feat(docker): khepri -> nixos-docker-compose

2025-01-30 23:25:25 -05:00 · 2025-01-30 23:25:25 -05:00 · 42ca2912c7
commit 42ca2912c7
parent 467968eb4f
31 changed files with 230 additions and 243 deletions
--- a/configurations/homie/default.nix
+++ b/configurations/homie/default.nix
@ -60,7 +60,8 @@
    sshd.enable = true;
  };

-  khepri.enable = true;
+  roles.docker.enable = true;
+
  services.kmscon.enable = true;

  home-manager.users.${mainUser} = {
--- a/configurations/homie/modules/home-assistant/netdaemon/default.nix
+++ b/configurations/homie/modules/home-assistant/netdaemon/default.nix
@ -9,14 +9,14 @@

  inherit (pkgs.callPackage ./package.nix {}) netdaemonConfig;
 in {
-  khepri.compositions."netdaemon" = {
+  virtualisation.docker.compose."netdaemon" = {
    networks.netdaemon = {external = true;};

    services."netdaemon5" = {
-      image = import ./images/netdaemon.nix pkgs;
+      image = pkgs.callPackage ./images/netdaemon.nix pkgs;
      restart = "always";

-      environmentFiles = [secrets.netdaemon.path];
+      env_file = [secrets.netdaemon.path];
      environment = {
        HomeAssistant__Host = "homie.nelim.org";
        HomeAssistant__Port = "443";
--- a/configurations/nos/default.nix
+++ b/configurations/nos/default.nix
@ -61,6 +61,8 @@
    sshd.enable = true;
  };

+  roles.docker.enable = true;
+
  services.kmscon.enable = true;

  home-manager.users.${mainUser} = {
--- a/configurations/nos/modules/docker/default.nix
+++ b/configurations/nos/modules/docker/default.nix
@ -2,30 +2,26 @@
  configPath = "/var/lib/docker-data";
 in {
  imports = [
-    ./forgejo/compose.nix
-    ./freshrss/compose.nix
-    ./gameyfin/compose.nix
-    ./hauk/compose.nix
-    ./immich/compose.nix
-    ./music/jbots/compose.nix
-    ./nextcloud/compose.nix
-    ./resume/compose.nix
-    ./vaultwarden/compose.nix
-    ./wg-easy/compose.nix
+    (import ./forgejo/compose.nix configPath)
+    (import ./freshrss/compose.nix configPath)
+    (import ./gameyfin/compose.nix configPath)
+    (import ./hauk/compose.nix configPath)
+    (import ./immich/compose.nix configPath)
+    (import ./music/jbots/compose.nix configPath)
+    (import ./nextcloud/compose.nix configPath)
+    (import ./resume/compose.nix configPath)
+    (import ./vaultwarden/compose.nix configPath)
+    (import ./wg-easy/compose.nix configPath)

-    ./media/bazarr/compose.nix
-    ./media/joal/compose.nix
-    ./media/prowlarr/compose.nix
-    ./media/radarr/compose.nix
-    ./media/sabnzbd/compose.nix
-    ./media/seerr/compose.nix
-    ./media/sonarr/compose.nix
+    (import ./media/bazarr/compose.nix configPath)
+    (import ./media/joal/compose.nix configPath)
+    (import ./media/prowlarr/compose.nix configPath)
+    (import ./media/radarr/compose.nix configPath)
+    (import ./media/sabnzbd/compose.nix configPath)
+    (import ./media/seerr/compose.nix configPath)
+    (import ./media/sonarr/compose.nix configPath)
  ];

-  khepri = {
-    rwDataDir = configPath;
-  };
-
  services.borgbackup.configs.docker = {
    paths = [configPath];
  };
--- a/configurations/nos/modules/docker/forgejo/compose.nix
+++ b/configurations/nos/modules/docker/forgejo/compose.nix
@ -1,19 +1,18 @@
-{
+rwDataDir: {
  config,
  pkgs,
  ...
 }: let
  inherit (config.sops) secrets;
-  inherit (config.khepri) rwDataDir;

  rwPath = rwDataDir + "/forgejo";
 in {
-  khepri.compositions."forgejo" = {
+  virtualisation.docker.compose."forgejo" = {
    networks.proxy_net = {external = true;};

    services = {
      "forgejo" = {
-        image = import ./images/forgejo.nix pkgs;
+        image = pkgs.callPackage ./images/forgejo.nix pkgs;

        ports = [
          # Redirect WAN port 22 to this port
@ -24,9 +23,9 @@ in {
        networks = ["proxy_net"];

        restart = "always";
-        dependsOn = ["forgejo-db"];
+        depends_on = ["forgejo-db"];

-        environmentFiles = [secrets.forgejo.path];
+        env_file = [secrets.forgejo.path];
        environment = {
          APP_NAME = "Gitea";

@ -48,35 +47,38 @@ in {
      };

      "forgejo-db" = {
-        image = import ./images/postgres.nix pkgs;
+        image = pkgs.callPackage ./images/postgres.nix pkgs;

        restart = "always";

-        environmentFiles = [secrets.forgejo-db.path];
+        env_file = [secrets.forgejo-db.path];
        networks = ["proxy_net"];

        volumes = ["${rwPath}/db:/var/lib/postgresql/data"];
      };

      "act_runner" = {
-        image = import ./images/act_runner.nix pkgs;
+        image = pkgs.callPackage ./images/act_runner.nix pkgs;

        privileged = true;
        user = "root:root";
        networks = ["proxy_net"];

        restart = "always";
-        dependsOn = ["forgejo"];
+        depends_on = ["forgejo"];

-        environmentFiles = [secrets.forgejo-runner.path];
+        env_file = [secrets.forgejo-runner.path];
        environment = {
          GITEA_INSTANCE_URL = "https://git.nelim.org";
          GITEA_RUNNER_NAME = "DinD";
        };

        volumes = ["${rwPath}/act:/data"];
-        extraHosts = ["git.nelim.org:10.0.0.130"];
+        extra_hosts = ["git.nelim.org:10.0.0.130"];
      };
    };
  };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }
--- a/configurations/nos/modules/docker/freshrss/compose.nix
+++ b/configurations/nos/modules/docker/freshrss/compose.nix
@ -1,19 +1,18 @@
-{
+rwDataDir: {
  config,
  pkgs,
  ...
 }: let
  inherit (config.sops) secrets;
-  inherit (config.khepri) rwDataDir;

  rwPath = rwDataDir + "/freshrss";
 in {
-  khepri.compositions."freshrss" = {
+  virtualisation.docker.compose."freshrss" = {
    networks.proxy_net = {external = true;};

    services = {
      "freshrss" = {
-        image = import ./images/freshrss.nix pkgs;
+        image = pkgs.callPackage ./images/freshrss.nix pkgs;
        restart = "always";

        ports = ["2800:80"];
@ -39,7 +38,7 @@ in {
          "${rss-bridge}/xExtension-RssBridge:/var/www/FreshRSS/extensions/xExtension-RssBridge:ro"
        ];

-        environmentFiles = [secrets.freshrss.path];
+        env_file = [secrets.freshrss.path];

        environment = {
          TZ = "America/New_York";
@ -48,7 +47,7 @@ in {
      };

      "freshrss-db" = {
-        image = import ./images/postgres.nix pkgs;
+        image = pkgs.callPackage ./images/postgres.nix pkgs;
        restart = "always";

        volumes = [
@ -57,7 +56,7 @@ in {

        networks = ["proxy_net"];

-        environmentFiles = [secrets.freshrss.path];
+        env_file = [secrets.freshrss.path];

        environment = {
          POSTGRES_DB = "\${DB_BASE:-freshrss}";
@ -67,7 +66,7 @@ in {
      };

      "bridge.nelim.org" = {
-        image = import ./images/rss-bridge.nix pkgs;
+        image = pkgs.callPackage ./images/rss-bridge.nix pkgs;
        restart = "always";

        volumes = [
@ -79,4 +78,7 @@ in {
      };
    };
  };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }
--- a/configurations/nos/modules/docker/gameyfin/compose.nix
+++ b/configurations/nos/modules/docker/gameyfin/compose.nix
@ -1,19 +1,19 @@
-{
+rwDataDir: {
  config,
  pkgs,
  ...
 }: let
  inherit (config.sops) secrets;
 in {
-  khepri.compositions."gameyfin" = {
+  virtualisation.docker.compose."gameyfin" = {
    networks.proxy_net = {external = true;};

    services."gameyfin" = {
-      image = import ./images/gameyfin.nix pkgs;
+      image = pkgs.callPackage ./images/gameyfin.nix pkgs;
      restart = "always";
      user = "1000:1000";

-      environmentFiles = [secrets.gameyfin.path];
+      env_file = [secrets.gameyfin.path];
      environment.GAMEYFIN_USER = "mathis";

      volumes = [
@ -25,4 +25,7 @@ in {
      networks = ["proxy_net"];
    };
  };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }
--- a/configurations/nos/modules/docker/hauk/compose.nix
+++ b/configurations/nos/modules/docker/hauk/compose.nix
@ -1,9 +1,9 @@
-{pkgs, ...}: {
-  khepri.compositions."hauk" = {
+rwDataDir: {pkgs, ...}: {
+  virtualisation.docker.compose."hauk" = {
    networks.proxy_net = {external = true;};

    services."hauk" = {
-      image = import ./images/hauk.nix pkgs;
+      image = pkgs.callPackage ./images/hauk.nix pkgs;
      restart = "always";
      ports = ["3003:80"];
      networks = ["proxy_net"];
@ -11,4 +11,7 @@
      volumes = ["${./config.php}:/etc/hauk/config.php:ro"];
    };
  };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }
--- a/configurations/nos/modules/docker/immich/compose.nix
+++ b/configurations/nos/modules/docker/immich/compose.nix
@ -1,4 +1,4 @@
-{
+rwDataDir: {
  config,
  lib,
  pkgs,
@ -7,7 +7,6 @@
  inherit (lib) attrValues;

  inherit (config.sops) secrets;
-  inherit (config.khepri) rwDataDir;

  rwPath = rwDataDir + "/immich";

@ -42,16 +41,16 @@ in {
  ];

  # Docker compose
-  khepri.compositions."immich" = {
+  virtualisation.docker.compose."immich" = {
    networks.proxy_net = {external = true;};

    services = {
      "immich_server" = {
-        image = import ./images/server.nix pkgs;
+        image = pkgs.callPackage ./images/server.nix pkgs;

        restart = "always";

-        environmentFiles = [
+        env_file = [
          envFile
          secrets.immich.path
        ];
@ -66,17 +65,17 @@ in {
        ];
        networks = ["proxy_net"];

-        dependsOn = ["immich_redis" "immich_postgres"];
+        depends_on = ["immich_redis" "immich_postgres"];

        environment.NODE_ENV = "production";
      };

      "immich_machine_learning" = {
-        image = import ./images/machine-learning.nix pkgs;
+        image = pkgs.callPackage ./images/machine-learning.nix pkgs;

        restart = "always";

-        environmentFiles = [
+        env_file = [
          envFile
          secrets.immich.path
        ];
@ -88,11 +87,11 @@ in {
      };

      "immich_redis" = {
-        image = import ./images/redis.nix pkgs;
+        image = pkgs.callPackage ./images/redis.nix pkgs;

        restart = "always";

-        environmentFiles = [
+        env_file = [
          envFile
          secrets.immich.path
        ];
@ -101,11 +100,11 @@ in {
      };

      "immich_postgres" = {
-        image = import ./images/postgres.nix pkgs;
+        image = pkgs.callPackage ./images/postgres.nix pkgs;

        restart = "always";

-        environmentFiles = [
+        env_file = [
          envFile
          secrets.immich.path
        ];
@ -123,4 +122,7 @@ in {
      };
    };
  };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }
--- a/configurations/nos/modules/docker/media/bazarr/compose.nix
+++ b/configurations/nos/modules/docker/media/bazarr/compose.nix
@ -1,17 +1,11 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
-  inherit (config.khepri) rwDataDir;
-
+rwDataDir: {pkgs, ...}: let
  rwPath = rwDataDir + "/media/bazarr";
 in {
-  khepri.compositions."bazarr" = {
+  virtualisation.docker.compose."bazarr" = {
    networks.proxy_net = {external = true;};

    services."bazarr" = {
-      image = import ./images/bazarr.nix pkgs;
+      image = pkgs.callPackage ./images/bazarr.nix pkgs;
      restart = "always";

      environment = {
@ -33,4 +27,7 @@ in {
      networks = ["proxy_net"];
    };
  };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }
--- a/configurations/nos/modules/docker/media/joal/compose.nix
+++ b/configurations/nos/modules/docker/media/joal/compose.nix
@ -1,23 +1,17 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
-  inherit (config.khepri) rwDataDir;
-
+rwDataDir: {pkgs, ...}: let
  rwPath = rwDataDir + "/media/joal";
 in {
-  khepri.compositions."joal" = {
+  virtualisation.docker.compose."joal" = {
    networks.proxy_net = {external = true;};

    services."joal" = {
-      image = import ./images/joal.nix pkgs;
+      image = pkgs.callPackage ./images/joal.nix pkgs;
      restart = "always";

      volumes = ["${rwPath}/data:/data"];
      ports = ["5656:5656"];

-      cmd = [
+      command = [
        "--joal-conf=/data"
        "--spring.main.web-environment=true"
        "--server.port=5656"
@ -27,4 +21,7 @@ in {
      networks = ["proxy_net"];
    };
  };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }
--- a/configurations/nos/modules/docker/media/prowlarr/compose.nix
+++ b/configurations/nos/modules/docker/media/prowlarr/compose.nix
@ -1,18 +1,12 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
-  inherit (config.khepri) rwDataDir;
-
+rwDataDir: {pkgs, ...}: let
  rwPath = rwDataDir + "/media/prowlarr";
 in {
-  khepri.compositions."prowlarr" = {
+  virtualisation.docker.compose."prowlarr" = {
    networks.proxy_net = {external = true;};

    services = {
      "prowlarr" = {
-        image = import ./images/prowlarr.nix pkgs;
+        image = pkgs.callPackage ./images/prowlarr.nix pkgs;
        restart = "always";

        environment = {
@ -28,7 +22,7 @@ in {
      };

      "flaresolverr" = {
-        image = import ./images/flaresolverr.nix pkgs;
+        image = pkgs.callPackage ./images/flaresolverr.nix pkgs;
        restart = "always";

        environment = {
@ -43,9 +37,12 @@ in {

        ports = ["8191:8191"];

-        dependsOn = ["prowlarr"];
+        depends_on = ["prowlarr"];
        networks = ["proxy_net"];
      };
    };
  };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }
--- a/configurations/nos/modules/docker/media/radarr/compose.nix
+++ b/configurations/nos/modules/docker/media/radarr/compose.nix
@ -1,17 +1,11 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
-  inherit (config.khepri) rwDataDir;
-
+rwDataDir: {pkgs, ...}: let
  rwPath = rwDataDir + "/media/radarr";
 in {
-  khepri.compositions."radarr" = {
+  virtualisation.docker.compose."radarr" = {
    networks.proxy_net = {external = true;};

    services."radarr" = {
-      image = import ./images/radarr.nix pkgs;
+      image = pkgs.callPackage ./images/radarr.nix pkgs;
      restart = "always";

      ports = ["7878:7878"];
@ -31,4 +25,7 @@ in {
      networks = ["proxy_net"];
    };
  };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }
--- a/configurations/nos/modules/docker/media/sabnzbd/compose.nix
+++ b/configurations/nos/modules/docker/media/sabnzbd/compose.nix
@ -1,17 +1,11 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
-  inherit (config.khepri) rwDataDir;
-
+rwDataDir: {pkgs, ...}: let
  rwPath = rwDataDir + "/media/sabnzbd";
 in {
-  khepri.compositions."sabnzbd" = {
+  virtualisation.docker.compose."sabnzbd" = {
    networks.proxy_net = {external = true;};

    services."sabnzbd" = {
-      image = import ./images/sabnzbd.nix pkgs;
+      image = pkgs.callPackage ./images/sabnzbd.nix pkgs;
      restart = "always";

      ports = ["8382:8082"];
@ -31,4 +25,7 @@ in {
      networks = ["proxy_net"];
    };
  };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }
--- a/configurations/nos/modules/docker/media/seerr/compose.nix
+++ b/configurations/nos/modules/docker/media/seerr/compose.nix
@ -1,17 +1,11 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
-  inherit (config.khepri) rwDataDir;
-
+rwDataDir: {pkgs, ...}: let
  rwPath = rwDataDir + "/media/seerr";
 in {
-  khepri.compositions."seerr" = {
+  virtualisation.docker.compose."seerr" = {
    networks.proxy_net = {external = true;};

    services."seerr" = {
-      image = import ./images/jellyseerr.nix pkgs;
+      image = pkgs.callPackage ./images/jellyseerr.nix pkgs;
      restart = "always";

      environment = {
@ -27,4 +21,7 @@ in {
      ports = ["5055:5055"];
    };
  };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }
--- a/configurations/nos/modules/docker/media/sonarr/compose.nix
+++ b/configurations/nos/modules/docker/media/sonarr/compose.nix
@ -1,17 +1,11 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
-  inherit (config.khepri) rwDataDir;
-
+rwDataDir: {pkgs, ...}: let
  rwPath = rwDataDir + "/media/sonarr";
 in {
-  khepri.compositions."sonarr" = {
+  virtualisation.docker.compose."sonarr" = {
    networks.proxy_net = {external = true;};

    services."sonarr" = {
-      image = import ./images/sonarr.nix pkgs;
+      image = pkgs.callPackage ./images/sonarr.nix pkgs;
      restart = "always";

      ports = ["8989:8989"];
@ -31,4 +25,7 @@ in {
      networks = ["proxy_net"];
    };
  };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }
--- a/configurations/nos/modules/docker/music/jbots/compose.nix
+++ b/configurations/nos/modules/docker/music/jbots/compose.nix
@ -1,21 +1,19 @@
-{
-  config,
+rwDataDir: {
  pkgs,
  self,
  ...
 }: let
  inherit (self.packages.${pkgs.system}) jmusicbot;
-  inherit (config.khepri) rwDataDir;

  rwPath = rwDataDir + "/music/jbots";
-  image = import ./images/jmusicbot.nix {inherit pkgs jmusicbot;};
+  image = pkgs.callPackage ./images/jmusicbot.nix {inherit pkgs jmusicbot;};
 in {
-  khepri.compositions."jbots" = {
+  virtualisation.docker.compose."jbots" = {
    networks.proxy_net = {external = true;};

    services = {
      "musicbot_be" = {
-        containerName = "be";
+        container_name = "be";
        restart = "always";
        inherit image;

@ -26,7 +24,7 @@ in {
      };

      "musicbot_br" = {
-        containerName = "br";
+        container_name = "br";
        restart = "always";
        inherit image;

@ -37,4 +35,7 @@ in {
      };
    };
  };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }
--- a/configurations/nos/modules/docker/nextcloud/compose.nix
+++ b/configurations/nos/modules/docker/nextcloud/compose.nix
@ -1,20 +1,19 @@
-{
+rwDataDir: {
  config,
  pkgs,
  ...
 }: let
  inherit (config.sops) secrets;
-  inherit (config.khepri) rwDataDir;

  mainContainerName = "app-server";
  rwPath = rwDataDir + "/nextcloud";
 in {
-  khepri.compositions."nextcloud" = {
+  virtualisation.docker.compose."nextcloud" = {
    networks.proxy_net = {external = true;};

    services = {
      "${mainContainerName}" = {
-        image = import ./images/nextcloud.nix pkgs;
+        image = pkgs.callPackage ./images/nextcloud.nix pkgs;
        restart = "always";

        expose = [
@ -29,7 +28,7 @@ in {
          "/data/docs:/var/www/drive"
        ];

-        environmentFiles = [secrets.nextcloud.path];
+        env_file = [secrets.nextcloud.path];

        environment = {
          POSTGRES_DB = "nextcloud";
@ -60,7 +59,7 @@ in {
            exec /app/ds/run-document-server.sh
          '';
      in {
-        image = import ./images/onlyoffice.nix pkgs;
+        image = pkgs.callPackage ./images/onlyoffice.nix pkgs;
        restart = "always";

        environment.JWT_ENABLED = "false";
@ -90,7 +89,7 @@ in {
      };

      "nginx-server" = {
-        image = import ./images/nginx.nix pkgs;
+        image = pkgs.callPackage ./images/nginx.nix pkgs;
        restart = "always";
        ports = ["8042:80"];

@ -102,9 +101,9 @@ in {
      };

      "nextcloud-db" = {
-        image = import ./images/postgres.nix pkgs;
+        image = pkgs.callPackage ./images/postgres.nix pkgs;
        restart = "always";
-        environmentFiles = [secrets.nextcloud.path];
+        env_file = [secrets.nextcloud.path];
        volumes = [
          "${rwPath}/database:/var/lib/postgresql/data"
          "/etc/localtime:/etc/localtime:ro"
@ -122,11 +121,13 @@ in {
            exec redis-server --requirepass "$REDIS_HOST_PASSWORD"
          '';
      in {
-        image = import ./images/redis.nix pkgs;
+        image = pkgs.callPackage ./images/redis.nix pkgs;
        restart = "always";
-        #mem_limit = "2048m";
-        #mem_reservation = "512m";
-        environmentFiles = [secrets.nextcloud.path];
+
+        mem_limit = "2048m";
+        mem_reservation = "512m";
+
+        env_file = [secrets.nextcloud.path];

        entrypoint = "/entrypoint.sh";

@ -148,12 +149,15 @@ in {
  };
  systemd.services.nextcloud-cron = {
    description = "Nextcloud Cron";
-    requires = ["docker-nextcloud_app-server.service"];
-    after = ["docker-nextcloud_app-server.service"];
+    requires = ["compose-nextcloud.service"];
+    after = ["compose-nextcloud.service"];

    serviceConfig = {
      Type = "oneshot";
-      ExecStart = "${pkgs.docker}/bin/docker exec -u www-data nextcloud_${mainContainerName} php -f /var/www/html/cron.php";
+      ExecStart = "${pkgs.docker}/bin/docker exec -u www-data ${mainContainerName} php -f /var/www/html/cron.php";
    };
  };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }
--- a/configurations/nos/modules/docker/resume/compose.nix
+++ b/configurations/nos/modules/docker/resume/compose.nix
@ -1,19 +1,18 @@
-{
+rwDataDir: {
  config,
  pkgs,
  ...
 }: let
  inherit (config.sops) secrets;
-  inherit (config.khepri) rwDataDir;

  rwPath = rwDataDir + "/resume";
 in {
-  khepri.compositions."resume" = {
+  virtualisation.docker.compose."resume" = {
    networks.proxy_net = {external = true;};

    services = {
      "postgres" = {
-        image = import ./images/postgres.nix pkgs;
+        image = pkgs.callPackage ./images/postgres.nix pkgs;
        restart = "always";

        ports = ["5432:5432"];
@ -22,19 +21,19 @@ in {
          "${rwPath}/db:/var/lib/postgresql/data"
        ];

-        environmentFiles = [secrets.resume.path];
+        env_file = [secrets.resume.path];
        networks = ["proxy_net"];
      };

      "server" = {
-        image = import ./images/resume-server.nix pkgs;
+        image = pkgs.callPackage ./images/resume-server.nix pkgs;
        restart = "always";

        ports = ["3100:3100"];

-        dependsOn = ["postgres"];
+        depends_on = ["postgres"];

-        environmentFiles = [secrets.resume.path];
+        env_file = [secrets.resume.path];

        environment = {
          PUBLIC_URL = "https://resume.nelim.org";
@ -44,12 +43,12 @@ in {
      };

      "client" = {
-        image = import ./images/resume-client.nix pkgs;
+        image = pkgs.callPackage ./images/resume-client.nix pkgs;
        restart = "always";

        ports = ["3060:3000"];

-        dependsOn = ["server"];
+        depends_on = ["server"];

        environment = {
          PUBLIC_URL = "https://resume.nelim.org";
@ -59,4 +58,7 @@ in {
      };
    };
  };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }
--- a/configurations/nos/modules/docker/vaultwarden/compose.nix
+++ b/configurations/nos/modules/docker/vaultwarden/compose.nix
@ -1,18 +1,12 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
-  inherit (config.khepri) rwDataDir;
-
+rwDataDir: {pkgs, ...}: let
  rwPath = rwDataDir + "/vaultwarden";
 in {
-  khepri.compositions."vaultwarden" = {
+  virtualisation.docker.compose."vaultwarden" = {
    networks.proxy_net = {external = true;};

    services = {
      "public-vault" = {
-        image = import ./images/vaultwarden.nix pkgs;
+        image = pkgs.callPackage ./images/vaultwarden.nix pkgs;
        restart = "always";

        ports = ["8781:80"];
@ -22,7 +16,7 @@ in {
      };

      "private-vault" = {
-        image = import ./images/vaultwarden.nix pkgs;
+        image = pkgs.callPackage ./images/vaultwarden.nix pkgs;
        restart = "always";

        ports = ["8780:80"];
@ -32,4 +26,7 @@ in {
      };
    };
  };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }
--- a/configurations/nos/modules/docker/wg-easy/compose.nix
+++ b/configurations/nos/modules/docker/wg-easy/compose.nix
@ -1,21 +1,15 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
-  inherit (config.khepri) rwDataDir;
-
+rwDataDir: {pkgs, ...}: let
  rwPath = rwDataDir + "/wg-easy";
 in {
-  khepri.compositions."wg-easy" = {
+  virtualisation.docker.compose."wg-easy" = {
    networks.proxy_net = {external = true;};

    services."wg-easy" = {
-      image = import ./images/wg-easy.nix pkgs;
+      image = pkgs.callPackage ./images/wg-easy.nix pkgs;
      restart = "always";
      privileged = true;

-      capAdd = [
+      cap_add = [
        "NET_ADMIN"
        "SYS_MODULE"
      ];
@ -45,4 +39,7 @@ in {
      networks = ["proxy_net"];
    };
  };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }
--- a/configurations/nos/modules/jellyfin/jfa-go.nix
+++ b/configurations/nos/modules/jellyfin/jfa-go.nix
@ -5,16 +5,13 @@
 }: let
  jellyService = config.systemd.services.jellyfin.serviceConfig;
 in {
-  systemd.services."docker-jfa-go_jfa-go" = {
-    after = ["jellyfin.service"];
-    partOf = ["jellyfin.service"];
-  };
+  virtualisation.docker.compose."jfa-go" = {
+    systemdDependencies = ["jellyfin.service"];

-  khepri.compositions."jfa-go" = {
    networks.proxy_net = {external = true;};

    services."jfa-go" = {
-      image = import ./images/jfa-go.nix pkgs;
+      image = pkgs.callPackage ./images/jfa-go.nix pkgs;
      restart = "always";

      ports = ["8056:8056"];
--- a/configurations/servivi/default.nix
+++ b/configurations/servivi/default.nix
@ -74,7 +74,8 @@
    sshd.enable = true;
  };

-  khepri.enable = true;
+  roles.docker.enable = true;
+
  services.kmscon.enable = true;

  home-manager.users.${mainUser} = {
--- a/configurations/wim/default.nix
+++ b/configurations/wim/default.nix
@ -88,6 +88,8 @@
    tailscale.enable = true;
  };

+  roles.docker.enable = true;
+
  boot.plymouth = {
    enable = true;
    theme = "dracula";
@ -96,7 +98,6 @@
    ];
  };

-  khepri.enable = true;
  services.kmscon.enable = true;

  home-manager.users.${mainUser} = {
--- a/flake.lock
+++ b/flake.lock
@ -160,6 +160,29 @@
        "type": "github"
      }
    },
+    "docker-compose": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": [
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1738288291,
+        "narHash": "sha256-Ad+bXkVcmTYjqNL2OSTqpwTj/Acaef3J2K2Y7vixh34=",
+        "owner": "matt1432",
+        "repo": "nixos-docker-compose",
+        "rev": "5a5be5355b40c03ba9ae7f9ef4e4096a41e48003",
+        "type": "github"
+      },
+      "original": {
+        "owner": "matt1432",
+        "repo": "nixos-docker-compose",
+        "type": "github"
+      }
+    },
    "dracul-ha-src": {
      "flake": false,
      "locked": {
@ -873,26 +896,6 @@
        "type": "github"
      }
    },
-    "khepri": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1722369519,
-        "narHash": "sha256-Lw8WlL69Y3h7dL3pgCrQKJIbUvdyXpe6QPQTdwLeNtM=",
-        "owner": "matt1432",
-        "repo": "khepri",
-        "rev": "a7d1a516adefa4cd8c34829ac7c5d8c72cba42c8",
-        "type": "github"
-      },
-      "original": {
-        "owner": "matt1432",
-        "repo": "khepri",
-        "type": "github"
-      }
-    },
    "kompass": {
      "inputs": {
        "astal": [
@ -1690,6 +1693,7 @@
        "bazarr-bulk": "bazarr-bulk",
        "caule-themes-src": "caule-themes-src",
        "custom-sidebar-src": "custom-sidebar-src",
+        "docker-compose": "docker-compose",
        "dracul-ha-src": "dracul-ha-src",
        "dracula-plymouth-src": "dracula-plymouth-src",
        "eisa-scripts-src": "eisa-scripts-src",
@ -1712,7 +1716,6 @@
        "hyprpaper": "hyprpaper",
        "jellyfin-flake": "jellyfin-flake",
        "jovian": "jovian",
-        "khepri": "khepri",
        "kompass": "kompass",
        "lib-aggregate": "lib-aggregate",
        "libratbag-src": "libratbag-src",
--- a/flake.nix
+++ b/flake.nix
@ -40,6 +40,15 @@
      repo = "custom-sidebar";
      type = "github";
    };
+    docker-compose = {
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        systems.follows = "systems";
+      };
+      owner = "matt1432";
+      repo = "nixos-docker-compose";
+      type = "github";
+    };
    dracul-ha-src = {
      flake = false;
      owner = "berti24";
@ -191,12 +200,6 @@
      repo = "Jovian-NixOS";
      type = "github";
    };
-    khepri = {
-      inputs.nixpkgs.follows = "nixpkgs";
-      owner = "matt1432";
-      repo = "khepri";
-      type = "github";
-    };
    kompass = {
      inputs = {
        astal.follows = "astal";
--- a/inputs/default.nix
+++ b/inputs/default.nix
@ -144,9 +144,9 @@ let
  };

  nosInputs = {
-    khepri = mkInput {
+    docker-compose = mkInput {
      owner = "matt1432";
-      repo = "khepri";
+      repo = "nixos-docker-compose";
    };

    jellyfin-flake = mkInput {
--- a/modules/README.md
+++ b/modules/README.md
@ -11,7 +11,7 @@ This directory contains every modules for NixOS exposed by this flake.
 | `borgbackup` | Sets up a wrapper around `services.borgbackup` to setup default behaviour and make configuration of backups easier. |
 | `caddy-plus` | Extends the caddy options to allow declaring subdirectory routes and reverse proxy directives through nix code. |
 | `desktop` | Sets up a Display Manager, a Desktop Environment and themes for any graphical apps to use the Dracula Theme. This module uses Hyprland as window manager and AGS / Astal for the UI. |
-| `docker` | Imports my [Khepri fork](https://github.com/matt1432/khepri), sets default options such as BTRFS filesystem and adds an update script for images. |
+| `docker` | Imports [nixos-docker-compose](https://github.com/matt1432/nixos-docker-compose), sets default options such as BTRFS filesystem and adds an update script for images. |
 | `esphome-plus` | Fixes a bug with compilation of m5-atom-stack firmware and allows declaring firmware configurations in nix code. |
 | `ha-plus` | Extends the home-assistant options to allow declaring the content of specific configuration files in the home-assistant configuration directory such as custom sentences through nix code. |
 | `kmscon` | Extends the kmscon options to add more descriptive ones. |
--- a/modules/default.nix
+++ b/modules/default.nix
@ -50,10 +50,10 @@ in {

  docker =
    module
-    (import ./docker self.inputs.khepri)
+    (import ./docker self)
    ''
-      Imports my [Khepri fork](https://github.com/matt1432/khepri), sets default
-      options such as BTRFS filesystem and adds an update script for images.
+      Imports [nixos-docker-compose](https://github.com/matt1432/nixos-docker-compose),
+      sets default options such as BTRFS filesystem and adds an update script for images.
    '';

  esphome-plus =
--- a/modules/docker/.template/compose.nix
+++ b/modules/docker/.template/compose.nix
@ -1,10 +1,12 @@
-{config, ...}: let
+rwDataDir: {config, ...}: let
  inherit (config.sops) secrets;
-  inherit (config.khepri) rwDataDir;

  rwPath = rwDataDir + "/projectName";
 in {
-  khepri.compositions."projectName" = {
+  virtualisation.docker.compose."projectName" = {
    services = {};
  };
+
+  # For accurate stack trace
+  _file = ./default.nix;
 }
--- a/modules/docker/default.nix
+++ b/modules/docker/default.nix
@ -1,4 +1,4 @@
-khepri: {
+self: {
  config,
  lib,
  pkgs,
@ -6,11 +6,11 @@ khepri: {
 }: let
  inherit (lib) mkIf mkOption types;

-  cfg = config.khepri;
+  cfg = config.roles.docker;
 in {
-  imports = [khepri.nixosModules.default];
+  imports = [self.inputs.docker-compose.nixosModules.default];

-  options.khepri = {
+  options.roles.docker = {
    enable = mkOption {
      default = cfg.compositions != {};
      type = types.bool;
@ -19,14 +19,6 @@ in {
      '';
    };

-    rwDataDir = mkOption {
-      default = "/var/lib/docker";
-      type = types.str;
-      description = ''
-        Directory to place persistent data in.
-      '';
-    };
-
    storageDriver = mkOption {
      default = "btrfs"; # I use BTRFS on all my servers
      type = types.str;
@ -41,12 +33,9 @@ in {

        daemon.settings.dns = ["8.8.8.8" "1.1.1.1"];
      };
-
-      # khepri uses oci-containers under the hood and it must be set to docker to work
-      oci-containers.backend = "docker";
    };

-    # Script for updating the images of all images of a compose.nix file
+    # Script for updating the images of a compose.nix file
    environment.systemPackages = [
      (pkgs.callPackage ./updateImage.nix {})
    ];