diff --git a/.forgejo/workflows/update.yaml b/.forgejo/workflows/update.yaml
index 36ca244..b30ab13 100644
--- a/.forgejo/workflows/update.yaml
+++ b/.forgejo/workflows/update.yaml
@@ -1,15 +1,32 @@
 on: [push]
+
 jobs:
-#  format:
+  # Source: https://github.com/isabelroses/dotfiles/tree/main/.github/workflows
+  update-lockfile:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@main
+        with:
+          logger: pretty
+
+#      - name: Update Lockfile
+#        uses: DeterminateSystems/update-flake-lock@main
+#        id: update
+#        with:
+#          pr-title: "chore(deps): flake inputs"
+#          commit-msg: "chore(deps): flake inputs"
+#          token: ${{ secrets.GITHUB_TOKEN }}
+
+#  build:
 #    runs-on: nix
 #    steps:
+#      - run: nix-env -iA nixpkgs.nodejs_20
 #      - uses: actions/checkout@v4
-#      - run: nix --experimental-features 'nix-command flakes' fmt
-  build:
-    runs-on: nix
-    steps:
-      - run: nix-env -iA nixpkgs.nodejs_20
-      - uses: actions/checkout@v4
-      - run: nix --experimental-features 'nix-command flakes' flake update
-      - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven
-      - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Khanda
+#      - run: nix --experimental-features 'nix-command flakes' flake update
+#      - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven
+#      - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Khanda
diff --git a/flake.lock b/flake.lock
index 1b91de5..e48347f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -218,11 +218,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1716856858,
-        "narHash": "sha256-dfNGs2AW/V31nMVeEBSUJCMfT6bZAKJ5qsWgFHWhvUc=",
+        "lastModified": 1717036776,
+        "narHash": "sha256-joKTxvywYlKspGGKOIXho6oRbggOPyayEqAyuZCavO0=",
         "ref": "refs/heads/main",
-        "rev": "38f31ee7c1a60adae58833789dd855c128b056c6",
-        "revCount": 85,
+        "rev": "b4b38e6b5fe18da9464f291ae5fbf2ea9acb9ccb",
+        "revCount": 86,
         "type": "git",
         "url": "https://git.lix.systems/lix-project/nixos-module"
       },
@@ -250,11 +250,11 @@
     "nix-secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1716827240,
-        "narHash": "sha256-0LHXNvx7KEsn3j9w/4VtQiEWKrqJmmWn1k/169x/N04=",
-        "ref": "f8a243d7e9db4689bcfc7726df75d5725daf4b60",
-        "rev": "f8a243d7e9db4689bcfc7726df75d5725daf4b60",
-        "revCount": 40,
+        "lastModified": 1716929428,
+        "narHash": "sha256-MRMQqR0lXM8ZA92QACu0VjFIcWtxZ0nvEU94VFFuKTo=",
+        "ref": "refs/heads/main",
+        "rev": "4db84b723bb2eb21a2c58de565ed89ddb34e6166",
+        "revCount": 41,
         "type": "git",
         "url": "file:///home/aires/Development/nix-configuration/nix-secrets"
       },
diff --git a/hosts/Haven/default.nix b/hosts/Haven/default.nix
index c52c498..750a0cc 100644
--- a/hosts/Haven/default.nix
+++ b/hosts/Haven/default.nix
@@ -123,7 +123,7 @@ in
     script = ''
       set -eu
       cd ${config.users.users.aires.home}/Development/nix-configuration
-      git pull
+      git pull --recurse-submodules
       nix flake update
       git add flake.lock
       git commit -m "Update flake.lock"
diff --git a/modules/base/system.nix b/modules/base/system.nix
index 6927220..e9df776 100644
--- a/modules/base/system.nix
+++ b/modules/base/system.nix
@@ -26,15 +26,28 @@
     };
   };
 
-  # Configure automatic updates
-  system.autoUpgrade = {
-    enable = true;
-    flake = "git+https://${config.secrets.services.forgejo.url}/aires/nix-configuration";
-    dates = "daily";
-    randomizedDelaySec = "30m";
-    allowReboot = false;
-    operation = "switch";
-    persistent = true;
+  # Configure automatic updates. Replaces system.autoUpgrade.
+  systemd.services."nixos-update" = {
+    serviceConfig = {
+      Type = "oneshot";
+      User = "root";
+    };
+    script = ''
+      set -eu
+      cd ${config.users.users.aires.home}/Development/nix-configuration
+      sudo -u aires git pull --recurse-submodules
+	  nh os switch
+    '';
+  };
+  systemd.timers."nixos-update-timer" = {
+    wants = [ "network-online.target" ];
+    after = [ "network-online.target" ];
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "daily";
+      Persistent = "true";
+      Unit = "nixos-update.service";
+    };
   };
 
   services = {
diff --git a/nix-secrets b/nix-secrets
index f8a243d..4db84b7 160000
--- a/nix-secrets
+++ b/nix-secrets
@@ -1 +1 @@
-Subproject commit f8a243d7e9db4689bcfc7726df75d5725daf4b60
+Subproject commit 4db84b723bb2eb21a2c58de565ed89ddb34e6166