diff --git a/1.sh b/1.sh
index 8e98a25..c12419a 100644
--- a/1.sh
+++ b/1.sh
@@ -145,9 +145,42 @@ EOF
   print_yellow "source /root/.bashrc"
 }
 
+start_watchtower() {
+  WATCHTOWER_RUN_ONCE=false # 是否只运行一次
+  WATCHTOWER_NAME=""        # 如果不设置 container_name，则会监控所有容器
+  WATCHTOWER_DOCKER_ARGS=()
+  WATCHTOWER_ARGS=()
+  WATCHTOWER_ARGS+=(--cleanup)
+  # WATCHTOWER_ARGS+=(--remove-volumes)
+  WATCHTOWER_ARGS+=(--rolling-restart)
+
+  if [ "$WATCHTOWER_RUN_ONCE" = true ]; then
+    WATCHTOWER_ARGS+=(--run-once)
+    WATCHTOWER_DOCKER_ARGS+=(--rm)
+  else
+    WATCHTOWER_ARGS+=(--label-enable)           # 仅监控并更新标签为 com.centurylinklabs.watchtower.enable 设置为 true 的容器。
+    WATCHTOWER_ARGS+=(--schedule "0 0 3 * * *") # 每天凌晨 3 点执行
+    WATCHTOWER_DOCKER_ARGS+=(-d)
+    WATCHTOWER_DOCKER_ARGS+=(--restart unless-stopped)
+    WATCHTOWER_DOCKER_ARGS+=(--name watchtower)
+  fi
+
+  if [ -f ~/.docker/config.json ]; then # 如果 ~/.docker/config.json 存在
+    WATCHTOWER_DOCKER_ARGS+=(-v ~/.docker/config.json:/config.json)
+  fi
+
+  docker rm -f watchtower
+  docker run "${WATCHTOWER_DOCKER_ARGS[@]}" \
+    -e WATCHTOWER_NO_STARTUP_MESSAGE \
+    -e TZ=Asia/Shanghai \
+    -v /var/run/docker.sock:/var/run/docker.sock \
+    containrrr/watchtower "${WATCHTOWER_ARGS[@]}" $WATCHTOWER_NAME
+}
+
 modify_authorized_keys
 bash_aliases
 install_docker
+start_watchtower
 sysctl_config
 
-# source <(curl -fsSL scripts.oo1.dev/nezha-v1.sh)
\ No newline at end of file
+# source <(curl -fsSL scripts.oo1.dev/nezha-v1.sh)