diff --git a/flake.nix b/flake.nix
index 545e2eb..7582d49 100644
--- a/flake.nix
+++ b/flake.nix
@@ -97,7 +97,7 @@
       };
 
       deploy.nodes.hel1-a = {
-        hostname = "hel1-a.servers.jakst";
+        hostname = myData.hosts."hel1-a.servers.jakst".jakstIP;
         profiles = {
           system = {
             sshUser = "motiejus";
@@ -109,7 +109,7 @@
       };
 
       deploy.nodes.vno1-oh2 = {
-        hostname = "vno1-oh2.servers.jakst";
+        hostname = myData.hosts."vno1-oh2.servers.jakst".jakstIP;
         profiles = {
           system = {
             sshUser = "motiejus";
@@ -125,6 +125,11 @@
     // flake-utils.lib.eachDefaultSystem (system: let
       pkgs = import nixpkgs {inherit system;};
     in {
+
+      apps.deploy-rs = {
+        type = "app";
+        program = "${deploy-rs.packages."${system}".default}/bin/deploy";
+      };
       devShells.default = with pkgs;
         mkShell {
           packages = [
diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix
index e828e7f..cb7883f 100644
--- a/hosts/vno1-oh2/configuration.nix
+++ b/hosts/vno1-oh2/configuration.nix
@@ -66,6 +66,8 @@
       updaterbot = {
         enable = true;
         uidgid = myData.uidgid.updaterbot;
+        repo = "git@git.jakstys.lt:motiejus/config";
+        deployDerivations = [".#vno1-oh2"];
       };
 
       postfix = {
diff --git a/modules/services/updaterbot/default.nix b/modules/services/updaterbot/default.nix
index 845d4c3..ae9fc24 100644
--- a/modules/services/updaterbot/default.nix
+++ b/modules/services/updaterbot/default.nix
@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  pkgs,
   ...
 }: {
   options.mj.services.updaterbot = with lib.types; {
@@ -31,6 +32,42 @@
       };
     };
 
+    systemd.services.updaterbot = {
+      description = "Update all known systems";
+      preStart = ''
+        if [[ -f .ssh/id_ed25519 ]]; then exit; fi
+
+        ${pkgs.openssh}/bin/ssh-keygen -N "" -t ed25519 -f .ssh/id_ed25519
+      '';
+      serviceConfig = {
+        Type = "oneshot";
+        User = "updaterbot";
+        WorkingDirectory = config.users.users.updaterbot.home;
+      };
+      script = let
+        deployDerivations = builtins.concatStringsSep " " config.mj.services.updaterbot.deployDerivations;
+      in ''
+        set -x
+        export GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh -i $HOME/.ssh/id_ed25519"
+        if [[ ! -d config ]]; then
+          ${pkgs.git}/bin/git clone ${config.mj.services.updaterbot.repo} config
+          cd config
+        else
+          cd config
+          ${pkgs.git}/bin/git fetch origin
+          ${pkgs.git}/bin/git reset --hard origin/main
+        fi
+
+        export PATH=$PATH:${pkgs.git}/bin
+        ${pkgs.nix}/bin/nix flake update --accept-flake-config --commit-lock-file
+        ${pkgs.git}/bin/git push origin main
+
+        exec ${pkgs.nix}/bin/nix run .#deploy-rs ${deployDerivations}
+      '';
+    };
+
+    mj.base.unitstatus.units = ["updaterbot"];
+
     nix.settings.trusted-users = ["updaterbot"];
   };
 }