diff --git a/roles/service-bird-icvpn/tasks/main.yml b/roles/service-bird-icvpn/tasks/main.yml
index 4d99db1..adbf20b 100644
--- a/roles/service-bird-icvpn/tasks/main.yml
+++ b/roles/service-bird-icvpn/tasks/main.yml
@@ -39,7 +39,7 @@
   file:
     path: "{{ item }}"
     mode: 0640
-    owner: bird
+    owner: admin
     group: bird
   notify:
     - reload bird4
@@ -51,10 +51,34 @@
   file:
     path: "{{ item }}"
     mode: 0640
-    owner: bird
+    owner: admin
     group: bird
   notify:
     - reload bird6
   with_items:
     - /etc/bird/icvpn_ipv6_peers.conf
     - /etc/bird/icvpn_ipv6_roa.conf
+
+- name: write systemd unit icvpn-update.service
+  template:
+    src: icvpn-update.service.j2
+    dest: /etc/systemd/system/icvpn-update.service
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload systemd
+
+- name: write systemd timer icvpn-update.timer
+  template:
+    src: icvpn-update.timer.j2
+    dest: /etc/systemd/system/icvpn-update.timer
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload systemd
+
+- name: configure systemd unit/timer icvpn-update
+  systemd:
+    name: icvpn-update.timer
+    enabled: yes
+    state: started
diff --git a/roles/service-bird-icvpn/templates/icvpn-update.service.j2 b/roles/service-bird-icvpn/templates/icvpn-update.service.j2
new file mode 100644
index 0000000..d4c964d
--- /dev/null
+++ b/roles/service-bird-icvpn/templates/icvpn-update.service.j2
@@ -0,0 +1,10 @@
+#
+# {{ ansible_managed }}
+#
+[Unit]
+Description=Update tinc hosts and bgp peers for icvpn
+
+[Service]
+ExecStart=/home/admin/clones/backend-scripts/gen_icvpn_bgp_gw.sh
+User=admin
+Group=admin
diff --git a/roles/service-bird-icvpn/templates/icvpn-update.timer.j2 b/roles/service-bird-icvpn/templates/icvpn-update.timer.j2
new file mode 100644
index 0000000..55c464a
--- /dev/null
+++ b/roles/service-bird-icvpn/templates/icvpn-update.timer.j2
@@ -0,0 +1,12 @@
+#
+# {{ ansible_managed }}
+#
+[Unit]
+Description=Timer which schedules icvpn-update.service
+
+[Timer]
+OnBootSec=1h
+OnUnitActiveSec=2d
+
+[Install]
+WantedBy=timers.target
diff --git a/roles/service-bird/tasks/main.yml b/roles/service-bird/tasks/main.yml
index 822b130..4cd2845 100644
--- a/roles/service-bird/tasks/main.yml
+++ b/roles/service-bird/tasks/main.yml
@@ -8,6 +8,12 @@
     - bird-bgp
     - bird-doc
 
+- name: set directory permissions for /etc/bird
+  file:
+    path: /etc/bird
+    state: directory
+    mode: 0755
+
 - name: write bird configuration
   template:
     src: bird{{ item }}.conf.j2