diff --git a/tools/systemd/feedvault-backup.service b/tools/systemd/feedvault-backup.service
new file mode 100644
index 0000000..46e5ed6
--- /dev/null
+++ b/tools/systemd/feedvault-backup.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=FeedVault database backup
+
+[Service]
+Type=oneshot
+User=feedvault
+Group=feedvault
+WorkingDirectory=/home/feedvault/feedvault
+EnvironmentFile=/home/feedvault/feedvault/.env
+ExecStart=/usr/bin/uv run python manage.py backup_db
diff --git a/tools/systemd/feedvault-backup.timer b/tools/systemd/feedvault-backup.timer
new file mode 100644
index 0000000..9811378
--- /dev/null
+++ b/tools/systemd/feedvault-backup.timer
@@ -0,0 +1,9 @@
+[Unit]
+Description=Nightly FeedVault database backup
+
+[Timer]
+OnCalendar=*-*-* 03:15:00
+Persistent=true
+
+[Install]
+WantedBy=timers.target
diff --git a/tools/systemd/feedvault.service b/tools/systemd/feedvault.service
new file mode 100644
index 0000000..b6b5d16
--- /dev/null
+++ b/tools/systemd/feedvault.service
@@ -0,0 +1,27 @@
+[Unit]
+Description=FeedVault
+Requires=feedvault.socket
+
+[Service]
+User=feedvault
+Group=feedvault
+WorkingDirectory=/home/feedvault/feedvault
+EnvironmentFile=/home/feedvault/feedvault/.env
+RuntimeDirectory=feedvault
+ExecStart=/usr/bin/uv run gunicorn config.wsgi:application --bind unix:/run/feedvault/feedvault.sock --workers 13 --name feedvault --max-requests-jitter 50 --max-requests 1200
+ReadWritePaths=/home/feedvault/feedvault /run/feedvault
+
+NoNewPrivileges=yes
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=no
+CapabilityBoundingSet=
+AmbientCapabilities=
+RestrictRealtime=yes
+LockPersonality=yes
+
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
diff --git a/tools/systemd/feedvault.socket b/tools/systemd/feedvault.socket
new file mode 100644
index 0000000..4318c96
--- /dev/null
+++ b/tools/systemd/feedvault.socket
@@ -0,0 +1,11 @@
+[Unit]
+Description=FeedVault Socket
+
+[Socket]
+ListenStream=/run/feedvault/feedvault.sock
+SocketUser=feedvault
+SocketGroup=feedvault
+SocketMode=0660
+
+[Install]
+WantedBy=sockets.target