diff --git a/roles/lvm_self_backup/defaults/main.yml b/roles/lvm_self_backup/defaults/main.yml
index 140d613..5be9c2d 100644
--- a/roles/lvm_self_backup/defaults/main.yml
+++ b/roles/lvm_self_backup/defaults/main.yml
@@ -3,6 +3,7 @@
 
 # Infrastructure
 # Ansible instructions to deploy the infrastructure
+# Copyright (C) 2019-2020  Christoph (Sheogorath) Kern
 # Copyright (C) 2020       Saibotk
 #
 # This program is free software: you can redistribute it and/or modify
@@ -45,3 +46,18 @@ backup_gpg:
 # Should the systemd timer be enabled to automatically backup every day?
 backup_timer_enabled: true
 backup_timer_state: 'started'
+
+# Management for backup retention if enabled, backups will be dropped.
+backup_retention:
+  # Number of incremental backups to keep.
+  # Incremental backups require a full backup as base.
+  # Therefore the incremental count must be lower
+  # then under full backup if both are enabled.
+  incremental:
+    enabled: true
+    count: 3
+  # Number of full backups to keep. All additional will be deleted.
+  # Starting from the oldest.
+  full:
+    enabled: true
+    count: 6
diff --git a/roles/lvm_self_backup/templates/backup-lvm.sh b/roles/lvm_self_backup/templates/backup-lvm.sh
index a0ea1f0..54e2b9d 100644
--- a/roles/lvm_self_backup/templates/backup-lvm.sh
+++ b/roles/lvm_self_backup/templates/backup-lvm.sh
@@ -49,6 +49,36 @@ docker run --name="duplicity-backup-lvm" \
            /backup/ \
            "{{ backup_target }}"
 
+{% if backup_retention.incremental.enabled %}
+echo "Remove old incremental backups"
+docker run --name="duplicity-backup-lvm" \
+           --security-opt "label=disable" \
+           --security-opt "no-new-privileges" \
+           --cap-drop=ALL \
+           --cap-add=DAC_OVERRIDE \
+           --rm \
+           -v "$HOME/.cache/duplicity/:/archive" \
+           --hostname {{ ansible_fqdn }} \
+           {{ backup_duplicity_image }}:{{ backup_duplicity_image_version }} \
+           remove-all-inc-of-but-n-full {{ backup_retention.incremental.count }} --force \
+           "{{ backup_target }}"
+{% endif %}
+
+{% if backup_retention.full.enabled %}
+echo "Remove old full backups"
+docker run --name="duplicity-backup-lvm" \
+           --security-opt "label=disable" \
+           --security-opt "no-new-privileges" \
+           --cap-drop=ALL \
+           --cap-add=DAC_OVERRIDE \
+           --rm \
+           -v "$HOME/.cache/duplicity/:/archive" \
+           --hostname {{ ansible_fqdn }} \
+           {{ backup_duplicity_image }}:{{ backup_duplicity_image_version }} \
+           remove-all-but-n-full {{ backup_retention.full.count }} --force \
+           "{{ backup_target }}"
+{% endif %}
+
 echo "Unmount snapshots:"
 {% for item in backup_vols %}
 umount /dev/{{ item.vg_name }}/{{ item.lv_name }}_snap