diff --git a/playbooks/filesystem/common/var/lib/_hostname/home/_service_user_name/.config/systemd/user/podman-image-prune.service b/playbooks/filesystem/common/var/lib/_hostname/home/_service_user_name/.config/systemd/user/podman-image-prune.service
new file mode 100644
index 0000000..f46018e
--- /dev/null
+++ b/playbooks/filesystem/common/var/lib/_hostname/home/_service_user_name/.config/systemd/user/podman-image-prune.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Prune dangling podman images
+Documentation=man:podman-image-prune(1)
+
+[Service]
+Type=oneshot
+ExecStartPre=/usr/bin/podman container prune -f
+ExecStart=/usr/bin/podman image prune -f
+
+[Install]
+WantedBy=multi-user.target
diff --git a/playbooks/filesystem/common/var/lib/_hostname/home/_service_user_name/.config/systemd/user/podman-image-prune.timer b/playbooks/filesystem/common/var/lib/_hostname/home/_service_user_name/.config/systemd/user/podman-image-prune.timer
new file mode 100644
index 0000000..9b29582
--- /dev/null
+++ b/playbooks/filesystem/common/var/lib/_hostname/home/_service_user_name/.config/systemd/user/podman-image-prune.timer
@@ -0,0 +1,11 @@
+[Unit]
+Description=Prune dangling podman images
+Documentation=man:podman-image-prune(1)
+
+[Timer]
+OnCalendar=Fri *-*-* 08:00:00
+Persistent=true
+RandomizedDelaySec=1h
+
+[Install]
+WantedBy=timers.target
diff --git a/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-certbot.service.j2 b/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-certbot.service.j2
index 1e23692..bcaa3a3 100644
--- a/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-certbot.service.j2
+++ b/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-certbot.service.j2
@@ -10,6 +10,7 @@ After=pod-rproxy.service
 Environment=PODMAN_SYSTEMD_UNIT=%n
 TimeoutStopSec=70
 ExecStartPre=/bin/rm -f %t/container-rproxy-certbot.pid %t/container-rproxy-certbot.ctr-id
+ExecStartPre=/usr/bin/podman pull docker.io/certbot/certbot
 ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-rproxy-certbot.pid --cidfile %t/container-rproxy-certbot.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-rproxy.pod-id --replace -v /etc/resolv.conf:/etc/resolv.conf:ro -v etc_letsencrypt:/etc/letsencrypt -v var_lib_letsencrypt:/var/lib/letsencrypt -v ./.config/pod-rproxy/html:/var/www/html --name=pod-rproxy-certbot docker.io/certbot/certbot --non-interactive renew
 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-certbot.ctr-id
 Type=oneshot
diff --git a/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-nginx.service.j2 b/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-nginx.service.j2
index ae2f50b..2b9e61d 100644
--- a/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-nginx.service.j2
+++ b/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-nginx.service.j2
@@ -11,7 +11,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
 Restart=on-failure
 TimeoutStopSec=70
 ExecStartPre=/bin/rm -f %t/container-rproxy-nginx.pid %t/container-rproxy-nginx.ctr-id
-ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-rproxy-nginx.pid --cidfile %t/container-rproxy-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-rproxy.pod-id --replace -dt {{ service_rproxy_hosts }} -v /etc/resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro -v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro -v ./.config/pod-rproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro -v etc_letsencrypt:/etc/letsencrypt:ro -v var_lib_letsencrypt:/var/lib/letsencrypt:ro -v ./.config/pod-rproxy/html:/var/www/html --name=pod-rproxy-nginx docker.io/library/nginx
+ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-rproxy-nginx.pid --cidfile %t/container-rproxy-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-rproxy.pod-id --replace --label "io.containers.autoupdate=image" -dt {{ service_rproxy_hosts }} -v /etc/resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro -v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro -v ./.config/pod-rproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro -v etc_letsencrypt:/etc/letsencrypt:ro -v var_lib_letsencrypt:/var/lib/letsencrypt:ro -v ./.config/pod-rproxy/html:/var/www/html --name=pod-rproxy-nginx docker.io/library/nginx
 ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-rproxy-nginx.ctr-id -t 10
 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-nginx.ctr-id
 PIDFile=%t/container-rproxy-nginx.pid
diff --git a/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-www/.config/systemd/user/container-www-nginx.service.j2 b/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-www/.config/systemd/user/container-www-nginx.service.j2
index 3d4dd65..70540cb 100644
--- a/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-www/.config/systemd/user/container-www-nginx.service.j2
+++ b/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-www/.config/systemd/user/container-www-nginx.service.j2
@@ -11,7 +11,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
 Restart=on-failure
 TimeoutStopSec=70
 ExecStartPre=/bin/rm -f %t/container-www-nginx.pid %t/container-www-nginx.ctr-id
-ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-www-nginx.pid --cidfile %t/container-www-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-www.pod-id --replace -dt -v /etc/resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-www/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro --name=pod-www-nginx docker.io/library/nginx
+ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-www-nginx.pid --cidfile %t/container-www-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-www.pod-id --replace --label "io.containers.autoupdate=image" -dt -v /etc/resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-www/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro --name=pod-www-nginx docker.io/library/nginx
 ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-www-nginx.ctr-id -t 10
 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-www-nginx.ctr-id
 PIDFile=%t/container-www-nginx.pid
diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/container-lrproxy-nginx.service.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/container-lrproxy-nginx.service.j2
index 641c7e9..d4e2414 100644
--- a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/container-lrproxy-nginx.service.j2
+++ b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/container-lrproxy-nginx.service.j2
@@ -11,7 +11,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
 Restart=on-failure
 TimeoutStopSec=70
 ExecStartPre=/bin/rm -f %t/container-lrproxy-nginx.pid %t/container-lrproxy-nginx.ctr-id
-ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-lrproxy-nginx.pid --cidfile %t/container-lrproxy-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-lrproxy.pod-id --replace -dt {{ service_rproxy_hosts }} -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-lrproxy/nginx.conf:/etc/nginx/nginx.conf:ro -v ./.config/pod-lrproxy/nginx-conf.d:/etc/nginx/conf.d:ro -v ./.config/pod-lrproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro -v etc_letsencrypt:/etc/letsencrypt:ro --name=pod-lrproxy-nginx docker.io/library/nginx
+ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-lrproxy-nginx.pid --cidfile %t/container-lrproxy-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-lrproxy.pod-id --replace --label "io.containers.autoupdate=image" -dt {{ service_rproxy_hosts }} -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-lrproxy/nginx.conf:/etc/nginx/nginx.conf:ro -v ./.config/pod-lrproxy/nginx-conf.d:/etc/nginx/conf.d:ro -v ./.config/pod-lrproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro -v etc_letsencrypt:/etc/letsencrypt:ro --name=pod-lrproxy-nginx docker.io/library/nginx
 ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-lrproxy-nginx.ctr-id -t 10
 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-lrproxy-nginx.ctr-id
 PIDFile=%t/container-lrproxy-nginx.pid
diff --git a/playbooks/tasks/services/deploy/service/01-user.yml b/playbooks/tasks/services/deploy/service/01-user.yml
index b9b0779..f869612 100644
--- a/playbooks/tasks/services/deploy/service/01-user.yml
+++ b/playbooks/tasks/services/deploy/service/01-user.yml
@@ -90,4 +90,66 @@
         user_containers_storage is changed or
         user_containers_containers is changed
 
+    - name: Create systemd directory for user {{ service_user_name }}
+      file:
+        path: "{{ service_home }}/.config/systemd"
+        state: directory
+        mode: 0755
+
+    - name: Create systemd service directory for user {{ service_user_name }}
+      file:
+        path: "{{ service_home }}/.config/systemd/user"
+        state: directory
+        mode: 0755
+
+    - name: Copy systemd auto-update service for user {{ service_user_name }}
+      copy:
+        src: "/usr/lib/systemd/system/podman-auto-update.service"
+        dest: "{{ service_home }}/.config/systemd/user/podman-auto-update.service"
+        remote_src: yes
+      register: user_systemd_podman_auto_update_service_file
+
+    - name: Copy systemd auto-update timer for user {{ service_user_name }}
+      copy:
+        src: "/usr/lib/systemd/system/podman-auto-update.timer"
+        dest: "{{ service_home }}/.config/systemd/user/podman-auto-update.timer"
+        remote_src: yes
+      register: user_systemd_podman_auto_update_timer_file
+
+    - name: Copy systemd image prune service for user {{ service_user_name }}
+      copy:
+        src: "./filesystem/common/var/lib/_hostname/home/_service_user_name/.config/systemd/user/podman-image-prune.service"
+        dest: "{{ service_home }}/.config/systemd/user/podman-image-prune.service"
+      register: user_systemd_podman_image_prune_service_file
+
+    - name: Copy systemd image prune timer for user {{ service_user_name }}
+      copy:
+        src: "./filesystem/common/var/lib/_hostname/home/_service_user_name/.config/systemd/user/podman-image-prune.timer"
+        dest: "{{ service_home }}/.config/systemd/user/podman-image-prune.timer"
+      register: user_systemd_podman_image_prune_timer_file
+
+    - name: SystemD daemon reload
+      systemd:
+        daemon_reload: true
+        scope: user
+      when:
+        user_systemd_podman_auto_update_service_file is changed or
+        user_systemd_podman_auto_update_timer_file is changed or
+        user_systemd_podman_image_prune_service_file is changed or
+        user_systemd_podman_image_prune_timer_file is changed
+
+    - name: Enable podman auto-update
+      systemd:
+        name: podman-auto-update.timer
+        enabled: yes
+        state: started
+        scope: user
+
+    - name: Enable podman image prune
+      systemd:
+        name: podman-image-prune.timer
+        enabled: yes
+        state: started
+        scope: user
+
   become_user: "{{ service_user_name }}"