diff --git a/base.nix b/base.nix
index 0d4d83b..085e182 100644
--- a/base.nix
+++ b/base.nix
@@ -12,30 +12,29 @@
   nixpkgs.config.allowUnfreePredicate = (pkg: true);
 
   # 'nixos-rebuild switch --upgrade', by default daily with no reboot
+  system.autoUpgrade.enable = true;
   #system.autoUpgrade.allowReboot = true; # reboot after a kernel (module) or initrd upgrade, consider also setting `rebootWindow`
-  # TODO: this check is not pure
-  system.autoUpgrade = if builtins.pathExists "/etc/nixos/flake.nix" then { #TODO: should i check for .git instead?
-    enable = true;
-    flake = "/etc/nixos";
-    flags = [
-      "--recreate-lock-file" # fetch new inputs
-      #"--commit-lock-file"   # commit new lock to local git repo
-      # TODO: can i somehow first do a git pull --rebase --autostash with proper abort handling ?
-      "-L"                   # print build logs
-    ];
-  } else {
-    enable = true;
-    flake = inputs.self.outPath; # a nix store path
-    flags = [
-      "--recreate-lock-file" # fetch new inputs
-      "--no-write-lock-file" # no write new flakelock, as the in-store flake is read-only
-      "-L"                   # print build logs
-    ];
-  };
+  /** /
   # TODO: this doesn't work during 'nix eval' on a non-nixos machine
+  system.autoUpgrade.flake = "/etc/nixos";
+  system.autoUpgrade.flags = [
+    "--recreate-lock-file" # fetch new inputs
+    #"--commit-lock-file"   # commit new lock to local git repo
+    # TODO: can i somehow first do a git pull --rebase --autostash with proper abort handling ?
+    "-L"                   # print build logs
+  ];
   #assertions = [
   #  { assertion = builtins.pathExists "/etc/nixos/flake.nix"; message = "You have yet to test systems without a flake in /etc/nixos"; }
   #];
+  /**/
+  system.autoUpgrade.flake = inputs.self.outPath; # a nix store path
+  #system.autoUpgrade.flake = "github:pbsds/nix-config"; # TODO: use this instead?
+  system.autoUpgrade.flags = [
+    "--recreate-lock-file" # fetch new inputs
+    "--no-write-lock-file" # no write new flakelock, as the in-store flake is read-only
+    "-L"                   # print build logs
+  ];
+  /**/
 
   nix.settings.trusted-users = [ "root" ]; # default, but will stick around after a mergins with ./users
   nix.settings.auto-optimise-store = true; # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise