diff --git a/configuration.nix b/configuration.nix
index 4fc3501..764c85d 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -226,6 +226,8 @@ with pkgs;
       owner = "acme";
       group = "nginx";
     };
+    secrets.wallabag.file = secrets/wallabag.age;
+    secrets.wallabag-postgres.file = secrets/wallabag-postgres.age;
     identityPaths = [ "/etc/ssh/id_ed25519" ];
   };
 
diff --git a/modules/containers.nix b/modules/containers.nix
index 2ab51d2..dd33761 100644
--- a/modules/containers.nix
+++ b/modules/containers.nix
@@ -44,9 +44,31 @@
           ports = [ "127.0.0.1:9090:8080" ];
           volumes = [ "/vault/opodsync:/var/www/server/data" ];
         };
+        # Wallabag
+        wallabag = {
+          image = "wallabag/wallabag@sha256:a87160e4445e11f9bcec0f4b201c31e1eb0d201d7bcd1aac421e8f3c2b8f553c";
+          environmentFiles = [ config.age.secrets.wallabag.path ];
+          dependsOn = [ "postgresql" ];
+          extraOptions = [ "--pod=wallabag-pod" ];
+        };
+        # Wallabag database
+        postgresql = {
+          image = "postgres:16.8@sha256:e95b0cb95f719e0ce156c2bc5545c89fbd98a1a692845a5331ddc79ea61f1b1e";
+          environmentFiles = [ config.age.secrets.wallabag-postgres.path ];
+          extraOptions = [ "--pod=wallabag-pod" ];
+          volumes = [ "/var/lib/postgresql-wallabag:/var/lib/postgresql/data" ];
+        };
       };
     };
   };
+  # Allow networking between Wallabag and Postgresql
+  systemd.services.create-wallabag-pod = {
+    serviceConfig.Type = "oneshot";
+    wantedBy = [ "podman-postgresql.service" ];
+    script = with pkgs; ''
+      ${podman}/bin/podman pod exists wallabag-pod || ${podman}/bin/podman pod create -n wallabag-pod -p '127.0.0.1:8090:80'
+    '';
+  };
 
   # Start services after ZFS mount
   systemd.services.podman-mqtt2prometheus.unitConfig.RequiresMountsFor = [ /vault/mqtt2prometheus ];
diff --git a/modules/information.nix b/modules/information.nix
index a2fd17c..bcecf9a 100644
--- a/modules/information.nix
+++ b/modules/information.nix
@@ -12,23 +12,8 @@
     adminCredentialsFile = config.age.secrets.miniflux.path;
   };
 
-  # Php-fpm pool for Wallabag
-  services.phpfpm.pools.wallabag = {
-    user = "nginx";
-    group = "nginx";
     settings = {
-      "listen.owner" = config.services.nginx.user;
-      "listen.group" = config.services.nginx.group;
-      "listen.mode" = 600;
-      "pm" = "ondemand";
-      "pm.max_children " = 4;
-      "pm.max_requests" = 32;
-      "env[WALLABAG_DATA]" = config.environment.variables.WALLABAG_DATA;
     };
-    phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
   };
 
-  # Set environment variable pointing to wallabag configuration directory
-  environment.variables.WALLABAG_DATA = "/var/lib/wallabag";
-
 }
diff --git a/modules/webstack.nix b/modules/webstack.nix
index 1b1070d..94e5781 100644
--- a/modules/webstack.nix
+++ b/modules/webstack.nix
@@ -137,22 +137,13 @@
       "wallabag.psydnd.org" = {
         useACMEHost = "psydnd.org";
         forceSSL = true;
-        root = "${pkgs.wallabag}/web";
-        locations = {
-          "/".tryFiles = "$uri /app.php$is_args$args";
-          "/assets".root = "${config.environment.variables.WALLABAG_DATA}/web";
-          "~ ^/app.php(/|$)" = {
-            fastcgiParams = {
-              SCRIPT_FILENAME = "${pkgs.wallabag}/web/$fastcgi_script_name";
-              DOCUMENT_ROOT = "${pkgs.wallabag}/web";
-            };
-            extraConfig = ''
-              fastcgi_pass unix:${config.services.phpfpm.pools.wallabag.socket};
-              fastcgi_split_path_info ^(.+\.php)(/.*)$;
-              include ${pkgs.nginx}/conf/fastcgi_params;
-              internal;
-            '';
-          };
+        locations."/" = {
+          proxyPass = "http://localhost:8090/";
+          extraConfig = ''
+            proxy_set_header X-Forwarded-Host $server_name;
+            proxy_set_header X-Forwarded-Proto https;
+            proxy_set_header X-Forwarded-For $remote_addr;
+          '';
         };
       };
       "books.psydnd.org" = {
@@ -236,7 +227,6 @@
     "miniflux.service"
     "radicale.service"
     "dendrite.service"
-    "phpfpm-wallabag.service"
     "grafana.service"
     "podman-openbooks.service"
     "podman-mqtt2prometheus.service"
diff --git a/scripts/motd.sh b/scripts/motd.sh
index 97b6052..79d6f37 100755
--- a/scripts/motd.sh
+++ b/scripts/motd.sh
@@ -23,7 +23,6 @@ services=(
 	"syncthing.service"
 	"radicale.service"
 	"miniflux.service"
-	"phpfpm-wallabag.service"
 	"gitea.service"
 	"dendrite.service"
 	"nginx.service"
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index beac3e2..1a48881 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -19,4 +19,6 @@ in
   "inadyn-porkbun.age".publicKeys = [ zion ];
   "acme-duckdns.age".publicKeys = [ zion ];
   "acme-porkbun.age".publicKeys = [ zion ];
+  "wallabag.age".publicKeys = [ zion ];
+  "wallabag-postgres.age".publicKeys = [ zion ];
 }
diff --git a/secrets/wallabag-postgres.age b/secrets/wallabag-postgres.age
new file mode 100644
index 0000000..52946f1
--- /dev/null
+++ b/secrets/wallabag-postgres.age
@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 iUaRGg zWm4+j3/IRqd3uZqGzXVcHvs+urNrvDMOceWKbpl018
+HlIKCFYt7n3iKZav5i0YiB4awRMJML0XUowX8sKKH2c
+--- ysvYVxgK1OeqCk8KdNF+uWsaQ9EzVRku7nw37aUAW3A
+c³³b±W|bU¨B"®®Ôµ¹¼­ŒÀ‡UäZ@–ûåQÚ£xå3þuh	†¤ÃñÏ "Ù?Ÿ	BïªþyÄFÌ|(Nut.¿À^Öa
\ No newline at end of file
diff --git a/secrets/wallabag.age b/secrets/wallabag.age
new file mode 100644
index 0000000..e1093a1
Binary files /dev/null and b/secrets/wallabag.age differ