add automatic container update logic
This commit is contained in:
Yan Lin
parent
4f41394763
commit
4d05a6fbe9
2 changed files with 44 additions and 4 deletions
|
|
@ -12,6 +12,12 @@
|
||||||
../../../modules/samba.nix
|
../../../modules/samba.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# Automatic container updates
|
||||||
|
virtualisation.podman.autoUpdate = {
|
||||||
|
enable = true;
|
||||||
|
interval = "Wed *-*-* 06:00:00";
|
||||||
|
};
|
||||||
|
|
||||||
# GRUB bootloader with ZFS support
|
# GRUB bootloader with ZFS support
|
||||||
boot.loader.grub = {
|
boot.loader.grub = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,10 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
|
cfg = config.virtualisation.podman;
|
||||||
|
|
||||||
# System-wide script for updating containers (works with sudo)
|
# System-wide script for updating containers (works with sudo)
|
||||||
update-containers-script = pkgs.writeShellScriptBin "update-containers" ''
|
update-containers-script = pkgs.writeShellScriptBin "update-containers" ''
|
||||||
echo "Scanning running containers..."
|
echo "Scanning running containers..."
|
||||||
|
|
@ -43,8 +47,20 @@ let
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
# Container virtualization with Podman
|
options.virtualisation.podman.autoUpdate = {
|
||||||
virtualisation = {
|
enable = mkEnableOption "automatic container updates";
|
||||||
|
|
||||||
|
interval = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "daily";
|
||||||
|
example = "*-*-* 03:00:00";
|
||||||
|
description = "Systemd timer schedule for automatic updates (OnCalendar format)";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = {
|
||||||
|
# Container virtualization with Podman
|
||||||
|
virtualisation = {
|
||||||
podman = {
|
podman = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# Create a `docker` alias for podman, to use it as a drop-in replacement
|
# Create a `docker` alias for podman, to use it as a drop-in replacement
|
||||||
|
|
@ -62,7 +78,25 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Make update-containers available system-wide (works with sudo)
|
# Make update-containers available system-wide (works with sudo)
|
||||||
environment.systemPackages = [ update-containers-script ];
|
environment.systemPackages = [ update-containers-script ];
|
||||||
|
|
||||||
|
# Automatic container updates via systemd timer
|
||||||
|
systemd.services.container-update-all = mkIf cfg.autoUpdate.enable {
|
||||||
|
description = "Automatic Podman container updates";
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
ExecStart = "${update-containers-script}/bin/update-containers";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.timers.container-update-all = mkIf cfg.autoUpdate.enable {
|
||||||
|
description = "Timer for automatic Podman container updates";
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = cfg.autoUpdate.interval;
|
||||||
|
Persistent = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue