{pkgs, ...}: {
  systemd.timers."nix-auto-upgrade" = {
    enable = true;
    wantedBy = ["timers.target"];
    timerConfig = {
      FixedRandomDelay = false;
      RandomizedDelaySec = 0;
      OnCalendar = "weekly";
      Persistent = true;
      Unit = "nix-auto-upgrade";
    };
  };

  systemd.services."nix-auto-upgrade" = {
    enable = true;
    unitConfig = {
      After="network-online.target";
      Description="NixOS Upgrade";
      Wants="network-online.target";
      # X-StopOnRemoval=false; ?
    };
    serviceConfig = {
      Type = "oneshot";
      User = "root";
      WorkingDirectory = /etc/nixos/nixos-config;

      # X-RestartIfChanged=false; ?
    };

    script = ''
      set -eu

      ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch -L --flake git+https://gitea.com/tasiaiso/nixos-config --upgrade
      
      ${pkgs.curl}/bin/curl \
        -H "Title: NixOS upgrade done" \
        -H "Priority: low" \
        -H "Tags: low" \
        -d "$(cat /etc/hostname): upgrade script done" \
        ntfy.sh/tasiaiso_upgrades &> /dev/null # Please don't make me learn how to manage secrets
    '';
  };
}