diff --git a/inventories/chaosknoten/host_vars/renovate.sops.yaml b/inventories/chaosknoten/host_vars/renovate.sops.yaml
index 8a4b465..f481dd9 100644
--- a/inventories/chaosknoten/host_vars/renovate.sops.yaml
+++ b/inventories/chaosknoten/host_vars/renovate.sops.yaml
@@ -1,4 +1,6 @@
 ansible_pull__age_private_key: ENC[AES256_GCM,data:bdqHlOytu9POaLwjA2U3soUvwmcZsd/CZrVcG868AT//DP3uA0doe1foJ7S9P2+7vfO/eBtp3hidYoQRDACDD+KhucFPpjY7aKI=,iv:EUi66ScqjCWrGXaokJjKr+4LUgkHsPcOFQMpyuDXq4A=,tag:RSm2ReudORWzGafm94J8UQ==,type:str]
+secret__renovate_token: ENC[AES256_GCM,data:NVyWH/FnAhR0gQ16FZ9h+gOxlSYFAGcKG2VgtNuOupx9e1RrJg8RSQ==,iv:v6auLeQ9TGnQakA/6oqG7gyNK/pRgCpx4foUSYZEZ0g=,tag:2lmTCWYI7N6hNa+5ABO8ug==,type:str]
+secret__renovate_github_token: ENC[AES256_GCM,data:XqQrljiUafBf/a/Uq2jc0CtP2LQBHDK2KUYunhwFRv7MDSGg1yogWw==,iv:LNWNKig51wj27KMkrLsGgLnfZiGgf+oefsRTlf6wd4U=,tag:WMK3DBaJnKbMmHn6fZl5Lg==,type:str]
 sops:
   age:
     - recipient: age18qam683rva3ee3wgue7r0ey4ws4jttz4a4dpe3q8kq8lmrp97ezq2cns8d
@@ -10,8 +12,8 @@ sops:
         aDZsUFBwbkRtd3FjVHJhdnQ5WTFtOFUKIZzFbaXhG/+a+qtKv0p7YJMhKDqsK8Lr
         QSWWWzKH6mYcJcQ4AV0ZH8givdvX67wo9DYF4XKGs4H5vbM3COoBIQ==
         -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2025-10-16T14:04:36Z"
-  mac: ENC[AES256_GCM,data:2gVjbV1nPZhGj/YmUlX1D7C4tScc3aHhgYd4zyCf3K3/r9iCDHr02QPINM0W5oqrjFE7oqv4FJ2rW1fBnG6seHuRp3K8UtayfHnzepHQWqM8K7UZl+W+MSow8bzHJ0fsUmmyWG68AmDu5qPwEEmhL5VcQi1A5RUzQLpfCwxHbHE=,iv:oEjsk2n5Vqrc17Qz4vJg7IkLHrZ9UVWGEkqw/Z/E4xA=,tag:gWv6yLUU4SYw/Gc381o33g==,type:str]
+  lastmodified: "2025-10-16T15:47:31Z"
+  mac: ENC[AES256_GCM,data:WKuRfiAZ/Zx/V7pUHRzMNLV9vPA4n8nJcVoXqt93my9K9OdbZvhKfPtHhlAppZr9QTZtxwje1QTWDPDBXL7ZxNCk0eRrAJmRgffSfO/ZCakZp63d0pqkgjMdTG5P8dfWUMSwHG8w7Ssu2K0kSxhpgQ/BXUhGFmXz8gxAHaUXkg0=,iv:5LtDX541wb4kg9m8e4oeA1QrYoz0l/LKmq8sUmmKAUQ=,tag:pSyeX/dxjLL4dRcY8VkzuA==,type:str]
   pgp:
     - created_at: "2025-10-16T14:03:59Z"
       enc: |-
diff --git a/inventories/chaosknoten/host_vars/renovate.yaml b/inventories/chaosknoten/host_vars/renovate.yaml
new file mode 100644
index 0000000..17b9737
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/renovate.yaml
@@ -0,0 +1 @@
+renovate__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/renovate/renovate/config.js.j2') }}"
diff --git a/inventories/chaosknoten/hosts.yaml b/inventories/chaosknoten/hosts.yaml
index 7584b92..ebc456b 100644
--- a/inventories/chaosknoten/hosts.yaml
+++ b/inventories/chaosknoten/hosts.yaml
@@ -204,3 +204,4 @@ msmtp_hosts:
   hosts:
 renovate_hosts:
   hosts:
+    renovate:
diff --git a/resources/chaosknoten/renovate/renovate/config.js.j2 b/resources/chaosknoten/renovate/renovate/config.js.j2
new file mode 100644
index 0000000..031971c
--- /dev/null
+++ b/resources/chaosknoten/renovate/renovate/config.js.j2
@@ -0,0 +1,22 @@
+module.exports = {
+    username: "renovate",
+    token: "{{ secret__renovate_token }}",
+    endpoint: "https://git.hamburg.ccc.de/",
+    platform: "gitea",
+    persistRepoData: true,
+    logLevel: "debug",
+    onboardingConfig: {
+        "extends": ["config:recommended"],
+    },
+    autodiscover: true,
+    autodiscoverNamespaces: [
+        "CCCHH"
+    ],
+    detectHostRulesFromEnv: false,
+    hostRules: [
+        {
+            matchHost: "api.github.com",
+            token: "{{ secret__renovate_github_token }}"
+        }
+    ]
+};