Howto manage nixos-containers from inside systemd services

Help
1

Hello,

I have nixos-containers run on a server to test and preview my dev builds and my current workflow includes updating the containers manually. It would be nice to have the containers update automatically everytime the code changes, so I tried to set up a systemd service and timer that update the containers.

  systemd.timers."dev-update" = {
    wantedBy = [ "timers.target" ];
      timerConfig = {
        OnBootSec = "10s";
        OnUnitActiveSec = "10s";
        Unit = "dev-update.service";
      };
  };
  
  systemd.services."dev-update" = {
    description = "dev update service";
    after = [
      "network.target"
    ];
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      ExecStart = "${pkgs.nixos-container}/bin/nixos-container update dev --flake ${inputs.dev-container}/flake.nix";
      Type = "oneshot";
    };
  };

This should run as the default root user which is necessary because nixos-containers can only be run as root. However, updating results in a permission error

Aug 10 08:28:20 jonne systemd[1]: Starting dev update service...
Aug 10 08:28:20 jonne nixos-container[2686923]: /nix/store/zhc7kxbikgz7z9hy0g9db34ilj7mcjc6-nixos-container/bin/nixos-container: failed to build container from flake '/nix/store/nlfkkb7gb8blqf6kqrn2xdch2f1azc7f-source/flake.nix'
Aug 10 08:28:20 jonne systemd[1]: dev-update.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Aug 10 08:28:20 jonne systemd[1]: dev-update.service: Failed with result 'exit-code'.
Aug 10 08:28:20 jonne systemd[1]: Failed to start dev update service.
warning: error(s) occurred while switching to the new configuration
admin at jonne in ~/nixos_machines (main|✚5)
» /nix/store/zhc7kxbikgz7z9hy0g9db34ilj7mcjc6-nixos-container/bin/nixos-container update dev --flake /nix/store/nlfkkb7gb8blqf6kqrn2xdch2f1azc7f-source/flake.nix
error: opening directory '/nix/var/nix/profiles/per-container/dev': Permission denied
/nix/store/zhc7kxbikgz7z9hy0g9db34ilj7mcjc6-nixos-container/bin/nixos-container: failed to set container configuration

When run as root, it works perfectly though

» sudo /nix/store/zhc7kxbikgz7z9hy0g9db34ilj7mcjc6-nixos-container/bin/nixos-container update dev --flake /nix/store/nlfkkb7gb8blqf6kqrn2xdch2f1azc7f-source/flake.nix
reloading container...

So, is there a way to manage nixos-containers from inside systemd services?