diff --git a/configuration/common/nix.nix b/configuration/common/nix.nix
index 29d681a..2c2f4b4 100644
--- a/configuration/common/nix.nix
+++ b/configuration/common/nix.nix
@@ -4,6 +4,8 @@
 
   clerie.nixfiles.enable = true;
 
+  clerie.nixfiles.system-auto-upgrade.enable = true;
+
   nix.settings = {
     trusted-users = [ "@wheel" "@guests" ];
     auto-optimise-store = true;
diff --git a/configuration/common/programs.nix b/configuration/common/programs.nix
index a10e7fc..8b4d56a 100644
--- a/configuration/common/programs.nix
+++ b/configuration/common/programs.nix
@@ -10,7 +10,6 @@
     colmena
     vim
     agenix
-    nixfiles-system-upgrade
   ];
 
   programs.mtr.enable = true;
diff --git a/hosts/dn42-il-gw1/configuration.nix b/hosts/dn42-il-gw1/configuration.nix
index 35118d9..b984017 100644
--- a/hosts/dn42-il-gw1/configuration.nix
+++ b/hosts/dn42-il-gw1/configuration.nix
@@ -330,8 +330,8 @@
   '';
 
   clerie.nixfiles.system-auto-upgrade = {
-    enable = true;
     allowReboot = true;
+    autoUpgrade = true;
   };
 
   clerie.monitoring = {
diff --git a/hosts/dn42-il-gw5/configuration.nix b/hosts/dn42-il-gw5/configuration.nix
index 95b9881..ac7a0d9 100644
--- a/hosts/dn42-il-gw5/configuration.nix
+++ b/hosts/dn42-il-gw5/configuration.nix
@@ -184,8 +184,8 @@
   '';
 
   clerie.nixfiles.system-auto-upgrade = {
-    enable = true;
     allowReboot = true;
+    autoUpgrade = true;
     startAt = "*-*-* 06:22:00";
   };
 
diff --git a/hosts/dn42-il-gw6/configuration.nix b/hosts/dn42-il-gw6/configuration.nix
index c26936f..ffefe9b 100644
--- a/hosts/dn42-il-gw6/configuration.nix
+++ b/hosts/dn42-il-gw6/configuration.nix
@@ -184,8 +184,8 @@
   '';
 
   clerie.nixfiles.system-auto-upgrade = {
-    enable = true;
     allowReboot = true;
+    autoUpgrade = true;
     startAt = "*-*-* 07:22:00";
   };
 
diff --git a/hosts/nonat/configuration.nix b/hosts/nonat/configuration.nix
index 8c8e4e8..d1af256 100644
--- a/hosts/nonat/configuration.nix
+++ b/hosts/nonat/configuration.nix
@@ -40,8 +40,8 @@
   networking.firewall.allowedUDPPorts = [];
 
   clerie.nixfiles.system-auto-upgrade = {
-    enable = true;
     allowReboot = true;
+    autoUpgrade = true;
   };
 
   clerie.monitoring = {
diff --git a/modules/nixfiles/nixfiles-system-upgrade.nix b/modules/nixfiles/nixfiles-system-upgrade.nix
index 3569914..43e0612 100644
--- a/modules/nixfiles/nixfiles-system-upgrade.nix
+++ b/modules/nixfiles/nixfiles-system-upgrade.nix
@@ -15,6 +15,11 @@ in
         default = false;
         description = "Monitor NixOS";
       };
+      autoUpgrade = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Automatically check and install upgrades";
+      };
       startAt = mkOption {
         type = with types; nullOr string;
         default = null;
@@ -33,7 +38,7 @@ in
         ExecStart = pkgs.nixfiles-system-upgrade + "/bin/nixfiles-system-upgrade --no-confirm${optionalString cfg.allowReboot " --allow-reboot"}${optionalString (config.clerie.monitoring.enable) " --node-exporter-metrics-path /var/lib/prometheus-node-exporter/textfiles/nixfiles-system-upgrade.prom"}";
       };
     };
-    systemd.timers.nixfiles-system-auto-upgrade = {
+    systemd.timers.nixfiles-system-auto-upgrade = mkIf cfg.autoUpgrade {
       wantedBy = [ "timers.target" ];
       timerConfig = {
         OnCalendar = if cfg.startAt == null then "*-*-* 05:37:00" else cfg.startAt;
@@ -41,5 +46,8 @@ in
       };
       after = [ "network-online.target" ];
     };
+    environment.systemPackages = with pkgs; [
+      nixfiles-system-upgrade
+    ];
   };
 }