diff --git a/machines/storage01/_configuration.nix b/machines/storage01/_configuration.nix
index e9f6f6f..c32169d 100644
--- a/machines/storage01/_configuration.nix
+++ b/machines/storage01/_configuration.nix
@@ -13,6 +13,7 @@ let
   # List of services to enable
   enabledServices = [
     "forgejo"
+    "garage"
   ];
 in
 
diff --git a/machines/storage01/garage.nix b/machines/storage01/garage.nix
new file mode 100644
index 0000000..1d89448
--- /dev/null
+++ b/machines/storage01/garage.nix
@@ -0,0 +1,45 @@
+_:
+
+let
+  host = "s3.dgnum.eu";
+  webHost = "cdn.dgnum.eu";
+in {
+  services.garage = {
+    enable = true;
+
+    settings = {
+      replication_mode = "none";
+      compression_level = 7;
+
+      rpc_bind_addr = "[::]:3901";
+      rpc_public_addr = "127.0.0.1:3901";
+      rpc_secret =
+        "a79e86c6fc0e0a02ff71fd3c6127887b6e029ea6e8ade6c3de1a0b7b09ad2873";
+
+      s3_api = {
+        s3_region = "par01";
+        api_bind_addr = "[::]:3900";
+        root_domain = ".${host}";
+      };
+
+      s3_web = {
+        bind_addr = "[::]:3902";
+        root_domain = ".${webHost}";
+        index = "index.html";
+      };
+
+      k2v_api = { api_bind_addr = "[::]:3904"; };
+
+      admin = {
+        api_bind_addr = "0.0.0.0:3903";
+        admin_token = "KVGyC6SNrIwT4o9alxg7T1SWFs29vjev0AzLBwqchjo=";
+      };
+    };
+  };
+
+  services.nginx.virtualHosts.${host} = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/".proxyPass = "http://[::1]:3900";
+  };
+}