diff --git a/hosts/tor/default.nix b/hosts/tor/default.nix
index 699041e..a518343 100644
--- a/hosts/tor/default.nix
+++ b/hosts/tor/default.nix
@@ -4,6 +4,7 @@
     ./tor.nix
     ../../overlays
     ../../modules/base
+    ../../modules/server
     ../../modules/tor
   ];
 
diff --git a/modules/base/system.nix b/modules/base/system.nix
index b43f984..8d356e0 100644
--- a/modules/base/system.nix
+++ b/modules/base/system.nix
@@ -17,12 +17,6 @@
   };
   nixpkgs.config.allowUnfree = true;
 
-  system.autoUpgrade = {
-    enable = true;
-    flake = "${config.users.users.caspervk.home}/nixos";
-    flags = [ "--update-input" "nixpkgs" ];
-  };
-
   environment.systemPackages = with pkgs; [
     bat
     clang
diff --git a/modules/server/default.nix b/modules/server/default.nix
new file mode 100644
index 0000000..502ffa7
--- /dev/null
+++ b/modules/server/default.nix
@@ -0,0 +1,5 @@
+{ ... }: {
+  imports = [
+    ./system.nix
+  ];
+}
diff --git a/modules/server/system.nix b/modules/server/system.nix
new file mode 100644
index 0000000..a6d3b32
--- /dev/null
+++ b/modules/server/system.nix
@@ -0,0 +1,13 @@
+{ ... }: {
+  # Automatically `nixos-rebuild switch` daily with the latest configuration
+  # from git. This overwrites any uncommitted changes in ~/nixos/, which is why
+  # it is only enabled on servers. Note that this requires updating flake.lock
+  # in the repository periodically (see .gitlab-ci.yml). Alternatively, at the
+  # cost of reproducability, add
+  # flags = [ "--recreate-lock-file" "--no-write-lock-file" ]
+  # to ignore the repository flake.lock and use the latest input versions.
+  system.autoUpgrade = {
+    enable = true;
+    flake = "git+https://git.caspervk.net/caspervk/nixos.git";
+  };
+}