diff --git a/data/common/common.yaml b/data/common/common.yaml
--- a/data/common/common.yaml
+++ b/data/common/common.yaml
@@ -3346,16 +3346,22 @@
     store:
       port-http: 19193
       port-grpc: 19093
+    compact:
+      port-http: 19293
   mmca:
     azure-storage-container: metrics-mmca-0
     store:
       port-http: 19194
       port-grpc: 19094
+    compact:
+      port-http: 19294
   archive-staging:  # rancher cluster
     azure-storage-container: metrics-sesi-rocquencourt-rancher-staging-0
     store:
       port-http: 19195
       port-grpc: 19095
+    compact:
+      port-http: 19295
 
 grafana::db::database: grafana
 grafana::db::username: grafana
diff --git a/site-modules/profile/manifests/thanos/compact.pp b/site-modules/profile/manifests/thanos/compact.pp
new file mode 100644
--- /dev/null
+++ b/site-modules/profile/manifests/thanos/compact.pp
@@ -0,0 +1,48 @@
+# Thanos compact services (compaction and downscaling of historical metrics)
+class profile::thanos::compact {
+  include profile::thanos::base
+  include profile::thanos::objstore_configs
+
+  $internal_ip = ip_for_network(lookup('internal_network'))
+
+  $stores = lookup('thanos::stores')
+
+  $config_dir = $::profile::thanos::base::config_dir
+  $stores.each | $dataset_name, $service | {
+    $port_http = $service['compact']['port-http']
+    $http_address = "${internal_ip}:${port_http}"
+    $http_target  = "${swh_hostname['internal_fqdn']}:${port_http}"
+
+    $service_name = "thanos-compact@${dataset_name}"
+    $unit_name = "${service_name}.service"
+
+    ::systemd::dropin_file {"${service_name}/parameters.conf":
+      ensure   => present,
+      unit     => $unit_name,
+      filename => 'parameters.conf',
+      content  => template('profile/thanos/compact-parameters.conf.erb'),
+      notify   => Service[$service_name],
+    }
+
+    service {$service_name:
+      ensure  => 'running',
+      enable  => true,
+      tag     => ['thanos-compact', "thanos-objstore-${dataset_name}"],
+    }
+
+    ::profile::prometheus::export_scrape_config {"thanos-compact-${http_target}":
+      target => $http_target,
+      job    => 'thanos_compact',
+      labels => {
+        dataset_name => $dataset_name,
+      },
+    }
+  }
+
+  # Uses: $config_dir, $cert_paths
+  systemd::unit_file {'thanos-compact@.service':
+    ensure  => present,
+    content => template('profile/thanos/compact@.service.erb'),
+    require => Class['profile::thanos::base'],
+  } ~> Service <| tag == 'thanos-compact' |>
+}
diff --git a/site-modules/profile/templates/thanos/compact-parameters.conf.erb b/site-modules/profile/templates/thanos/compact-parameters.conf.erb
new file mode 100644
--- /dev/null
+++ b/site-modules/profile/templates/thanos/compact-parameters.conf.erb
@@ -0,0 +1,4 @@
+# Managed by puppet (class profile::thanos::compact) - modifications will be overwritten
+
+[Service]
+Environment=HTTP_ADDRESS=<%= @http_address %>
diff --git a/site-modules/profile/templates/thanos/compact@.service.erb b/site-modules/profile/templates/thanos/compact@.service.erb
new file mode 100644
--- /dev/null
+++ b/site-modules/profile/templates/thanos/compact@.service.erb
@@ -0,0 +1,47 @@
+# File managed by puppet (class profile::thanos::compact)
+# Manual changes will be overwritten
+
+[Unit]
+Description=Thanos compact instance %i
+
+[Service]
+Environment=HTTP_ADDRESS=
+Restart=on-failure
+User=prometheus
+
+ExecStart=/opt/thanos/current/thanos compact \
+  --data-dir $CACHE_DIRECTORY \
+  --objstore.config-file <%= @config_dir %>/objstore-%i.yml \
+  --wait \
+  --wait-interval=5m \
+  --http-address $HTTP_ADDRESS
+ExecReload=/bin/kill -HUP $MAINPID
+TimeoutStopSec=20s
+SendSIGKILL=no
+CacheDirectory=thanos/scratch/compact-%i
+
+# systemd hardening-options
+AmbientCapabilities=
+CapabilityBoundingSet=
+DeviceAllow=/dev/null rw
+DevicePolicy=strict
+LimitMEMLOCK=0
+LimitNOFILE=8192
+LockPersonality=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateTmp=true
+PrivateUsers=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectSystem=full
+RemoveIPC=true
+RestrictNamespaces=true
+RestrictRealtime=true
+SystemCallArchitectures=native
+
+[Install]
+WantedBy=multi-user.target
diff --git a/site-modules/role/manifests/swh_thanos.pp b/site-modules/role/manifests/swh_thanos.pp
--- a/site-modules/role/manifests/swh_thanos.pp
+++ b/site-modules/role/manifests/swh_thanos.pp
@@ -2,4 +2,5 @@
 class role::swh_thanos inherits role::swh_base {
   include profile::thanos::query
   include profile::thanos::store
+  include profile::thanos::compact
 }