diff --git a/configuration/common/programs.nix b/configuration/common/programs.nix
index 2eafc83..d0e80cc 100644
--- a/configuration/common/programs.nix
+++ b/configuration/common/programs.nix
@@ -11,6 +11,7 @@
     vim
     agenix
     nixos-firewall-tool
+    nixfiles-system-upgrade
   ];
 
   programs.mtr.enable = true;
diff --git a/flake.lock b/flake.lock
index 276b2b5..4b9e2fa 100644
--- a/flake.lock
+++ b/flake.lock
@@ -218,11 +218,11 @@
     },
     "nixpkgs-krypton": {
       "locked": {
-        "lastModified": 1701068326,
-        "narHash": "sha256-vmMceA+q6hG1yrjb+MP8T0YFDQIrW3bl45e7z24IEts=",
+        "lastModified": 1701253981,
+        "narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8cfef6986adfb599ba379ae53c9f5631ecd2fd9c",
+        "rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 9830c65..3ae7d60 100644
--- a/flake.nix
+++ b/flake.nix
@@ -107,7 +107,7 @@
         nixfiles-auto-install
         nixfiles-generate-backup-secrets
         nixfiles-generate-config
-        nixfiles-system-sync-to-hydra
+        nixfiles-system-upgrade
         nixfiles-updated-inputs
         nixfiles-update-ssh-host-keys
         nixos-firewall-tool
diff --git a/hosts/dn42-il-gw1/configuration.nix b/hosts/dn42-il-gw1/configuration.nix
index ea58042..35118d9 100644
--- a/hosts/dn42-il-gw1/configuration.nix
+++ b/hosts/dn42-il-gw1/configuration.nix
@@ -329,7 +329,7 @@
   }
   '';
 
-  clerie.nixfiles.system-auto-sync-to-hydra = {
+  clerie.nixfiles.system-auto-upgrade = {
     enable = true;
     allowReboot = true;
   };
diff --git a/hosts/dn42-il-gw5/configuration.nix b/hosts/dn42-il-gw5/configuration.nix
index 4d28052..9b0295d 100644
--- a/hosts/dn42-il-gw5/configuration.nix
+++ b/hosts/dn42-il-gw5/configuration.nix
@@ -183,7 +183,7 @@
   }
   '';
 
-  clerie.nixfiles.system-auto-sync-to-hydra = {
+  clerie.nixfiles.system-auto-upgrade = {
     enable = true;
     allowReboot = true;
   };
diff --git a/hosts/dn42-il-gw6/configuration.nix b/hosts/dn42-il-gw6/configuration.nix
index 15837c2..03be38d 100644
--- a/hosts/dn42-il-gw6/configuration.nix
+++ b/hosts/dn42-il-gw6/configuration.nix
@@ -183,7 +183,7 @@
   }
   '';
 
-  clerie.nixfiles.system-auto-sync-to-hydra = {
+  clerie.nixfiles.system-auto-upgrade = {
     enable = true;
     allowReboot = true;
   };
diff --git a/hosts/monitoring-3/prometheus.nix b/hosts/monitoring-3/prometheus.nix
index e5b7286..d8ca1d9 100644
--- a/hosts/monitoring-3/prometheus.nix
+++ b/hosts/monitoring-3/prometheus.nix
@@ -273,7 +273,7 @@ in {
         static_configs = [
           {
             targets = [
-              "https://matrix.entr0py.de/_matrix/static/"
+              "matrix.entr0py.de"
             ];
           }
         ];
@@ -281,9 +281,10 @@ in {
           {
             source_labels = [ "__address__" ];
             target_label = "__param_target";
+            replacement = "https://\${1}/_matrix/static/";
           }
           {
-            source_labels = [ "__param_target" ];
+            source_labels = [ "__address__" ];
             target_label = "target";
           }
           {
diff --git a/hosts/monitoring-3/rules.yml b/hosts/monitoring-3/rules.yml
index e0b3cd5..ae906a7 100644
--- a/hosts/monitoring-3/rules.yml
+++ b/hosts/monitoring-3/rules.yml
@@ -57,3 +57,11 @@ groups:
     annotations:
       summary: "Kernel of {{ $labels.instance }} changed"
       description: "The Kernel {{ $labels.instance }} booted with, isn't the target Kernel. A reboot may be required."
+  - alert: SynapseUnavailable
+    expr: last_over_time(probe_success{instance="monitoring-3.net.clerie.de", job="blackbox_local_synapse", target="matrix.entr0py.de"}[5m]) == 0
+    for: 5m
+    labels:
+      severity: warning
+    annotations:
+      summary: "Synapse of {{ $labels.target }} unavailable"
+      description: "The Synapse backend of {{ $labels.instance }} is unreachable or returns garbage"
diff --git a/hosts/nonat/configuration.nix b/hosts/nonat/configuration.nix
index 3dde127..8c8e4e8 100644
--- a/hosts/nonat/configuration.nix
+++ b/hosts/nonat/configuration.nix
@@ -39,7 +39,7 @@
 
   networking.firewall.allowedUDPPorts = [];
 
-  clerie.nixfiles.system-auto-sync-to-hydra = {
+  clerie.nixfiles.system-auto-upgrade = {
     enable = true;
     allowReboot = true;
   };
diff --git a/modules/default.nix b/modules/default.nix
index c43aede..08b5ed4 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -13,7 +13,7 @@
     ./monitoring
     ./nginx-port-forward
     ./nixfiles
-    ./nixfiles/system-auto-sync-to-hydra.nix
+    ./nixfiles/nixfiles-system-upgrade.nix
     ./update-from-hydra
     ./wg-clerie
     ./wireguard-initrd
diff --git a/modules/nixfiles/system-auto-sync-to-hydra.nix b/modules/nixfiles/nixfiles-system-upgrade.nix
similarity index 55%
rename from modules/nixfiles/system-auto-sync-to-hydra.nix
rename to modules/nixfiles/nixfiles-system-upgrade.nix
index 3d41ea1..546478b 100644
--- a/modules/nixfiles/system-auto-sync-to-hydra.nix
+++ b/modules/nixfiles/nixfiles-system-upgrade.nix
@@ -3,12 +3,12 @@
 with lib;
 
 let
-  cfg = config.clerie.nixfiles.system-auto-sync-to-hydra;
+  cfg = config.clerie.nixfiles.system-auto-upgrade;
 in
 
 {
   options = {
-    clerie.nixfiles.system-auto-sync-to-hydra = {
+    clerie.nixfiles.system-auto-upgrade = {
       enable = mkEnableOption "clerie nixfiles tools";
       allowReboot = mkOption {
         type = types.bool;
@@ -18,10 +18,10 @@ in
     };
   };
   config = mkIf cfg.enable {
-    systemd.services.nixfiles-system-auto-sync-to-hydra = {
+    systemd.services.nixfiles-system-auto-upgrade = {
       serviceConfig = {
         Type = "oneshot";
-        ExecStart = pkgs.nixfiles-system-sync-to-hydra + "/bin/nixfiles-system-sync-to-hydra${optionalString cfg.allowReboot " --allow-reboot"}";
+        ExecStart = pkgs.nixfiles-system-upgrade + "/bin/nixfiles-system-upgrade --no-confirm${optionalString cfg.allowReboot " --allow-reboot"}";
       };
       startAt = "*-*-* 06:47:00";
     };
diff --git a/pkgs/nixfiles/nixfiles-system-sync-to-hydra.nix b/pkgs/nixfiles/nixfiles-system-upgrade.nix
similarity index 50%
rename from pkgs/nixfiles/nixfiles-system-sync-to-hydra.nix
rename to pkgs/nixfiles/nixfiles-system-upgrade.nix
index 41c32d2..9d494f4 100644
--- a/pkgs/nixfiles/nixfiles-system-sync-to-hydra.nix
+++ b/pkgs/nixfiles/nixfiles-system-upgrade.nix
@@ -1,8 +1,8 @@
 { pkgs, ... }:
 
 pkgs.writeShellApplication {
-  name = "nixfiles-system-sync-to-hydra";
-  text = builtins.readFile ./nixfiles-system-sync-to-hydra.sh;
+  name = "nixfiles-system-upgrade";
+  text = builtins.readFile ./nixfiles-system-upgrade.sh;
   runtimeInputs = with pkgs; [
     curl
     jq
diff --git a/pkgs/nixfiles/nixfiles-system-sync-to-hydra.sh b/pkgs/nixfiles/nixfiles-system-upgrade.sh
similarity index 80%
rename from pkgs/nixfiles/nixfiles-system-sync-to-hydra.sh
rename to pkgs/nixfiles/nixfiles-system-upgrade.sh
index d3da0c0..9ad1b96 100755
--- a/pkgs/nixfiles/nixfiles-system-sync-to-hydra.sh
+++ b/pkgs/nixfiles/nixfiles-system-upgrade.sh
@@ -3,17 +3,22 @@
 set -euo pipefail
 
 ALLOW_REBOOT=
+NO_CONFIRM=
 
 while [[ $# -gt 0 ]]; do
 	case $1 in
 		--allow-reboot)
 			ALLOW_REBOOT=1
 			shift
-			;;
+		;;
+		--no-confirm)
+			NO_CONFIRM=1
+			shift
+		;;
 		*)
 			echo "Unknown option $1"
 			exit 1
-			;;
+		;;
 	esac
 done
 
@@ -22,6 +27,17 @@ HYDRA_JOB_URL="https://hydra.clerie.de/job/nixfiles/nixfiles/nixosConfigurations
 echo "Fetching job output from ${HYDRA_JOB_URL}"
 STORE_PATH="$(curl --fail -s -L -H "Accept: application/json" "${HYDRA_JOB_URL}" | jq -r ".buildoutputs.out.path")"
 
+if [[ -z $NO_CONFIRM ]]; then
+	echo ""
+	echo "  ! WARNING !"
+	echo ""
+	echo "  You are about to upgrade ${HOSTNAME} to ${STORE_PATH}."
+	echo "  This can be an older version than currently running on this system."
+	echo ""
+	read -e -r -p "Continue?" confirm
+	echo "$confirm" > /dev/null
+fi
+
 echo "Download ${STORE_PATH}"
 nix copy --from "https://nix-cache.clerie.de" "${STORE_PATH}"
 
diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix
index 2d5ffdf..743818a 100644
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@@ -6,7 +6,7 @@ self: super: {
   nixfiles-auto-install = self.callPackage ./nixfiles/nixfiles-auto-install.nix {};
   nixfiles-generate-backup-secrets = self.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
   nixfiles-generate-config = self.callPackage ./nixfiles/nixfiles-generate-config.nix {};
-  nixfiles-system-sync-to-hydra = self.callPackage ./nixfiles/nixfiles-system-sync-to-hydra.nix {};
+  nixfiles-system-upgrade = self.callPackage ./nixfiles/nixfiles-system-upgrade.nix {};
   nixfiles-updated-inputs = self.callPackage ./nixfiles/nixfiles-updated-inputs.nix {};
   nixfiles-update-ssh-host-keys = self.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
   nixos-firewall-tool = self.callPackage ./nixos-firewall-tool {};