diff --git a/hosts/manatee/modules/home-assistant/default.nix b/hosts/manatee/modules/home-assistant/default.nix
index b1161f4..b55ee8c 100644
--- a/hosts/manatee/modules/home-assistant/default.nix
+++ b/hosts/manatee/modules/home-assistant/default.nix
@@ -1,4 +1,9 @@
-{ lib, config, ... }:
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
 let
   nginxEnabled = config.mod.nginx.enable;
 in
@@ -54,6 +59,64 @@ in
     };
   };
 
+  systemd.user = {
+    timers = {
+      "update-hetzner-ha-dns" = {
+        unitConfig = {
+          Description = "updates Hetzner DNS for home-assistant";
+        };
+
+        timerConfig = {
+          Unit = "update-hetzner-ha-dns.service";
+          OnCalendar = "*-*-* *:00/30:00";
+          Persistent = true;
+        };
+
+        wantedBy = [ "timers.target" ];
+      };
+    };
+
+    services = {
+      "update-hetzner-ha-dns" = {
+        unitConfig = {
+          Description = "updates Hetzner DNS for home-assistant";
+        };
+
+        serviceConfig = {
+          Type = "exec";
+          EnvironmentFile = config.age.secrets.hetzner-dns.path;
+        };
+
+        path = [
+          pkgs.curl
+          pkgs.coreutils # For `cat`
+        ];
+
+        script = ''
+          LAST_IP_FILE="/tmp/hetzner-dns-ha-ip"
+          INTERFACE="enp3s0"
+
+          CURRENT_IP=$(curl -s --fail --interface "$INTERFACE" ifconfig.me')
+
+          LAST_IP=""
+          if [[ -f "$LAST_IP_FILE" ]]; then
+              LAST_IP=$(cat "$LAST_IP_FILE")')
+          fi
+
+          if [[ "$CURRENT_IP" == "$LAST_IP" ]]; then
+              echo "IP unchanged, NOOP update."
+              exit 0
+          else
+              echo "checking DNS"
+              curl \
+                -H "Authorization: Bearer $HETZNER_API_TOKEN" \
+                "https://api.hetzner.cloud/v1/zones/$ZONE_NAME/rrsets/$RRSET_NAME/A"
+          fi
+        '';
+      };
+    };
+  };
+
   age = {
     secrets = {
       "hetzner-dns".file = ../../../../secrets/manatee/hetzner-dns.age;
diff --git a/secrets/manatee/hetzner-dns-ha-env-vars.age b/secrets/manatee/hetzner-dns-ha-env-vars.age
new file mode 100644
index 0000000..52eb1c3
Binary files /dev/null and b/secrets/manatee/hetzner-dns-ha-env-vars.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 31067ed..2333361 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -35,6 +35,7 @@ in {
   "manatee/syncthing-cert.age".publicKeys = [ manatee alex ];
   "manatee/syncthing-key.age".publicKeys = [ manatee alex ];
   "manatee/hetzner-dns.age".publicKeys = [ manatee alex ];
+  "manatee/hetzner-dns-ha-env-vars.age".publicKeys = [ manatee alex ];
 
   "backwards/root.backwards.age".publicKeys = [ backwards alex ];
   "backwards/root.backwards.pub.age".publicKeys = [ backwards alex ];