diff --git a/Cargo.toml b/Cargo.toml
index bbbe0c2..be9ad0c 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -29,3 +29,6 @@ dirs = "5"
 strip = "symbols"
 lto = "thin"
 codegen-units = 1
+
+[package.metadata.deb.systemd-units]
+unit-scripts = "systemd/"
diff --git a/systemd/cloudflare-ddns.service b/systemd/cloudflare-ddns.service
new file mode 100644
index 0000000..89547f8
--- /dev/null
+++ b/systemd/cloudflare-ddns.service
@@ -0,0 +1,30 @@
+[Unit]
+Description=Run the Cloudflare DDNS script
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/cloudflare-ddns run
+
+# Security
+NoNewPrivileges=true
+
+# Sandboxing config
+ProtectSystem=true
+PrivateTmp=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictNamespaces=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/systemd/cloudflare-ddns.timer b/systemd/cloudflare-ddns.timer
new file mode 100644
index 0000000..c686891
--- /dev/null
+++ b/systemd/cloudflare-ddns.timer
@@ -0,0 +1,9 @@
+[Unit]
+Description=Run the Cloudflare DDNS script hourly
+
+[Timer]
+OnBootSec=1min
+OnUnitActiveSec=1hr
+
+[Install]
+WantedBy=timers.target