{ config, pkgs, lib, inputs, ... }:
{

  system.autoUpgrade.enable = true;
  #system.autoUpgrade.allowReboot = true; # reboot after a kernel (module) or initrd upgrade, consider also setting `rebootWindow`

  /** /
  # TODO: this doesn't work during 'nix eval' on a non-nixos machine
  system.autoUpgrade.flake = "/etc/nixos";
  system.autoUpgrade.flags = [
    "--recreate-lock-file" # fetch new inputs
    #"--commit-lock-file"   # commit new lock to local git repo
    # TODO: can i somehow first do a git pull --rebase --autostash with proper abort handling ?
    "-L"                   # print build logs
  ];
  #assertions = [
  #  { assertion = builtins.pathExists "/etc/nixos/flake.nix"; message = "You have yet to test systems without a flake in /etc/nixos"; }
  #];
  /**/

  /**/
  # TODO: make /etc/nixos a symlink to the in-store flake? - bad idea, horrible error recovery
  # TODO: make /etc/nixos a checkout of repo?
  # TODO: update only nixpkgs and unstable
  system.autoUpgrade.flake = inputs.self.outPath; # a nix store path
  #system.autoUpgrade.flake = "github:pbsds/nix-config"; # TODO: use this instead?
  system.autoUpgrade.flags = [
    "--recreate-lock-file" # fetch new inputs
    "--no-write-lock-file" # no write new flakelock, as the in-store flake is read-only
    "-L"                   # print build logs
  ];
  environment.etc."current-system-flake".source = inputs.self; # the plan was to allow me to locate the new flake.lock, but alas https://github.com/NixOS/nix/issues/6895
  /**/

}