diff --git a/.forgejo/workflows/update-inputs.yml b/.forgejo/workflows/update-inputs.yml
new file mode 100644
index 00000000..c63d914a
--- /dev/null
+++ b/.forgejo/workflows/update-inputs.yml
@@ -0,0 +1,90 @@
+name: update-inputs
+
+on:
+  schedule:
+    - cron: "0 6 * * 2,5" # Tue & Fri
+  workflow_dispatch:
+
+jobs:
+  update-flake-lock:
+    runs-on: nixos
+
+    env:
+      BASE_BRANCH: main
+      BRANCH_PREFIX: flake-lock-update
+      FJ_URL: https://code.oliverdavies.uk
+      GIT_AUTHOR_EMAIL: flake-bot@local
+      GIT_AUTHOR_NAME: flake-bot
+      GIT_COMMITTER_EMAIL: ${{ env.GIT_AUTHOR_EMAIL }}
+      GIT_COMMITTER_NAME: ${{ env.GIT_AUTHOR_NAME }}
+
+    steps:
+      - uses: actions/checkout@v3
+        with: { fetch-depth: 0 }
+
+      - name: Update inputs & commit
+        id: bump
+        run: |
+          set -o errexit
+          set -o nounset
+          set -o pipefail
+
+          BRANCH="${BRANCH_PREFIX}-${GITHUB_RUN_ID}"
+          git switch -c "$BRANCH"
+
+          BEFORE=$(git rev-parse HEAD)
+
+          # Nix updates inputs and commits if needed
+          nix flake update --commit-lock-file
+
+          AFTER=$(git rev-parse HEAD)
+          if [ "$BEFORE" = "$AFTER" ]; then
+            echo "changed=false" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          # ── Grab commit info ────────────────────────────────────────────────
+          # Full message
+          COMMIT_RAW=$(git log -1 --pretty=%B)
+
+          # First line is the short summary; we keep lines AFTER the first blank
+          COMMIT_BODY=$(printf '%s\n' "$COMMIT_RAW" \
+            | sed '1,/^$/d' \
+            | sed 's/^• */* /') # nicer Markdown bullet
+
+          # Title becomes first line of the PR
+          COMMIT_TITLE=$(printf '%s\n' "$COMMIT_RAW" | head -n1)
+
+          # JSON-escape the body so \n etc. are valid JSON
+          BODY_JSON=$(printf '%s' "$COMMIT_BODY" | jq -Rs .)
+
+          echo "changed=true" >> "$GITHUB_OUTPUT"
+          echo "branch=$BRANCH" >> "$GITHUB_OUTPUT"
+          echo "title=$COMMIT_TITLE" >> "$GITHUB_OUTPUT"
+          echo "body_json=$BODY_JSON" >> "$GITHUB_OUTPUT"
+
+          git push -u origin "$BRANCH"
+
+      - name: Open pull-request
+        if: steps.bump.outputs.changed == 'true'
+        env:
+          TOKEN: ${{ secrets.FLAKE_UPDATE_PAT }}
+          BRANCH: ${{ steps.bump.outputs.branch }}
+          TITLE: ${{ steps.bump.outputs.title }}
+          BODY_JSON: ${{ steps.bump.outputs.body_json }}
+        run: |
+          set -o errexit
+          set -o nounset
+
+          OWNER="${GITHUB_REPOSITORY%%/*}"
+          REPO="${GITHUB_REPOSITORY#*/}"
+
+          curl -fSs -X POST "$FJ_URL/api/v1/repos/$OWNER/$REPO/pulls" \
+            -H "Authorization: token $TOKEN" \
+            --json '{
+              "base": "'"$BASE_BRANCH"'",
+              "body": '"$BODY_JSON"',
+              "draft": false,
+              "head": "'"$BRANCH"'",
+              "title": "'"$TITLE"'"
+            }'
diff --git a/hosts/nixedo/services/default.nix b/hosts/nixedo/services/default.nix
index f813baef..57d5e162 100644
--- a/hosts/nixedo/services/default.nix
+++ b/hosts/nixedo/services/default.nix
@@ -30,6 +30,7 @@
       gawk
       gitMinimal
       gnused
+      jq
       nix
       nodejs
       wget