diff --git a/flake-parts/job-flake-update/script.sh b/flake-parts/job-flake-update/script.sh
index 3c1c6a9..70535cf 100644
--- a/flake-parts/job-flake-update/script.sh
+++ b/flake-parts/job-flake-update/script.sh
@@ -2,12 +2,12 @@
 set -euo pipefail
 
 # prevent these variables from being unset by writePureShellScript
-export KEEP_VARS="PR_TITLE REMOTE_BRANCH REPO REPO_DIR"
+export KEEP_VARS="GIT_AUTHOR_NAME GIT_COMMITTER_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_EMAIL PR_TITLE REMOTE_BRANCH REPO REPO_DIR"
 
 # configure variables for actions
 export PR_TITLE="Automatic flake update - $(date --iso-8601=minutes)"
 export REMOTE_BRANCH="flake-update-$(date --iso-8601)"
-export REPO=gitea@git.clan.lol:clan/clan-infra.git
+export REPO="https://git.clan.lol/clan/clan-infra"
 export REPO_DIR=$TMPDIR/repo
 
 action-checkout
diff --git a/modules/web01/default.nix b/modules/web01/default.nix
index ff34edb..85bbb13 100644
--- a/modules/web01/default.nix
+++ b/modules/web01/default.nix
@@ -7,6 +7,7 @@
     ./harmonia.nix
     ./homepage.nix
     ./postfix.nix
+    ./job-flake-update.nix
     ../zerotier
     ../zerotier/ctrl.nix
   ];
diff --git a/modules/web01/job-flake-update.nix b/modules/web01/job-flake-update.nix
new file mode 100644
index 0000000..99311b7
--- /dev/null
+++ b/modules/web01/job-flake-update.nix
@@ -0,0 +1,45 @@
+{ config, self, pkgs, ... }: {
+
+  sops.secrets.merge-bot-gitea-token = { };
+
+  systemd.timers.job-flake-update = {
+    description = "Time for flake update workflow";
+    partOf = [ "job-flake-update.service" ];
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      Persistent = true;
+      OnCalendar = "daily";
+    };
+    after = [ "network-online.target" ];
+  };
+
+  # service to for automatic merge bot
+  systemd.services.job-flake-update = {
+    description = "Automatically update flake inputs for clan-repos";
+    after = [ "network-online.target" ];
+    environment = {
+      GITEA_TOKEN_FILE = "%d/GITEA_TOKEN_FILE";
+      # these ariables are repescted by git itself
+      GIT_AUTHOR_NAME = "Clan Merge Bot";
+      GIT_COMMITTER_NAME = "Clan Merge Bot";
+      GIT_AUTHOR_EMAIL = "clan-bot@git.clan.lol";
+      GIT_COMMITTER_EMAIL = "clan-bot@git.clan.lol";
+    };
+    serviceConfig = {
+      LoadCredential = [ "GITEA_TOKEN_FILE:${config.sops.secrets.merge-bot-gitea-token.path}" ];
+      DynamicUser = true;
+      RuntimeDirectory = "job-flake-update";
+    };
+    path = [
+      self.packages.${pkgs.system}.job-flake-update
+      self.packages.${pkgs.system}.job-flake-update
+    ];
+    script = ''
+      cd /run/job-flake-update
+      mkdir -p home
+      export HOME=$(realpath home)
+      export REPO_DIR=$HOME/repo
+      job-flake-update
+    '';
+  };
+}