diff --git a/.gitignore b/.gitignore
index e0cc3c7..c07d5f6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,5 +3,6 @@
 !.gitignore
 !github2forgejo
 
+!*.lock
 !*.md
 !*.nix
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..1383f19
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,43 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1716715802,
+        "narHash": "sha256-usk0vE7VlxPX8jOavrtpOqphdfqEQpf9lgedlY/r66c=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "e2dd4e18cc1c7314e24154331bae07df76eb582f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs",
+        "systems": "systems"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..400b724
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,111 @@
+{
+  description = "GitHub to Forgejo migration script";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+
+    systems.url = "github:nix-systems/default";
+  };
+
+  outputs = { self, nixpkgs, systems }: let
+    inherit (nixpkgs) lib;
+
+    eachSystem = lib.genAttrs (import systems);
+  in {
+    packages = eachSystem (system: let pkgs = import nixpkgs { inherit system; }; in rec {
+      default        = github2forgejo;
+      github2forgejo = pkgs.callPackage ./package.nix {};
+    });
+
+    nixosModules = rec {
+      default        = github2forgejo;
+      github2forgejo = { config, utils, lib, pkgs, ... }: let
+        cfg = config.services.github2forgejo;
+      in {
+        options.services.github2forgejo = {
+          enable  = lib.mkEnableOption (lib.mdDoc "the github2gitea timer");
+          package = lib.mkPackageOption pkgs "github2forgejo";
+
+          environmentFile = lib.mkOption {
+            type    = lib.types.path;
+            default = null;
+            description = lib.mdDoc ''
+              File containing environment variables required by GitHub2Forgejo,
+              in the format of an EnvironmentFile as described by {manpage}`systemd.exec(5)`.
+
+              You must set ALL of these environment variables:
+
+                GITHUB_USER: The user to fetch the repositories from.
+                GITHUB_TOKEN: An access token for fetching private repositories. Optional.
+               
+                FORGEJO_URL: The URL to the Forgejo instance. Must include the protocol (https://).
+                FORGEJO_USER: The user to migrate the repositories to.
+                FORGEJO_TOKEN: An access token for the specified user.
+               
+                STRATEGY:
+                  The strategy. Valid options are "mirrored" or "cloned" (case insensitive).
+                  "mirrored" will mirror the repository and tell the Forgejo instance to
+                  periodically update it, "cloned" will only clone once. "cloned" is
+                  useful if you are never going to use GitHub again.
+               
+                FORCE_SYNC:
+                  Whether to delete a mirrored repo from the Forgejo instance if the
+                  source on GitHub doesn't exist anymore. Must be either "true" or "false".
+
+              You must set an environment variable to an empty string to leave it "unset".
+            '';
+
+            example = "/secrets/github2forgejo.env";
+          };
+
+          timerConfig = lib.mkOption {
+            type    = with lib.types; nullOr (attrsOf utils.systemdUtils.unitOptions.unitOption);
+            default = {
+              OnCalendar = "daily";
+              Persistent = true;
+            };
+
+            description = lib.mdDoc ''
+              When to run the script. See {manpage}`systemd.timer(5)` for
+              details. If null, no timer will be created and the script
+              will only run when explicitly started.
+            '';
+
+            example = {
+              OnCalendar         = "00:05";
+              RandomizedDelaySec = "5h";
+              Persistent         = true;
+            };
+          };
+        };
+
+        config = lib.mkIf cfg.enable {
+          nixpkgs.overlays = [(final: super: {
+            github2forgejo = super.callPackage ./package.nix {};
+          })];
+
+          systemd.services.github2forgeo = {
+            wants            = [ "network-online.target" ];
+            after            = [ "network-online.target" ];
+            restartIfChanged = false;
+
+            serviceConfig = {
+              Type      = "oneshot";
+              ExecStart = toString cfg.package;
+
+              User        = "github2forgejo";
+              DynamicUser = true;
+
+              EnvironmentFile = cfg.environmentFile;
+            };
+          };
+
+          systemd.timers.github2forgejo = lib.mkIf (cfg.timerConfig != null) {
+            wantedBy    = [ "timers.target" ];
+            timerConfig = cfg.timerConfig;
+          };
+        };
+      };
+    };
+  };
+}