diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
index 02cb2dd9ccd1..a2f67d2707ee 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
@@ -961,6 +961,13 @@
           configure this behaviour.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          <literal>mastodon</literal> now automatically removes remote
+          media attachments older than 30 days. This is configurable
+          through <literal>services.mastodon.mediaAutoRemove</literal>.
+        </para>
+      </listitem>
       <listitem>
         <para>
           The Redis module now disables RDB persistence when
diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md
index 43abb40b8a04..3540881c4622 100644
--- a/nixos/doc/manual/release-notes/rl-2211.section.md
+++ b/nixos/doc/manual/release-notes/rl-2211.section.md
@@ -296,6 +296,8 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
 
 - ZFS module will not allow hibernation by default, this is a safety measure to prevent data loss cases like the ones described at [OpenZFS/260](https://github.com/openzfs/zfs/issues/260) and [OpenZFS/12842](https://github.com/openzfs/zfs/issues/12842). Use the `boot.zfs.allowHibernation` option to configure this behaviour.
 
+- `mastodon` now automatically removes remote media attachments older than 30 days. This is configurable through `services.mastodon.mediaAutoRemove`.
+
 - The Redis module now disables RDB persistence when `services.redis.servers.<name>.save = []` instead of using the Redis default.
 
 - Neo4j was updated from version 3 to version 4. See this [migration guide](https://neo4j.com/docs/upgrade-migration-guide/current/) on how to migrate your Neo4j instance.
@@ -364,7 +366,7 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
   [systemd.oomd.enableRootSlice](options.html#opt-systemd.oomd.enableRootSlice),
   [systemd.oomd.enableSystemSlice](options.html#opt-systemd.oomd.enableSystemSlice),
   and [systemd.oomd.enableUserServices](options.html#opt-systemd.oomd.enableUserServices).
-  
+
 - The `tt-rss` service performs two database migrations when you first use its web UI after upgrade. Consider backing up its database before updating.
 
 - The `pass-secret-service` package now includes systemd units from upstream, so adding it to the NixOS `services.dbus.packages` option will make it start automatically as a systemd user service when an application tries to talk to the libsecret D-Bus API.
diff --git a/nixos/modules/services/web-apps/mastodon.nix b/nixos/modules/services/web-apps/mastodon.nix
index dad8c3d3e38b..83890e969909 100644
--- a/nixos/modules/services/web-apps/mastodon.nix
+++ b/nixos/modules/services/web-apps/mastodon.nix
@@ -425,6 +425,39 @@ in {
           Do automatic database migrations.
         '';
       };
+
+      mediaAutoRemove = {
+        enable = lib.mkOption {
+          type = lib.types.bool;
+          default = true;
+          example = false;
+          description = lib.mdDoc ''
+            Automatically remove remote media attachments and preview cards older than the configured amount of days.
+
+            Recommended in https://docs.joinmastodon.org/admin/setup/.
+          '';
+        };
+
+        startAt = lib.mkOption {
+          type = lib.types.str;
+          default = "daily";
+          example = "hourly";
+          description = lib.mdDoc ''
+            How often to remove remote media.
+
+            The format is described in {manpage}`systemd.time(7)`.
+          '';
+        };
+
+        olderThanDays = lib.mkOption {
+          type = lib.types.int;
+          default = 30;
+          example = 14;
+          description = lib.mdDoc ''
+            How old remote media needs to be in order to be removed.
+          '';
+        };
+      };
     };
   };
 
@@ -585,6 +618,22 @@ in {
       path = with pkgs; [ file imagemagick ffmpeg ];
     };
 
+    systemd.services.mastodon-media-auto-remove = lib.mkIf cfg.mediaAutoRemove.enable {
+      description = "Mastodon media auto remove";
+      environment = env;
+      serviceConfig = {
+        Type = "oneshot";
+        script = let
+          olderThanDays = toString cfg.mediaAutoRemove.olderThanDays;
+        in ''
+          ${cfg.package}/bin/tootctl media remove --days=${olderThanDays}
+          ${cfg.package}/bin/tootctl preview_cards remove --days=${olderThanDays}
+        '';
+        EnvironmentFile = "/var/lib/mastodon/.secrets_env";
+        startAt = cfg.mediaAutoRemove.startAt;
+      } // cfgService;
+    };
+
     services.nginx = lib.mkIf cfg.configureNginx {
       enable = true;
       recommendedProxySettings = true; # required for redirections to work