add automatic container update logic

hosts/nixos/hs/system.nix

@@ -12,6 +12,12 @@
     ../../../modules/samba.nix
   ];
 
+  # Automatic container updates
+  virtualisation.podman.autoUpdate = {
+    enable = true;
+    interval = "Wed *-*-* 06:00:00";
+  };
+
   # GRUB bootloader with ZFS support
   boot.loader.grub = {
     enable = true;

modules/podman.nix

@@ -1,6 +1,10 @@
 { config, pkgs, lib, ... }:
 
+with lib;
+
 let
+  cfg = config.virtualisation.podman;
+
   # System-wide script for updating containers (works with sudo)
   update-containers-script = pkgs.writeShellScriptBin "update-containers" ''
     echo "Scanning running containers..."
@@ -43,6 +47,18 @@ let
   '';
 in
 {
+  options.virtualisation.podman.autoUpdate = {
+    enable = mkEnableOption "automatic container updates";
+
+    interval = mkOption {
+      type = types.str;
+      default = "daily";
+      example = "*-*-* 03:00:00";
+      description = "Systemd timer schedule for automatic updates (OnCalendar format)";
+    };
+  };
+
+  config = {
     # Container virtualization with Podman
     virtualisation = {
     podman = {
@@ -65,4 +81,22 @@ in
     # Make update-containers available system-wide (works with sudo)
     environment.systemPackages = [ update-containers-script ];
 
+    # Automatic container updates via systemd timer
+    systemd.services.container-update-all = mkIf cfg.autoUpdate.enable {
+      description = "Automatic Podman container updates";
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = "${update-containers-script}/bin/update-containers";
+      };
+    };
+
+    systemd.timers.container-update-all = mkIf cfg.autoUpdate.enable {
+      description = "Timer for automatic Podman container updates";
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = cfg.autoUpdate.interval;
+        Persistent = true;
+      };
+    };
+  };
 }