
@@ -4,10 +4,11 @@
   pkgs,
   ...
 }: let
-  inherit (import <niveum/lib>) kieran retiolumAddresses;
+  inherit (import <niveum/lib>) kieran retiolumAddresses restic;
 in {
   imports = [
     ./hardware-configuration.nix
+    ./matomo.nix
     <niveum/configs/monitoring.nix>
     <niveum/configs/nix.nix>
     <niveum/configs/save-space.nix>
@@ -16,6 +17,19 @@ in {
     <niveum/configs/retiolum.nix>
   ];
 
+  services.restic.backups.niveum = {
+    initialize = true;
+    inherit (restic) repository;
+    timerConfig = {
+      OnCalendar = "daily";
+      RandomizedDelaySec = "1h";
+    };
+    passwordFile = toString <secrets/restic/password>;
+    paths = [
+      config.services.mysqlBackup.location
+    ];
+  };
+
   nix.nixPath = ["/var/src"];
 
   networking = {
diff --git a/systems/ful/matomo.nix b/systems/ful/matomo.nix
new file mode 100644
index 0000000..cf79ba4
--- /dev/null
+++ b/systems/ful/matomo.nix
@@ -0,0 +1,42 @@
+{pkgs, ...}: let
+  inherit (import <niveum/lib>) kieran;
+in {
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = kieran.email;
+  };
+
+  services.matomo = {
+    enable = true;
+    hostname = "matomo.kmein.de";
+    nginx = {
+      serverName = "matomo.kmein.de";
+    };
+  };
+
+  services.mysql = {
+    enable = true;
+    package = pkgs.mariadb;
+    ensureDatabases = ["matomo"];
+    ensureUsers = [
+      {
+        name = "matomo";
+        ensurePermissions."matomo.*" = "ALL PRIVILEGES";
+      }
+    ];
+  };
+
+  services.mysqlBackup = {
+    enable = true;
+    databases = ["matomo"];
+  };
+}