diff --git a/.github/workflows/update-nixpkgs-cleanup.yaml b/.github/workflows/update-nixpkgs-cleanup.yaml
new file mode 100644
index 000000000..b0bf4ca3a
--- /dev/null
+++ b/.github/workflows/update-nixpkgs-cleanup.yaml
@@ -0,0 +1,46 @@
+name: update-nixpkgs-cleanup
+
+on:
+  pull_request:
+    types:
+      - closed
+
+jobs:
+  update-nixpkgs-on-merge:
+    if: github.event.pull_request.merged == true && startsWith(github.head_ref, 'nixpkgs-auto-update/')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          repository: flyingcircusio/fc-nixos-release-tools
+          path: 'release-tools'
+      - uses: cachix/install-nix-action@v21
+        with:
+          # Nix 2.24 breaks flake update
+          install_url: https://releases.nixos.org/nix/nix-2.18.9/install
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ vars.NIXPKGS_UPDATE_APP_ID }}
+          private-key: ${{ secrets.NIXPKGS_UPDATE_APP_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+      - run: |
+          echo "::add-mask::${{steps.app-token.outputs.token}}"
+      - name: Get GitHub App User ID
+        id: get-user-id
+        run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+      - run: |
+          git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
+          git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
+      - name: build release tooling
+        run: |
+          nix build ./release-tools#
+      - run: |
+          ./result/bin/update-nixpkgs cleanup \
+            --merged-pr-id ${{ github.event.number }} \
+            --nixpkgs-dir nixpkgs \
+            --nixpkgs-origin-url https://x-access-token:${{steps.app-token.outputs.token}}@github.com/flyingcircusio/nixpkgs.git
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
diff --git a/changelog.d/20241204_152719_PL-133100-update-nixpkgs_scriv.md b/changelog.d/20241204_152719_PL-133100-update-nixpkgs_scriv.md
new file mode 100644
index 000000000..562a2dd0f
--- /dev/null
+++ b/changelog.d/20241204_152719_PL-133100-update-nixpkgs_scriv.md
@@ -0,0 +1,19 @@
+<!--
+
+A new changelog entry.
+
+Delete placeholder items that do not apply. Empty sections will be removed
+automatically during release.
+
+Leave the XX.XX as is: this is a placeholder and will be automatically filled
+correctly during the release and helps when backporting over multiple platform
+branches.
+
+-->
+
+### Impact
+
+
+### NixOS XX.XX platform
+
+- Internal: Introduce automatic nixpkgs update workflow (PL-133100)