From 2c643db2dce064697661f20b9e0b75a714e1dad4 Mon Sep 17 00:00:00 2001
From: oppiliappan <me@oppi.li>
Date: Fri, 29 Aug 2025 15:15:19 +0100
Subject: [PATCH] nixery: add docker-cleanup service and timer
Change-Id: voroxwzkvvttyyvwzylxwnstxwrqxuxp

Signed-off-by: oppiliappan <me@oppi.li>
---
 hosts/nixery/services/docker-cleanup.nix | 94 ++++++++++++++++++++++++
 1 file changed, 94 insertions(+)
 create mode 100644 hosts/nixery/services/docker-cleanup.nix

diff --git a/hosts/nixery/services/docker-cleanup.nix b/hosts/nixery/services/docker-cleanup.nix
new file mode 100644
index 0000000..3131ef5
--- /dev/null
+++ b/hosts/nixery/services/docker-cleanup.nix
@@ -0,0 +1,94 @@
+{ config, pkgs, ... }:
+
+{
+  systemd.services.docker-cleanup = {
+    description = "Docker cleanup service - removes unused containers, networks, images, and volumes";
+
+    serviceConfig = {
+      Type = "oneshot";
+      User = "root";
+      ExecStart = pkgs.writeShellScript "docker-cleanup" ''
+        set -e
+
+        echo "Starting Docker cleanup at $(date)"
+
+        # remove containers running for 15+ minutes
+        echo "Removing containers running for 15+ minutes..."
+        CONTAINERS_TO_REMOVE=$(${pkgs.docker}/bin/docker ps --format "table {{.ID}}\t{{.RunningFor}}" --no-trunc | awk '
+        /minute/ {
+          if ($2 >= 15) print $1
+        }
+        /hour/ {
+          print $1
+        }
+        /day/ {
+          print $1
+        }
+        /week/ {
+          print $1
+        }
+        /month/ {
+          print $1
+        }
+        /year/ {
+          print $1
+        }
+        ')
+
+        if [ -n "$CONTAINERS_TO_REMOVE" ]; then
+          echo "Found containers to remove: $CONTAINERS_TO_REMOVE"
+          echo "$CONTAINERS_TO_REMOVE" | xargs -r ${pkgs.docker}/bin/docker rm -f
+        else
+          echo "No containers running for 15+ minutes found"
+        fi
+
+        # remove stopped containers
+        echo "Removing stopped containers..."
+        ${pkgs.docker}/bin/docker container prune -f || true
+
+        # remove unused networks (excluding default networks)
+        echo "Removing unused networks..."
+        ${pkgs.docker}/bin/docker network prune -f || true
+
+        # remove unused images (dangling images only by default)
+        echo "Removing dangling images..."
+        ${pkgs.docker}/bin/docker image prune -f || true
+
+        # remove unused volumes
+        echo "Removing unused volumes..."
+        ${pkgs.docker}/bin/docker volume prune -f || true
+
+        echo "Docker cleanup completed at $(date)"
+      '';
+
+      PrivateNetwork = false; # Needs network access for Docker
+      ProtectSystem = "strict";
+      ProtectHome = true;
+      NoNewPrivileges = true;
+
+      # Logging
+      StandardOutput = "journal";
+      StandardError = "journal";
+    };
+
+    # ensure docker is running before cleanup
+    after = [ "docker.service" ];
+    requires = [ "docker.service" ];
+
+    # don't restart on failure
+    restartIfChanged = false;
+  };
+
+  # timer to run the cleanup service every n minutes
+  systemd.timers.docker-cleanup = {
+    description = "Timer for Docker cleanup service";
+    timerConfig = {
+      OnCalendar = "*:0/15"; # run every 15 minutes
+      Persistent = true; # persist timer across reboots
+      WakeSystem = false; # run immediately if the system was powered off when timer should have run
+    };
+    wantedBy = [ "timers.target" ];
+  };
+
+  virtualisation.docker.enable = true;
+}
-- 
2.43.0