{ config, lib, pkgs, ... }:
with lib;
let cfg = config.system.autoUpgradeWithPinch;
in {
  options = {
    system.autoUpgradeWithPinch = {

      enable = mkOption {
        type = types.bool;
        default = false;
        description = ''
          Whether to periodically upgrade NixOS to the latest version.
          Presumes that /etc/nixos is a git repo with a remote and
          contains a pinch file called "channels".
        '';
      };

      dates = mkOption {
        default = "04:40";
        type = types.str;
        description = ''
          Specification (in the format described by
          <citerefentry><refentrytitle>systemd.time</refentrytitle>
          <manvolnum>7</manvolnum></citerefentry>) of the time at
          which the update will occur.
        '';
      };
    };
  };

  config = lib.mkIf cfg.enable {
    nixpkgs.overlays = [ (import ../overlays/pinch.nix) ];
    systemd.services.nixos-upgrade = {
      description = "NixOS Upgrade";
      restartIfChanged = false;
      unitConfig.X-StopOnRemoval = false;
      serviceConfig.Type = "oneshot";
      environment = config.nix.envVars // {
        inherit (config.environment.sessionVariables) NIX_PATH;
        HOME = "/root";
      } // config.networking.proxy.envVars;

      path = with pkgs; [
        config.nix.package.out
        coreutils
        git
        gitMinimal
        gnutar
        gzip
        pinch
        xz.bin
      ];

      script = ''
        set -e
        (
          cd /etc/nixos
          git pull --ff-only
          pinch update channels
        )

        ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --no-build-output
      '';

      startAt = cfg.dates;
    };
  };
}