refactor: make modules independant and exposed in the flake for outside use

nixosModules/docker/.template/compose.nix

@@ -0,0 +1,10 @@
+{config, ...}: let
+  inherit (config.sops) secrets;
+  inherit (config.khepri) rwDataDir;
+
+  rwPath = rwDataDir + "/projectName";
+in {
+  khepri.compositions."projectName" = {
+    services = {};
+  };
+}

nixosModules/docker/.template/images/image.nix

@@ -0,0 +1,8 @@
+pkgs:
+pkgs.dockerTools.pullImage {
+  imageName = "some/image/name";
+  imageDigest = "";
+  sha256 = "";
+  finalImageName = "";
+  finalImageTag = "latest";
+}

nixosModules/docker/default.nix

@@ -0,0 +1,48 @@
+khepri: {
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib) mkOption types;
+
+  inherit (config.vars) mainUser;
+in {
+  imports = [khepri.nixosModules.default];
+
+  options.khepri = {
+    rwDataDir = mkOption {
+      default = "/var/lib/docker";
+      type = types.str;
+      description = ''
+        Directory to place persistent data in.
+      '';
+    };
+  };
+
+  config = {
+    users.extraUsers.${mainUser}.extraGroups = ["docker"];
+
+    virtualisation = {
+      docker = {
+        enable = true;
+        storageDriver = "btrfs";
+
+        package = pkgs.docker_27;
+
+        daemon.settings.dns = ["8.8.8.8" "1.1.1.1"];
+      };
+
+      # khepri uses oci-containers under the hood and it must be set to docker to work
+      oci-containers.backend = "docker";
+    };
+
+    # Script for updating the images of all images of a compose.nix file
+    environment.systemPackages = with pkgs; [
+      (callPackage ./updateImage.nix {})
+    ];
+  };
+
+  # For accurate stack trace
+  _file = ./default.nix;
+}

nixosModules/docker/updateImage.nix

@@ -0,0 +1,39 @@
+{
+  nix-prefetch-docker,
+  skopeo,
+  writeShellApplication,
+  ...
+}:
+writeShellApplication {
+  name = "updateImages";
+
+  runtimeInputs = [
+    (writeShellApplication {
+      name = "pullImage";
+      runtimeInputs = [nix-prefetch-docker skopeo];
+      text = ''
+        FILE="$1"
+
+        IMAGE=$(sed -n 's/.*imageName = "\([^"]*\).*/\1/p' "$FILE")
+        TAG=$(sed -n 's/.*finalImageTag = "\([^"]*\).*/\1/p' "$FILE")
+        CURRENT_DIGEST=$(sed -n 's/.*imageDigest = "\([^"]*\).*/\1/p' "$FILE")
+        NEW_DIGEST=$(skopeo inspect "docker://$IMAGE:$TAG" | jq '.Digest' -r)
+
+        output="$IMAGE $TAG"
+
+        if ! grep "Locked" "$FILE"; then
+            if [[ "$CURRENT_DIGEST" != "$NEW_DIGEST" ]]; then
+                echo -e "• $output:\n   $CURRENT_DIGEST\n → $NEW_DIGEST\n"
+                PREFETCH=$(nix-prefetch-docker "$IMAGE" "$TAG")
+                echo -e "pkgs:\npkgs.dockerTools.pullImage $PREFETCH" > "$FILE"
+            fi
+        fi
+      '';
+    })
+  ];
+
+  text = ''
+    DIR=''${1:-"."}
+    find "$DIR"/images -type f -exec pullImage {} \;
+  '';
+}