Auditing changes after nixos-rebuild

Hello,

I found some ways to see what packages are updated and to what versions using nixos-rebuild, but I am interested in reviewing the changes manually when a nixpkg is updated (the nix files, not the source code of the program).

This is for security reasons as I am running a server and I would like to review all changes related to configuration on upgrade of nixpkgs.

I am looking for a utility that when you call it, it gives you some kind of git diff between your .nix version and the updated one. I am aware this should be quite easy to make myself but maybe there is something already existing and integrated?

Thank you,