diff --git a/.github/actions/attic-cache-push/action.yml b/.github/actions/attic-cache-push/action.yml
new file mode 100644
index 0000000..73eeb85
--- /dev/null
+++ b/.github/actions/attic-cache-push/action.yml
@@ -0,0 +1,33 @@
+name: "Attic Watch and Push"
+description: "Composite action that logs in, sets the cache repository, starts attic watch-store in the background, and pushes results after the job completes."
+
+inputs:
+  cache_name:
+    description: "Cache name for attic login"
+    required: true
+  server:
+    description: "Server URL for attic login"
+    required: true
+  attic_auth_token:
+    description: "Authentication token for attic login"
+    required: true
+  cache_repository:
+    description: "Cache repository to use with attic"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Attic Login
+      shell: "nix shell nixpkgs#attic-client --command {0}"
+      run: |
+        attic login "${{ inputs.cache_name }}" "${{ inputs.server }}" "${{ inputs.attic_auth_token }}"
+    - name: Attic Use Repository
+      shell: "nix shell nixpkgs#attic-client --command {0}"
+      run: |
+        attic use "${{ inputs.cache_repository }}"
+    - name: Start Attic Watch-Store in Background
+      shell: "nix shell nixpkgs#attic-client --command {0}"
+      run: |
+        # Start attic watch-store in the background
+        attic watch-store &
diff --git a/.github/actions/attic-cache/action.yml b/.github/actions/attic-cache/action.yml
new file mode 100644
index 0000000..5a0a5f2
--- /dev/null
+++ b/.github/actions/attic-cache/action.yml
@@ -0,0 +1,15 @@
+name: "Attic Watch and Push"
+description: "Composite action pushes results after the job completes. Needs prior attic-cache action to have executed successfully."
+
+inputs:
+  cache_repository:
+    description: "Cache repository to use with attic"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Attic Push Results
+      shell: "nix shell nixpkgs#attic-client --command {0}"
+      run: |
+        attic push "${{ inputs.cache_repository }}" "./result" # TODO: Make this smarter
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..7b5ad95
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,39 @@
+name: CI
+
+on:
+  push:
+
+jobs:
+  build:
+    runs-on: nix
+    steps:
+      - name: Initialize CI
+        uses: https://git.qo.is/qo.is/actions-nix-init@main
+        with:
+          token: ${{ secrets.CI_TOKEN }}
+          lfs: false
+
+      - name: Add submodules to nix store to circumvent another nix bug
+        run: |
+          git clone https://git.qo.is/fabianhauser/nix-config-private.git /tmp/private
+          cd /tmp/private
+          nix flake prefetch
+
+      - name: Setup Attic Watch and Push
+        uses: ./.github/actions/attic-cache
+        with:
+          cache_name: fabianhauser
+          server: https://attic.qo.is/
+          attic_auth_token: ${{ secrets.ATTIC_AUTH_TOKEN }}
+          cache_repository: fabianhauser:dotfiles
+
+      - name: Build
+        run: nix build --max-jobs 12 --cores 12
+
+      - name: Run Checks
+        run: nix flake check
+
+      - name: Setup Cache Push
+        uses: ./.github/actions/attic-cache-push
+        with:
+          cache_repository: fabianhauser:dotfiles
diff --git a/flake.nix b/flake.nix
index 6567711..dfd99d4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -76,6 +76,7 @@
               inherit (pkgs)
                 nixos-rebuild
                 nixos-facter
+                attic-client
                 sops
                 ssh-to-age
                 nixd