diff --git a/.woodpecker/update-lockfile.yaml b/.woodpecker/update-lockfile.yaml
new file mode 100644
index 0000000..dcd5c95
--- /dev/null
+++ b/.woodpecker/update-lockfile.yaml
@@ -0,0 +1,75 @@
+clone:
+  git:
+    image: woodpeckerci/plugin-git
+pipeline:
+  clone2:
+    image: nixery.dev/shell/gitfull
+    commands:
+      - cd ..
+      - rm -rf $CI_REPO_NAME
+      - git clone https://git.chir.rs/$CI_REPO_OWNER/$CI_REPO_NAME
+      - cd $CI_REPO_NAME
+    when:
+      - event: cron
+      - event: manual
+  flake-update:
+    image: nixpkgs/nix-unstable
+    commands:
+      - mkdir -p /etc/nix
+      - |
+        cat > /etc/nix/nix.conf << EOF
+        # WARNING: this file is generated from the nix.* options in
+        # your NixOS configuration, typically
+        # /etc/nixos/configuration.nix.  Do not edit it!
+        build-users-group = nixbld
+        allowed-users = *
+        auto-optimise-store = true
+        builders-use-substitutes = true
+        require-sigs = true
+        sandbox = false
+        substituters = https://hydra.int.chir.rs/ https://cache.nixos.org/
+        system-features = big-parallel benchmark ca-derivations
+        trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg= hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs= chir-rs:AnwyFacopHSkprD6aXY4/R3J9JYzTbV2rosJCBPaB28=
+        trusted-substituters =
+        trusted-users = @wheel
+        experimental-features = nix-command flakes ca-derivations
+        EOF
+      - nix flake update
+    when:
+      - event: cron
+      - event: manual
+  git-push:
+    image: nixery.dev/shell/openssh/gitfull/git-lfs/gnupg/shadow
+    commands:
+      - groupadd -g 0 root
+      - useradd -u 0 -g root -d $HOME root
+      - mkdir -p ~/.ssh
+      - echo "$SSH_KEY" > ~/.ssh/id_ed25519
+      - chmod 600 ~/.ssh/id_ed25519
+      - echo "git.chir.rs ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQ77jA9S5qXDFGPLZRsC++AtxiXXeF8gVbkLlglx0GQ" > ~/.ssh/known_hosts
+      - echo "git.chir.rs ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDY0pZzNTAqaVqqfC31gYFixFs5KySv0UqvlDEAzEXJMB/pBWkE5GAd5Ik1NxD4QiAVWc2UARdmJEBbYf8mk5JiAv6fjsodJdJVRau4Ax7FtIfbxdFyzBgFery/KUnNIr6cmAWU2Af8JhzrnpEbhe5U3LftYnkdE1lI+iVqaQRARp0qikdzoAl3uMUhbdTxp1/6rtfN6bP2XZCsUx3t3W5ZG1QTQz8l7nrbXZX1TT3pZ2vcUANcMtOxEAwO6lbL210GX63C8XEoE7+4lLxRrSiaq3SkVlG07VspozKEtrrcsqCRNLebiaapmNWVoEq9Wd9VGAEjja5efyU6/HUlRogAOo1WP73UwoQLv5LTFH+ECoHhKS14xfPeXeVG8dbYyh5+CnmiVe43dH1qZw+ceYuYel31f47cAgScbxFvNkct0spK9m9mivnoUmYcxwTc+VbFbmnJvSuZw3a+OEYn9biitP/tTkYFiLZVdPZTxDkvd1oOyuVH9d4RMXbVgNS92/lr2iKFZkyhWMJ61hFMc2tupwmkp5Us5ce42XA0zC/aVY3vYoih/c5Ib0eZF1AEJdB6Bt5dWqITVsB3mip3Jn/mqVBIPTGXT6+FnGSEuL68Dj2yKBD7kj8YO/1SWpkVMy+bfoLXY/usgcaLCxpUu8dDrdrcKExLigCVbi3rdRmg7w==" >> ~/.ssh/known_hosts
+      - git remote set-url origin gitea@git.chir.rs:$CI_REPO_OWNER/$CI_REPO_NAME.git
+      - git config --global 'user.email' 'gitea-bot@chir.rs'
+      - git config --global 'user.name' 'Gitea Bot'
+      - echo "$GPG_KEY" | gpg --import
+      - git config --global "user.signingKey" "0x417A4BCCAB696E24"
+      - git config --global "commit.gpgSign" "true"
+      - git add .
+      - git commit -am "Update flake"
+      - git push --force origin main:update-flake
+    secrets:
+      - gpg_key
+      - ssh_key
+    when:
+      - event: cron
+      - event: manual
+  gitea-pr:
+    image: nixery.dev/shell/curl
+    commands:
+      - |
+        echo '{ "assignee": "darkkirb", "base": "main", "head": "update-flake", "title": "Update flake", "body": "" }' | curl -X POST -H "Authorization: token $GITEA_TOKEN" -H "Content-Type: application/json" --data-binary @- "https://git.chir.rs/api/v1/repos/$CI_REPO_OWNER/$CI_REPO_NAME/pulls"
+    secrets:
+      - gitea_token
+    when:
+      - event: cron
+      - event: manual
diff --git a/.woodpecker/update.yaml b/.woodpecker/update.yaml
index 1cf3b5f..282374f 100644
--- a/.woodpecker/update.yaml
+++ b/.woodpecker/update.yaml
@@ -1,3 +1,6 @@
+clone:
+  git:
+    image: woodpeckerci/plugin-git
 pipeline:
   clone2:
     image: nixery.dev/shell/gitfull
@@ -9,33 +12,7 @@ pipeline:
     when:
       - event: cron
       - event: manual
-  flake-update:
-    image: nixpkgs/nix-unstable
-    commands:
-      - mkdir -p /etc/nix
-      - |
-        cat > /etc/nix/nix.conf << EOF
-        # WARNING: this file is generated from the nix.* options in
-        # your NixOS configuration, typically
-        # /etc/nixos/configuration.nix.  Do not edit it!
-        build-users-group = nixbld
-        allowed-users = *
-        auto-optimise-store = true
-        builders-use-substitutes = true
-        require-sigs = true
-        sandbox = false
-        substituters = https://hydra.int.chir.rs/ https://cache.nixos.org/
-        system-features = big-parallel benchmark ca-derivations
-        trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg= hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs= chir-rs:AnwyFacopHSkprD6aXY4/R3J9JYzTbV2rosJCBPaB28=
-        trusted-substituters =
-        trusted-users = @wheel
-        experimental-features = nix-command flakes ca-derivations
-        EOF
-      - nix flake update
-    when:
-      - event: cron
-      - event: manual
-  update:
+  update-$PACKAGE:
     image: nixos/nix
     commands:
       - mkdir -p /etc/nix
@@ -60,7 +37,7 @@ pipeline:
       - mkdir -p /tmp2
       - chmod 1777 /tmp2
       - export TMPDIR=/tmp2
-      - yes '' | nix-shell ./scripts/update.nix --argstr max-workers 1
+      - yes '' | nix-shell ./scripts/update.nix --argstr path $PACKAGE
     when:
       - event: cron
       - event: manual
@@ -89,7 +66,7 @@ pipeline:
       - git config --global "commit.gpgSign" "true"
       - git add .
       - git commit -am "Update flake"
-      - git push --force origin main:update-flake
+      - git push --force origin main:update-$PACKAGE
     secrets:
       - gpg_key
       - ssh_key
@@ -100,9 +77,47 @@ pipeline:
     image: nixery.dev/shell/curl
     commands:
       - |
-        echo '{ "assignee": "darkkirb", "base": "main", "head": "update-flake", "title": "Update flake", "body": "" }' | curl -X POST -H "Authorization: token $GITEA_TOKEN" -H "Content-Type: application/json" --data-binary @- "https://git.chir.rs/api/v1/repos/$CI_REPO_OWNER/$CI_REPO_NAME/pulls"
+        echo '{ "assignee": "darkkirb", "base": "main", "head": "update-$PACKAGE", "title": "Update flake", "body": "" }' | curl -X POST -H "Authorization: token $GITEA_TOKEN" -H "Content-Type: application/json" --data-binary @- "https://git.chir.rs/api/v1/repos/$CI_REPO_OWNER/$CI_REPO_NAME/pulls"
     secrets:
       - gitea_token
     when:
       - event: cron
       - event: manual
+matrix:
+  PACKAGE:
+    - akkoma
+    - pleroma-fe
+    - admin-fe
+    - emoji-volpeon-blobfox
+    - emoji-volpeon-bunhd
+    - emoji-volpeon-drgn
+    - emoji-volpeon-fox
+    - emoji-volpeon-gphn
+    - emoji-volpeon-raccoon
+    - emoji-volpeon-vlpn
+    - emoji-caro
+    - lotte-art
+    - nasin-nanpa
+    - matrix-media-repo
+    - mautrix-discord
+    - mautrix-whatsapp
+    - mautrix-signal
+    - mautrix-telegram
+    - python-mautrix
+    - python-tulir-telethon
+    - papermc
+    - python-plover-stroke
+    - python-rtf-tokenize
+    - plover
+    - plover-plugins-manager
+    - python-simplefuzzyset
+    - plover-plugin-emoji
+    - plover-plugin-tapey-tape
+    - plover-plugin-yaml-dictionary
+    - plover-plugin-machine-hid
+    - plover-plugin-rkb1-hid
+    - plover-dict-didoesdigital
+    - miifox-net
+    - python-instagram
+    - element-web
+    - woodpecker-server