diff --git a/ansible/host_vars/restic.yml b/ansible/host_vars/restic.yml
index 76ef5db..6c5ae4b 100644
--- a/ansible/host_vars/restic.yml
+++ b/ansible/host_vars/restic.yml
@@ -1,6 +1,6 @@
 restic_backup_locations:
   - /mnt/tank
-healthchecks_id: !vault |
+restic_healthchecks_id: !vault |
   $ANSIBLE_VAULT;1.1;AES256
   61343535336633643231356138356631663130313234343538366634393661666232303965643365
   3735323363366366303366336163623334316638653164610a633735316466336637346666666536
@@ -8,3 +8,13 @@ healthchecks_id: !vault |
   3134623162393034370a383737386434653036373639636631363233623232383936313264656539
   62376636326332386330663432306135313938623134383239373435666666356538363639323333
   3264386632376261666566373032363261643961376635336131
+
+restic_forget: true
+restic_forget_healthchecks_id: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  35356435623338613263633563623834376461643133386432366666373336373637326637626538
+  3264323338323034613633346431363362656362303530650a303861343438643232396436383065
+  34366236343664616566646564616532643066353732616566343665306464353637613362373837
+  6135323461646234360a383039623663333761343439636332323139616365313865666261336162
+  65663363666165313065323939653530613234613139316436343839356262363666373262366539
+  6666333133626561636638326335353135313637393033313138
diff --git a/ansible/host_vars/walker.yml b/ansible/host_vars/walker.yml
index ffa77a3..e50ad2d 100644
--- a/ansible/host_vars/walker.yml
+++ b/ansible/host_vars/walker.yml
@@ -2,7 +2,7 @@ with_traefik_pages: true
 
 restic_backup_locations:
   - /opt
-healthchecks_id: !vault |
+restic_healthchecks_id: !vault |
   $ANSIBLE_VAULT;1.1;AES256
   30663732643431326232366364373238653263613039373232663563303334326137376663373366
   6136306335363665313133623531643736653934323034620a346461633634633932343936376361
diff --git a/ansible/roles/restic/defaults/main.yml b/ansible/roles/restic/defaults/main.yml
index 1f35a5d..1f526dc 100644
--- a/ansible/roles/restic/defaults/main.yml
+++ b/ansible/roles/restic/defaults/main.yml
@@ -1 +1,2 @@
 restic_backup_locations: []
+restic_forget: false
diff --git a/ansible/roles/restic/files/backrest.sh b/ansible/roles/restic/files/backrest.sh
index 9171bdb..303a461 100644
--- a/ansible/roles/restic/files/backrest.sh
+++ b/ansible/roles/restic/files/backrest.sh
@@ -8,16 +8,18 @@ export RESTIC_PASSWORD="{{ restic_key }}"
 export RESTIC_REPOSITORY="b2:{{ restic_b2_bucket }}"
 
 export RESTIC_LOG_DIR="$HOME/log"
-export RESTIC_LOG_FILE="$RESTIC_LOG_DIR/$(date -Iseconds).log"
+export RESTIC_LOG_FILE="$RESTIC_LOG_DIR/$1-$(date -Iseconds).log"
+
+export FORGET_OPTIONS="--keep-daily 7 --keep-weekly 2"
 
 mkdir -p "$RESTIC_LOG_DIR"
 
 # Run backup, and capture logs to file
 cron_backup() {
-    curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ healthchecks_id }}/start
+    curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ restic_healthchecks_id }}/start
     restic --verbose backup {{ restic_backup_locations|join(' ') }} | tee -a $RESTIC_LOG_FILE
     exit_code=${PIPESTATUS[0]}
-    curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ healthchecks_id }}/$exit_code --data-binary "@$RESTIC_LOG_FILE"
+    curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ restic_healthchecks_id }}/$exit_code --data-binary "@$RESTIC_LOG_FILE"
     rm $RESTIC_LOG_FILE
     echo "Exit code: $exit_code"
 }
@@ -27,6 +29,18 @@ backup() {
     restic --verbose backup {{ restic_backup_locations|join(' ') }}
 }
 
+{% if restic_forget %}
+# Run forget and prune, and capture logs to file
+cron_forget() {
+    curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ restic_forget_healthchecks_id }}/start
+    restic forget --prune $FORGET_OPTIONS | tee -a $RESTIC_LOG_FILE
+    exit_code=${PIPESTATUS[0]}
+    curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ restic_forget_healthchecks_id }}/$exit_code --data-binary "@$RESTIC_LOG_FILE"
+    rm $RESTIC_LOG_FILE
+    echo "Exit code: $exit_code"
+}
+{% endif %}
+
 # Forget legacy snapshots
 forget() {
     set -x
diff --git a/ansible/roles/restic/tasks/main.yml b/ansible/roles/restic/tasks/main.yml
index 659166f..d222f53 100644
--- a/ansible/roles/restic/tasks/main.yml
+++ b/ansible/roles/restic/tasks/main.yml
@@ -31,3 +31,20 @@
     path: /usr/bin/restic
     capability: cap_dac_read_search=+ep
   become: true
+
+- name: Schedule backup
+  cron:
+    name: restic backup
+    special_time: daily
+    job: /home/restic/backrest.sh cron_backup
+    user: restic
+  become: true
+
+- name: Schedule forget
+  cron:
+    name: restic forget
+    special_time: weekly
+    job: /home/restic/backrest.sh cron_forget
+    user: restic
+  become: true
+  when: restic_forget