diff --git a/sw/default.nix b/sw/default.nix
index 1c9b045..caf5bb2 100644
--- a/sw/default.nix
+++ b/sw/default.nix
@@ -75,19 +75,6 @@ in
           oh-my-posh
           inputs.lazyvim-nixvim.packages.${stdenv.hostPlatform.system}.nvim
           inputs.agenix.packages.${stdenv.hostPlatform.system}.default
-          # Custom update script
-          (writeShellScriptBin "update-system" ''
-            #!/usr/bin/env bash
-            set -euo pipefail
-
-            UNIT="update-system.service"
-
-            # start the service
-            systemctl start "$UNIT"
-
-            # follow logs until it exits
-            journalctl -u "$UNIT" -f -n 20
-          '')
         ];
     }
     # Import Desktop or Kiosk modules based on type
diff --git a/sw/shared-services.nix b/sw/shared-services.nix
index 69f26c6..2efe6c5 100644
--- a/sw/shared-services.nix
+++ b/sw/shared-services.nix
@@ -31,6 +31,30 @@ with lib;
   config = {
     modules.sw.remoteBuild.enable = lib.mkDefault (config.modules.sw.type == "tablet-kiosk");
 
+    environment.systemPackages = [
+      (pkgs.writeShellScriptBin "update-system" ''
+        set -euo pipefail
+
+        UNIT="update-system.service"
+
+        # Start following logs in the background
+        journalctl -fu "$UNIT" --output=cat &
+        JPID=$!
+
+        # Start the service and wait for it to finish
+        if systemctl start --wait "$UNIT"; then
+          STATUS=$?
+        else
+          STATUS=$?
+        fi
+
+        # Kill the log follower
+        kill "$JPID" 2>/dev/null || true
+
+        exit "$STATUS"
+      '')
+    ];
+
     systemd.services.update-system = {
       enable = true;
       description = "System daemon to one-shot run the Nix updater from fleet flake as root";