replace watchtower with custom script

systems/palatine-hill/docker/archiveteam.nix

@@ -128,18 +128,25 @@ let
   at_path = vars.primary_archiveteam;
 in
 {
-  virtualisation.oci-containers.containers =
-    (createTemplatedContainers containers container-spec)
-    // {
-      archiveteam-watchtower = {
-        image = "containrrr/watchtower:latest";
-        labels = {
-          "com.centurylinklabs.watchtower.enable" = "true";
-          "com.centurylinklabs.watchtower.scope" = "archiveteam";
-        };
-        volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ];
-        log-driver = "local";
-        cmd = lib.splitString " " "--label-enable --cleanup --interval 600";
+  virtualisation.oci-containers.containers = createTemplatedContainers containers container-spec;
+  systemd = {
+    timers."custom-watchtower@archiveteam" = {
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnBootSec = "20m";
+        OnUnitActiveSec = "5m";
+        Unit = "custom-watchtower@archiveteam.service";
       };
     };
+    services."custom-watchtower@archiveteam" = {
+      bindsTo = [ "docker.service" ];
+      after = [ "docker.service" ];
+      description = "runs a watchtower-esque script for systemd-based oci-containers";
+      serviceConfig = {
+        Type = "oneshot";
+        User = "root";
+        ExecStart = "${config.nix.package}/bin/nix ${./watchtower.bash} 'com.centurylinklabs.watchtower.scope' 'archiveteam'";
+      };
+    };
+  };
 }