diff --git a/jobs/services/paperless-backup.hcl b/jobs/services/paperless-backup.hcl
new file mode 100644
index 0000000..0d7e9ba
--- /dev/null
+++ b/jobs/services/paperless-backup.hcl
@@ -0,0 +1,50 @@
+job "paperless-backup" {
+  datacenters = ["aperture"]
+  type        = "batch"
+
+  periodic {
+    crons            = ["0 */3 * * * *"]
+    prohibit_overlap = true
+  }
+
+  group "db-backup" {
+    task "postgres-backup" {
+      driver = "raw_exec"
+
+      config {
+        command = "/bin/bash"
+        args    = ["local/script.sh"]
+      }
+
+      template {
+        data        = <<EOH
+#!/bin/bash
+
+file=/storage/backups/nomad/paperless/postgresql-paperless-$(date +%Y-%m-%d_%H-%M-%S).sql
+
+mkdir -p /storage/backups/nomad/paperless
+
+alloc_id=$(nomad job status paperless | grep running | tail -n 1 | cut -d " " -f 1)
+
+job_name=$(echo ${NOMAD_JOB_NAME} | cut -d "/" -f 1)
+
+nomad alloc exec -task db $alloc_id pg_dumpall -U {{ key "paperless/db/user" }} > "${file}"
+
+find /storage/backups/nomad/paperless/postgresql-paperless* -ctime +3 -exec rm {} \; || true
+
+if [ -s "$file" ]; then # check if file exists and is not empty
+  echo "Backup successful"
+  exit 0
+else
+  rm $file
+  curl -H "Content-Type: application/json" -d \
+  '{"content": "<@&585512338728419341> `PostgreSQL` backup for **'"${job_name}"'** has just **FAILED**\nFile name: `'"$file"'`\nDate: `'"$(TZ=Europe/Dublin date)"'`\nTurn off this script with `nomad job stop '"${job_name}"'` \n\n## Remember to restart this backup job when fixed!!!"}' \
+  {{ key "postgres/webhook/discord" }}
+fi
+EOH
+        destination = "local/script.sh"
+      }
+    }
+  }
+}
+
diff --git a/jobs/services/paperless.hcl b/jobs/services/paperless.hcl
new file mode 100644
index 0000000..b0ee2f4
--- /dev/null
+++ b/jobs/services/paperless.hcl
@@ -0,0 +1,118 @@
+job "paperless" {
+  datacenters = ["aperture"]
+  type        = "service"
+
+  group "paperless-web" {
+    network {
+      port "http" {
+        to = 8000
+      }
+      port "redis" {
+        to = 6379
+      }
+      port "db" {
+        to = 5432
+      }
+    }
+
+    service {
+      name = "paperless"
+      port = "http"
+
+      check {
+        type     = "http"
+        path     = "/"
+        interval = "10s"
+        timeout  = "2s"
+      }
+
+      tags = [
+        "traefik.enable=true",
+        "traefik.http.routers.paperless.rule=Host(`paperless.redbrick.dcu.ie`) || Host(`paperless.rb.dcu.ie`)",
+        "traefik.http.routers.paperless.entrypoints=websecure",
+        "traefik.http.routers.paperless.tls=true",
+        "traefik.http.routers.paperless.tls.certresolver=lets-encrypt",
+        "traefik.http.middlewares.paperless.headers.contentSecurityPolicy=default-src 'self'; img-src 'self' data:"
+      ]
+    }
+
+    task "web" {
+      driver = "docker"
+
+      config {
+        image = "ghcr.io/paperless-ngx/paperless-ngx:latest"
+        ports = ["http"]
+
+        volumes = [
+          "/storage/nomad/paperless/consume:/usr/src/paperless/consume",
+          "/storage/nomad/paperless/data:/usr/src/paperless/data",
+          "/storage/nomad/paperless/media:/usr/src/paperless/media",
+          "/storage/nomad/paperless/export:/usr/src/paperless/export",
+          "/storage/nomad/paperless/preconsume:/usr/src/paperless/preconsume",
+        ]
+      }
+
+      template {
+        data        = <<EOH
+PAPERLESS_REDIS  = "redis://{{ env "NOMAD_ADDR_redis" }}"
+PAPERLESS_DBHOST = "{{ env "NOMAD_IP_db" }}"
+PAPERLESS_DBPORT = "{{ env "NOMAD_HOST_PORT_db" }}"
+PAPERLESS_DBPASS={{ key "paperless/db/password" }}
+PAPERLESS_DBUSER={{ key "paperless/db/user" }}
+PAPERLESS_DBNAME={{ key "paperless/db/name" }}
+PAPERLESS_SECRETKEY={{ key "paperless/secret_key" }}
+PAPERLESS_URL=https://paperless.redbrick.dcu.ie
+PAPERLESS_ADMIN_USER={{ key "paperless/admin/user" }}
+PAPERLESS_ADMIN_PASSWORD={{ key "paperless/admin/password" }}
+PAPERLESS_ALLOWED_HOSTS="paperless.redbrick.dcu.ie,paperless.rb.dcu.ie,10.10.0.4,10.10.0.5,10.10.0.6" # allow internal aperture IPs for health check
+PAPERLESS_CONSUMER_POLLING=1
+EOH
+        destination = "local/.env"
+        env         = true
+      }
+      # PAPERLESS_PRE_CONSUME_SCRIPT={{ key "paperless/env/preconsume-script" }}
+
+      resources {
+        cpu    = 800
+        memory = 1000
+      }
+    }
+
+    task "broker" {
+      driver = "docker"
+
+      config {
+        image = "docker.io/library/redis:7"
+        ports = ["redis"]
+      }
+
+      resources {
+        cpu    = 300
+        memory = 50
+      }
+    }
+
+    task "db" {
+      driver = "docker"
+
+      config {
+        image = "postgres:16-alpine"
+        ports = ["db"]
+
+        volumes = [
+          "/storage/nomad/paperless/db:/var/lib/postgresql/data"
+        ]
+      }
+
+      template {
+        data        = <<EOH
+POSTGRES_PASSWORD={{ key "paperless/db/password" }}
+POSTGRES_USER={{ key "paperless/db/user" }}
+POSTGRES_NAME={{ key "paperless/db/name" }}
+EOH
+        destination = "local/db.env"
+        env         = true
+      }
+    }
+  }
+}