diff --git a/.agenix_config.nix b/.agenix_config.nix
index df86029..6a4cd78 100644
Binary files a/.agenix_config.nix and b/.agenix_config.nix differ
diff --git a/flake.nix b/flake.nix
index 217cdaf..3787549 100644
--- a/flake.nix
+++ b/flake.nix
@@ -178,7 +178,8 @@
                 ]
                 ++ extraModules
                 ++ [ ./modules/nixos ]
-                ++ [ ./hosts/${hostname}/configuration.nix ];
+                ++ [ ./hosts/${hostname}/configuration.nix ]
+                ++ [ "${inputs.nixpkgs-unstable}/nixos/modules/services/misc/renovate.nix" ];
             })
           (import ./hosts inputs);
       diskoConfigurations = {
diff --git a/hosts/istal/services/default.nix b/hosts/istal/services/default.nix
index 06f5abe..299fb8f 100644
--- a/hosts/istal/services/default.nix
+++ b/hosts/istal/services/default.nix
@@ -4,5 +4,6 @@
     ./wireguard
     ./docker-registry-proxy.nix
     ./nginx.nix
+    ./renovate.nix
   ];
 }
diff --git a/hosts/istal/services/renovate-gitea-token.age b/hosts/istal/services/renovate-gitea-token.age
new file mode 100644
index 0000000..e2ee65d
Binary files /dev/null and b/hosts/istal/services/renovate-gitea-token.age differ
diff --git a/hosts/istal/services/renovate-github-token.age b/hosts/istal/services/renovate-github-token.age
new file mode 100644
index 0000000..bce9f24
Binary files /dev/null and b/hosts/istal/services/renovate-github-token.age differ
diff --git a/hosts/istal/services/renovate.nix b/hosts/istal/services/renovate.nix
new file mode 100644
index 0000000..c518fe3
--- /dev/null
+++ b/hosts/istal/services/renovate.nix
@@ -0,0 +1,46 @@
+{ config, pkgs, ... }:
+
+{
+  age.secrets.renovate-gitea-token.file = ./renovate-gitea-token.age;
+  age.secrets.renovate-github-token.file = ./renovate-github-token.age;
+
+  services.renovate = {
+    enable = true;
+    package = pkgs.unstable.renovate;
+    schedule = "0..3,10..23:00/15";
+    credentials = {
+      RENOVATE_TOKEN = config.age.secrets.renovate-gitea-token.path;
+      GITHUB_COM_TOKEN = config.age.secrets.renovate-github-token.path;
+    };
+    runtimePackages = with pkgs.unstable; [
+      nodePackages.pnpm
+      nodePackages.npm
+      python312
+      poetry
+      gnumake
+      cargo
+    ];
+    settings = {
+      platform = "gitea";
+      endpoint = "https://git.pleshevski.ru";
+      assignees = [ "pleshevskiy" ];
+      autodiscover = true;
+      packageRules = [
+        {
+          matchUpdateTypes = [ "minor" "patch" "pin" "digest" ];
+          automerge = true;
+        }
+      ];
+      automergeStrategy = "fast-forward";
+      onboardingConfig = {
+        "$schema" = "https://docs.renovatebot.com/renovate-schema.json";
+        extends = [ "config:recommended" ];
+        configMigration = true;
+      };
+      globalExtends = ["npm:unpublishSafe"];
+
+      cacheHardTtlMinutes = 60 * 24;
+      httpCacheTtlDays = 7;
+    };
+  };
+}