diff --git a/roles/mongodb/meta/main.yml b/roles/mongodb/meta/main.yml
new file mode 100644
index 0000000..683bc95
--- /dev/null
+++ b/roles/mongodb/meta/main.yml
@@ -0,0 +1,4 @@
+---
+dependencies:
+  - {role: backup_base}
+
diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml
index 329e17d..582b32c 100644
--- a/roles/mongodb/tasks/main.yml
+++ b/roles/mongodb/tasks/main.yml
@@ -29,6 +29,7 @@
     name: "{{ item }}"
     state: installed
   with_items:
+    - mongodb-database-tools
     - mongodb-mongosh
     - mongodb-org-server
 
@@ -127,6 +128,22 @@
     state: started
     enabled: true
 
+- name: Copy backup script
+  ansible.builtin.template:
+    dest: /usr/local/sbin/mongodb-backup
+    src: mongodb-backup.sh.j2
+    mode: "0700"
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: Create backup cron job
+  ansible.builtin.cron:
+    name: mongodb-backup
+    job: /usr/local/sbin/mongodb-backup
+    hour: "0"
+    minute: "20"
+    user: root
+
 - name: Create mongo alias cmd for root
   ansible.builtin.lineinfile:
     path: /root/.bashrc
diff --git a/roles/mongodb/templates/mongodb-backup.sh.j2 b/roles/mongodb/templates/mongodb-backup.sh.j2
new file mode 100755
index 0000000..2cca05a
--- /dev/null
+++ b/roles/mongodb/templates/mongodb-backup.sh.j2
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+set -eu
+
+umask 027
+
+DESTDIR="/srv/backup"
+DATE="$(date +%Y-%m-%d)"
+
+cd "$DESTDIR"
+find . -xdev -mindepth 2 -maxdepth 2 -type f -mtime +30 \
+    -execdir rm -f -- {} \;
+find . -xdev -depth -mindepth 1 -maxdepth 1 -type d -empty \
+    -execdir rmdir -- {} \;
+
+mkdir -m 2750 "$DATE"
+chgrp backup "$DATE"
+
+mongodump \
+    --sslPEMKeyFile=/etc/pki/tls/private/mongodb.pem \
+    --sslCAFile=/etc/pki/tls/certs/ca.crt \
+    --ssl \
+    --username=backup \
+    --password="{{ mongodb_backup_password }}" \
+    --gzip \
+    --out="${DATE}" \
+    --quiet \
+    --uri="mongodb://$(hostname -f)/"