diff --git a/README.md b/README.md
index 8132076..ac2ef4f 100644
--- a/README.md
+++ b/README.md
@@ -67,6 +67,7 @@ Agnos leverages let's encrypt capability to follow DNS `NS` records. It requires
         1. [Certificates](#certificates)
     1. [Configuration of your DNS provider](#configuration-of-your-dns-provider)
     1. [Running agnos](#running-agnos)
+    1. [Systemd units](#systemd-units)
 1. [Developers](#developers)
 
 <!-- /TOC -->
@@ -220,6 +221,10 @@ _acme-challenge.another.examp.le    NS      agnos-ns.doma.in
 
 When running, it checks whether the certificates of the full chain are going to expire in the next 30 days, and only renew them in that case, so it is suitable to be used in a cron job.
 
+## Systemd units
+
+A systemd unit and timers are provided in the `systemd` folder of this repo.
+
 # Developers
 
 PRs and issues are very welcome.
diff --git a/systemd/agnos.service b/systemd/agnos.service
new file mode 100644
index 0000000..690d8e4
--- /dev/null
+++ b/systemd/agnos.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=Agnos, obtain ACME/Let's encrypt certificates using DNS-01
+After=network.target
+
+[Service]
+Type=oneshot
+ExecStart=agnos /etc/agnos/config.toml --no-staging
+
+# Hardening
+ProtectSystem=true
+ProtectKernelModules=yes
+ProtectControlGroups=yes
+NoNewPrivileges=true
+
+# Reload webserver after agnos has run
+# ExecStartPost=systemctl restart nginx
+
diff --git a/systemd/agnos.timer b/systemd/agnos.timer
new file mode 100644
index 0000000..b863ebc
--- /dev/null
+++ b/systemd/agnos.timer
@@ -0,0 +1,10 @@
+[Unit]
+Description=Check ACME/Let's encrypt certificates daily and renew them if necessary
+
+[Timer]
+OnCalendar=daily
+Persistent=true
+AccuracySec=1h
+
+[Install]
+WantedBy=timers.target
\ No newline at end of file