Add portainer_agent module and configure srv01-hf for it

hosts/srv01.hf/default.nix

@@ -16,6 +16,7 @@
       ../../modules/qemu-guest.nix
       ../../modules/docker.nix
       ../../modules/teleport.nix
+      ../../modules/portainer_agent.nix
       ../../modules/auto-upgrade.nix
       # Include the results of the hardware scan.
       ./hardware-configuration.nix
@@ -30,6 +31,8 @@
     };
   };
 
+  virtualisation.oci-containers.containers.portainer_agent.environmentFiles = [ config.age.secrets."portainer-join_token".path ];
+
   systemd.network = {
     enable = true;
       networks."10-wan" = {

hosts/srv01.hf/secrets.nix

@@ -3,5 +3,6 @@
   age.secrets = {
     teleport-ca_pin.file = "${inputs.secrets}/secrets/teleport/ca_pin";
     teleport-join_token.file = "${inputs.secrets}/secrets/srv01-hf/teleport_auth_token";
+    portainer-join_token.file = "${inputs.secrets}/secrets/srv01-hf/portainer_join_token";
   };
 }

modules/portainer_agent.nix

@@ -0,0 +1,21 @@
+{
+  ...
+}: {
+  virtualisation.oci-containers.containers = {
+    portainer_agent = {
+      image = "portainer/agent:2.33.1";
+      volumes = [
+        "/var/run/docker.sock:/var/run/docker.sock"
+        "/var/lib/docker/volumes:/var/lib/docker/volumes"
+        "/:/host"
+      ];
+      environment = {
+        EDGE = "1";
+        CAP_HOST_MANAGEMENT = "1";
+      };
+      extraOptions = [
+        ''--mount=type=volume,source=portainer_agent,target=/data,volume-driver=local''
+      ];
+    };
+  };
+}