diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 9c43cb575439c0ff24ba6928935cb0674e969eab..ea182dad5285487c9780432bc1b0e91765850a31 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -162,5 +162,4 @@ deploy-to-production:
 update-nixpkgs:
   <<: *RUN_ON_SCHEDULE
   script:
-    - |
-      echo "Updating nixpkgs!"
+    - "./ci-tools/update-nixpkgs"
diff --git a/ci-tools/update-nixpkgs b/ci-tools/update-nixpkgs
new file mode 100755
index 0000000000000000000000000000000000000000..78f257db7031cda7c76e6dd4e36957a4f58725c0
--- /dev/null
+++ b/ci-tools/update-nixpkgs
@@ -0,0 +1,26 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i sh -p nixUnstable git curl
+
+set -eux -o pipefail
+
+TARGET_BRANCH="nixpkgs-upgrade-$(date +%Y-%m-%d)"
+git checkout -b "${TARGET_BRANCH}"
+
+nix-build -A morph -o result-before
+update-nixpkgs
+nix-build -A morph -o result-after
+diff=$(nix --extra-experimental-features nix-command store diff-closures ./result-before/ ./result-after/)
+
+git commit -am "bump nixpkgs version"
+git push origin
+
+BODY="{
+    \"id\": ${CI_PROJECT_ID},
+    \"source_branch\": \"${CI_COMMIT_REF_NAME}\",
+    \"target_branch\": \"${TARGET_BRANCH}\",
+    \"remove_source_branch\": true,
+    \"title\": \"WIP: ${CI_COMMIT_REF_NAME}\",
+    \"assignee_id\":\"jcalderone"
+}";
+
+curl -X POST --data "${BODY}" --header "Content-Type: application/json" --header "PRIVATE-TOKEN: ${UPDATE_NIXPKGS_PRIVATE_TOKEN}" "${HOST}/api/v4/projects/merge_requests"