podman: Enable auto-updates

2023-05-21 17:07:55 +02:00 · 2023-05-21 17:07:55 +02:00 · 56f495cf9d
parent 8332096355
commit 56f495cf9d
3 changed files with 31 additions and 12 deletions
--- a/container/autobrr/default.nix
+++ b/container/autobrr/default.nix
@ -17,6 +17,8 @@
    ];
    extraOptions = [
      "--network=ns:/var/run/netns/wg"
+      "--label=com.centurylinklabs.watchtower.enable=true"
+      "--label=io.containers.autoupdate=registry"
    ];
  };

@ -28,6 +30,8 @@
    ];
    extraOptions = [
      "--network=ns:/var/run/netns/wg"
+      "--label=com.centurylinklabs.watchtower.enable=true"
+      "--label=io.containers.autoupdate=registry"
    ];
  };

--- a/container/matrix/default.nix
+++ b/container/matrix/default.nix
@ -9,10 +9,6 @@
      volumes = [
        "/etc/container-matrix/signald:/signald"
      ];
-      extraOptions = [
-        "--label=com.centurylinklabs.watchtower.enable=true"
-        "--label=io.containers.autoupdate=registry"
-      ];
    };

    # https://mau.dev/mautrix/signal
@ -24,10 +20,6 @@
        "/etc/container-matrix/signal:/data"
        "/etc/container-matrix/signald:/signald"
      ];
-      extraOptions = [
-        "--label=com.centurylinklabs.watchtower.enable=true"
-        "--label=io.containers.autoupdate=registry"
-      ];
    };

    # https://mau.dev/mautrix/whatsapp
@ -37,10 +29,6 @@
      volumes = [
        "/etc/container-matrix/whatsapp:/data"
      ];
-      extraOptions = [
-        "--label=com.centurylinklabs.watchtower.enable=true"
-        "--label=io.containers.autoupdate=registry"
-      ];
    };
  };

--- a/system/nixos/container.nix
+++ b/system/nixos/container.nix
@ -28,4 +28,31 @@
    allowedUDPPorts = [ 53 ];
    allowedTCPPorts = [ 53 ];
  };
+
+  # It looks like there is no way to activate the "built-in" service and timer ...
+  systemd.services.podman-auto-update-custom = {
+    wants = [ "network-online.target" ];
+    after = [ "network-online.target" ];
+    wantedBy = [ "default.target" ];
+
+    serviceConfig =
+      let
+        podman = config.virtualisation.podman.package;
+      in
+      {
+        Type = "oneshot";
+        ExecStart = "${podman}/bin/podman auto-update";
+        ExecStartPost = "${podman}/bin/podman image prune -f";
+      };
+  };
+
+  systemd.timers.podman-auto-update-custom = {
+    wantedBy = [ "timers.target" ];
+
+    timerConfig = {
+      OnCalendar = "daily";
+      RandomizedDelaySec = 900;
+      Persistent = true;
+    };
+  };
 }