diff --git a/modules/nixfiles/nixfiles-system-upgrade.nix b/modules/nixfiles/nixfiles-system-upgrade.nix
index a848a92..546478b 100644
--- a/modules/nixfiles/nixfiles-system-upgrade.nix
+++ b/modules/nixfiles/nixfiles-system-upgrade.nix
@@ -21,7 +21,7 @@ in
     systemd.services.nixfiles-system-auto-upgrade = {
       serviceConfig = {
         Type = "oneshot";
-        ExecStart = pkgs.nixfiles-system-upgrade + "/bin/nixfiles-system-upgrade${optionalString cfg.allowReboot " --allow-reboot"}";
+        ExecStart = pkgs.nixfiles-system-upgrade + "/bin/nixfiles-system-upgrade --no-confirm${optionalString cfg.allowReboot " --allow-reboot"}";
       };
       startAt = "*-*-* 06:47:00";
     };
diff --git a/pkgs/nixfiles/nixfiles-system-upgrade.sh b/pkgs/nixfiles/nixfiles-system-upgrade.sh
index d3da0c0..9ad1b96 100755
--- a/pkgs/nixfiles/nixfiles-system-upgrade.sh
+++ b/pkgs/nixfiles/nixfiles-system-upgrade.sh
@@ -3,17 +3,22 @@
 set -euo pipefail
 
 ALLOW_REBOOT=
+NO_CONFIRM=
 
 while [[ $# -gt 0 ]]; do
 	case $1 in
 		--allow-reboot)
 			ALLOW_REBOOT=1
 			shift
-			;;
+		;;
+		--no-confirm)
+			NO_CONFIRM=1
+			shift
+		;;
 		*)
 			echo "Unknown option $1"
 			exit 1
-			;;
+		;;
 	esac
 done
 
@@ -22,6 +27,17 @@ HYDRA_JOB_URL="https://hydra.clerie.de/job/nixfiles/nixfiles/nixosConfigurations
 echo "Fetching job output from ${HYDRA_JOB_URL}"
 STORE_PATH="$(curl --fail -s -L -H "Accept: application/json" "${HYDRA_JOB_URL}" | jq -r ".buildoutputs.out.path")"
 
+if [[ -z $NO_CONFIRM ]]; then
+	echo ""
+	echo "  ! WARNING !"
+	echo ""
+	echo "  You are about to upgrade ${HOSTNAME} to ${STORE_PATH}."
+	echo "  This can be an older version than currently running on this system."
+	echo ""
+	read -e -r -p "Continue?" confirm
+	echo "$confirm" > /dev/null
+fi
+
 echo "Download ${STORE_PATH}"
 nix copy --from "https://nix-cache.clerie.de" "${STORE_PATH}"