diff --git a/tasks.py b/tasks.py
index 568b8ec..c4ceaba 100644
--- a/tasks.py
+++ b/tasks.py
@@ -198,6 +198,25 @@ def scan_age_keys(c, host):
     )
 
 
+@task
+def update_terraform(c):
+    """
+    Update terraform devshell flake
+    """
+    with c.cd("terraform"):
+        c.run(
+            """
+system="$(nix eval --impure --raw --expr 'builtins.currentSystem')"
+old="$(nix build --no-link --print-out-paths ".#devShells.${system}.default")"
+nix flake update --commit-lock-file
+new="$(nix build --no-link --print-out-paths ".#devShells.${system}.default")"
+commit="$(git log --pretty=format:%B -1)"
+diff="$(nix store diff-closures "${old}" "${new}" | awk -F ',' '/terraform/ && /→/ {print $1}')"
+git commit --amend -m "${commit}" -m "Terraform updates:" -m "${diff}"
+"""
+        )
+
+
 @task
 def format_disks(c, hosts="", disks=""):
     """
diff --git a/terraform/flake.lock b/terraform/flake.lock
index fdb1766..aeaa43a 100644
--- a/terraform/flake.lock
+++ b/terraform/flake.lock
@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1676795730,
-        "narHash": "sha256-X69A9BdcPTySJJ7DqS4wc8b6eqGKi32jCSyaBsz4WB0=",
+        "lastModified": 1678780369,
+        "narHash": "sha256-D8wM0K1EkWLwbUu9fohC57+n89zC9qQ3hdC9Bys5GYw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "efc59894b1ba73cb745676616c56c780383d6788",
+        "rev": "1474943fd91fbe5567f7582acf568e0f999f4af1",
         "type": "github"
       },
       "original": {