feat(docker): khepri -> nixos-docker-compose

configurations/homie/default.nix

@@ -60,7 +60,8 @@
     sshd.enable = true;
   };
 
-  khepri.enable = true;
+  roles.docker.enable = true;
+
   services.kmscon.enable = true;
 
   home-manager.users.${mainUser} = {

configurations/homie/modules/home-assistant/netdaemon/default.nix

@@ -9,14 +9,14 @@
 
   inherit (pkgs.callPackage ./package.nix {}) netdaemonConfig;
 in {
-  khepri.compositions."netdaemon" = {
+  virtualisation.docker.compose."netdaemon" = {
     networks.netdaemon = {external = true;};
 
     services."netdaemon5" = {
-      image = import ./images/netdaemon.nix pkgs;
+      image = pkgs.callPackage ./images/netdaemon.nix pkgs;
       restart = "always";
 
-      environmentFiles = [secrets.netdaemon.path];
+      env_file = [secrets.netdaemon.path];
       environment = {
         HomeAssistant__Host = "homie.nelim.org";
         HomeAssistant__Port = "443";

configurations/nos/default.nix

@@ -61,6 +61,8 @@
     sshd.enable = true;
   };
 
+  roles.docker.enable = true;
+
   services.kmscon.enable = true;
 
   home-manager.users.${mainUser} = {

configurations/nos/modules/docker/default.nix

@@ -2,30 +2,26 @@
   configPath = "/var/lib/docker-data";
 in {
   imports = [
-    ./forgejo/compose.nix
+    (import ./forgejo/compose.nix configPath)
-    ./freshrss/compose.nix
+    (import ./freshrss/compose.nix configPath)
-    ./gameyfin/compose.nix
+    (import ./gameyfin/compose.nix configPath)
-    ./hauk/compose.nix
+    (import ./hauk/compose.nix configPath)
-    ./immich/compose.nix
+    (import ./immich/compose.nix configPath)
-    ./music/jbots/compose.nix
+    (import ./music/jbots/compose.nix configPath)
-    ./nextcloud/compose.nix
+    (import ./nextcloud/compose.nix configPath)
-    ./resume/compose.nix
+    (import ./resume/compose.nix configPath)
-    ./vaultwarden/compose.nix
+    (import ./vaultwarden/compose.nix configPath)
-    ./wg-easy/compose.nix
+    (import ./wg-easy/compose.nix configPath)
 
-    ./media/bazarr/compose.nix
+    (import ./media/bazarr/compose.nix configPath)
-    ./media/joal/compose.nix
+    (import ./media/joal/compose.nix configPath)
-    ./media/prowlarr/compose.nix
+    (import ./media/prowlarr/compose.nix configPath)
-    ./media/radarr/compose.nix
+    (import ./media/radarr/compose.nix configPath)
-    ./media/sabnzbd/compose.nix
+    (import ./media/sabnzbd/compose.nix configPath)
-    ./media/seerr/compose.nix
+    (import ./media/seerr/compose.nix configPath)
-    ./media/sonarr/compose.nix
+    (import ./media/sonarr/compose.nix configPath)
   ];
 
-  khepri = {
-    rwDataDir = configPath;
-  };
-
   services.borgbackup.configs.docker = {
     paths = [configPath];
   };

configurations/nos/modules/docker/forgejo/compose.nix

@@ -1,19 +1,18 @@
-{
+rwDataDir: {
   config,
   pkgs,
   ...
 }: let
   inherit (config.sops) secrets;
-  inherit (config.khepri) rwDataDir;
 
   rwPath = rwDataDir + "/forgejo";
 in {
-  khepri.compositions."forgejo" = {
+  virtualisation.docker.compose."forgejo" = {
     networks.proxy_net = {external = true;};
 
     services = {
       "forgejo" = {
-        image = import ./images/forgejo.nix pkgs;
+        image = pkgs.callPackage ./images/forgejo.nix pkgs;
 
         ports = [
           # Redirect WAN port 22 to this port
@@ -24,9 +23,9 @@ in {
         networks = ["proxy_net"];
 
         restart = "always";
-        dependsOn = ["forgejo-db"];
+        depends_on = ["forgejo-db"];
 
-        environmentFiles = [secrets.forgejo.path];
+        env_file = [secrets.forgejo.path];
         environment = {
           APP_NAME = "Gitea";
 
@@ -48,35 +47,38 @@ in {
       };
 
       "forgejo-db" = {
-        image = import ./images/postgres.nix pkgs;
+        image = pkgs.callPackage ./images/postgres.nix pkgs;
 
         restart = "always";
 
-        environmentFiles = [secrets.forgejo-db.path];
+        env_file = [secrets.forgejo-db.path];
         networks = ["proxy_net"];
 
         volumes = ["${rwPath}/db:/var/lib/postgresql/data"];
       };
 
       "act_runner" = {
-        image = import ./images/act_runner.nix pkgs;
+        image = pkgs.callPackage ./images/act_runner.nix pkgs;
 
         privileged = true;
         user = "root:root";
         networks = ["proxy_net"];
 
         restart = "always";
-        dependsOn = ["forgejo"];
+        depends_on = ["forgejo"];
 
-        environmentFiles = [secrets.forgejo-runner.path];
+        env_file = [secrets.forgejo-runner.path];
         environment = {
           GITEA_INSTANCE_URL = "https://git.nelim.org";
           GITEA_RUNNER_NAME = "DinD";
         };
 
         volumes = ["${rwPath}/act:/data"];
-        extraHosts = ["git.nelim.org:10.0.0.130"];
+        extra_hosts = ["git.nelim.org:10.0.0.130"];
       };
     };
   };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }

configurations/nos/modules/docker/freshrss/compose.nix

@@ -1,19 +1,18 @@
-{
+rwDataDir: {
   config,
   pkgs,
   ...
 }: let
   inherit (config.sops) secrets;
-  inherit (config.khepri) rwDataDir;
 
   rwPath = rwDataDir + "/freshrss";
 in {
-  khepri.compositions."freshrss" = {
+  virtualisation.docker.compose."freshrss" = {
     networks.proxy_net = {external = true;};
 
     services = {
       "freshrss" = {
-        image = import ./images/freshrss.nix pkgs;
+        image = pkgs.callPackage ./images/freshrss.nix pkgs;
         restart = "always";
 
         ports = ["2800:80"];
@@ -39,7 +38,7 @@ in {
           "${rss-bridge}/xExtension-RssBridge:/var/www/FreshRSS/extensions/xExtension-RssBridge:ro"
         ];
 
-        environmentFiles = [secrets.freshrss.path];
+        env_file = [secrets.freshrss.path];
 
         environment = {
           TZ = "America/New_York";
@@ -48,7 +47,7 @@ in {
       };
 
       "freshrss-db" = {
-        image = import ./images/postgres.nix pkgs;
+        image = pkgs.callPackage ./images/postgres.nix pkgs;
         restart = "always";
 
         volumes = [
@@ -57,7 +56,7 @@ in {
 
         networks = ["proxy_net"];
 
-        environmentFiles = [secrets.freshrss.path];
+        env_file = [secrets.freshrss.path];
 
         environment = {
           POSTGRES_DB = "\${DB_BASE:-freshrss}";
@@ -67,7 +66,7 @@ in {
       };
 
       "bridge.nelim.org" = {
-        image = import ./images/rss-bridge.nix pkgs;
+        image = pkgs.callPackage ./images/rss-bridge.nix pkgs;
         restart = "always";
 
         volumes = [
@@ -79,4 +78,7 @@ in {
       };
     };
   };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }

configurations/nos/modules/docker/gameyfin/compose.nix

@@ -1,19 +1,19 @@
-{
+rwDataDir: {
   config,
   pkgs,
   ...
 }: let
   inherit (config.sops) secrets;
 in {
-  khepri.compositions."gameyfin" = {
+  virtualisation.docker.compose."gameyfin" = {
     networks.proxy_net = {external = true;};
 
     services."gameyfin" = {
-      image = import ./images/gameyfin.nix pkgs;
+      image = pkgs.callPackage ./images/gameyfin.nix pkgs;
       restart = "always";
       user = "1000:1000";
 
-      environmentFiles = [secrets.gameyfin.path];
+      env_file = [secrets.gameyfin.path];
       environment.GAMEYFIN_USER = "mathis";
 
       volumes = [
@@ -25,4 +25,7 @@ in {
       networks = ["proxy_net"];
     };
   };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }

configurations/nos/modules/docker/hauk/compose.nix

@@ -1,9 +1,9 @@
-{pkgs, ...}: {
+rwDataDir: {pkgs, ...}: {
-  khepri.compositions."hauk" = {
+  virtualisation.docker.compose."hauk" = {
     networks.proxy_net = {external = true;};
 
     services."hauk" = {
-      image = import ./images/hauk.nix pkgs;
+      image = pkgs.callPackage ./images/hauk.nix pkgs;
       restart = "always";
       ports = ["3003:80"];
       networks = ["proxy_net"];
@@ -11,4 +11,7 @@
       volumes = ["${./config.php}:/etc/hauk/config.php:ro"];
     };
   };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }

configurations/nos/modules/docker/immich/compose.nix

@@ -1,4 +1,4 @@
-{
+rwDataDir: {
   config,
   lib,
   pkgs,
@@ -7,7 +7,6 @@
   inherit (lib) attrValues;
 
   inherit (config.sops) secrets;
-  inherit (config.khepri) rwDataDir;
 
   rwPath = rwDataDir + "/immich";
 
@@ -42,16 +41,16 @@ in {
   ];
 
   # Docker compose
-  khepri.compositions."immich" = {
+  virtualisation.docker.compose."immich" = {
     networks.proxy_net = {external = true;};
 
     services = {
       "immich_server" = {
-        image = import ./images/server.nix pkgs;
+        image = pkgs.callPackage ./images/server.nix pkgs;
 
         restart = "always";
 
-        environmentFiles = [
+        env_file = [
           envFile
           secrets.immich.path
         ];
@@ -66,17 +65,17 @@ in {
         ];
         networks = ["proxy_net"];
 
-        dependsOn = ["immich_redis" "immich_postgres"];
+        depends_on = ["immich_redis" "immich_postgres"];
 
         environment.NODE_ENV = "production";
       };
 
       "immich_machine_learning" = {
-        image = import ./images/machine-learning.nix pkgs;
+        image = pkgs.callPackage ./images/machine-learning.nix pkgs;
 
         restart = "always";
 
-        environmentFiles = [
+        env_file = [
           envFile
           secrets.immich.path
         ];
@@ -88,11 +87,11 @@ in {
       };
 
       "immich_redis" = {
-        image = import ./images/redis.nix pkgs;
+        image = pkgs.callPackage ./images/redis.nix pkgs;
 
         restart = "always";
 
-        environmentFiles = [
+        env_file = [
           envFile
           secrets.immich.path
         ];
@@ -101,11 +100,11 @@ in {
       };
 
       "immich_postgres" = {
-        image = import ./images/postgres.nix pkgs;
+        image = pkgs.callPackage ./images/postgres.nix pkgs;
 
         restart = "always";
 
-        environmentFiles = [
+        env_file = [
           envFile
           secrets.immich.path
         ];
@@ -123,4 +122,7 @@ in {
       };
     };
   };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }

configurations/nos/modules/docker/media/bazarr/compose.nix

@@ -1,17 +1,11 @@
-{
+rwDataDir: {pkgs, ...}: let
-  config,
-  pkgs,
-  ...
-}: let
-  inherit (config.khepri) rwDataDir;
-
   rwPath = rwDataDir + "/media/bazarr";
 in {
-  khepri.compositions."bazarr" = {
+  virtualisation.docker.compose."bazarr" = {
     networks.proxy_net = {external = true;};
 
     services."bazarr" = {
-      image = import ./images/bazarr.nix pkgs;
+      image = pkgs.callPackage ./images/bazarr.nix pkgs;
       restart = "always";
 
       environment = {
@@ -33,4 +27,7 @@ in {
       networks = ["proxy_net"];
     };
   };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }

configurations/nos/modules/docker/media/joal/compose.nix

@@ -1,23 +1,17 @@
-{
+rwDataDir: {pkgs, ...}: let
-  config,
-  pkgs,
-  ...
-}: let
-  inherit (config.khepri) rwDataDir;
-
   rwPath = rwDataDir + "/media/joal";
 in {
-  khepri.compositions."joal" = {
+  virtualisation.docker.compose."joal" = {
     networks.proxy_net = {external = true;};
 
     services."joal" = {
-      image = import ./images/joal.nix pkgs;
+      image = pkgs.callPackage ./images/joal.nix pkgs;
       restart = "always";
 
       volumes = ["${rwPath}/data:/data"];
       ports = ["5656:5656"];
 
-      cmd = [
+      command = [
         "--joal-conf=/data"
         "--spring.main.web-environment=true"
         "--server.port=5656"
@@ -27,4 +21,7 @@ in {
       networks = ["proxy_net"];
     };
   };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }

configurations/nos/modules/docker/media/prowlarr/compose.nix

@@ -1,18 +1,12 @@
-{
+rwDataDir: {pkgs, ...}: let
-  config,
-  pkgs,
-  ...
-}: let
-  inherit (config.khepri) rwDataDir;
-
   rwPath = rwDataDir + "/media/prowlarr";
 in {
-  khepri.compositions."prowlarr" = {
+  virtualisation.docker.compose."prowlarr" = {
     networks.proxy_net = {external = true;};
 
     services = {
       "prowlarr" = {
-        image = import ./images/prowlarr.nix pkgs;
+        image = pkgs.callPackage ./images/prowlarr.nix pkgs;
         restart = "always";
 
         environment = {
@@ -28,7 +22,7 @@ in {
       };
 
       "flaresolverr" = {
-        image = import ./images/flaresolverr.nix pkgs;
+        image = pkgs.callPackage ./images/flaresolverr.nix pkgs;
         restart = "always";
 
         environment = {
@@ -43,9 +37,12 @@ in {
 
         ports = ["8191:8191"];
 
-        dependsOn = ["prowlarr"];
+        depends_on = ["prowlarr"];
         networks = ["proxy_net"];
       };
     };
   };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }

configurations/nos/modules/docker/media/radarr/compose.nix

@@ -1,17 +1,11 @@
-{
+rwDataDir: {pkgs, ...}: let
-  config,
-  pkgs,
-  ...
-}: let
-  inherit (config.khepri) rwDataDir;
-
   rwPath = rwDataDir + "/media/radarr";
 in {
-  khepri.compositions."radarr" = {
+  virtualisation.docker.compose."radarr" = {
     networks.proxy_net = {external = true;};
 
     services."radarr" = {
-      image = import ./images/radarr.nix pkgs;
+      image = pkgs.callPackage ./images/radarr.nix pkgs;
       restart = "always";
 
       ports = ["7878:7878"];
@@ -31,4 +25,7 @@ in {
       networks = ["proxy_net"];
     };
   };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }

configurations/nos/modules/docker/media/sabnzbd/compose.nix

@@ -1,17 +1,11 @@
-{
+rwDataDir: {pkgs, ...}: let
-  config,
-  pkgs,
-  ...
-}: let
-  inherit (config.khepri) rwDataDir;
-
   rwPath = rwDataDir + "/media/sabnzbd";
 in {
-  khepri.compositions."sabnzbd" = {
+  virtualisation.docker.compose."sabnzbd" = {
     networks.proxy_net = {external = true;};
 
     services."sabnzbd" = {
-      image = import ./images/sabnzbd.nix pkgs;
+      image = pkgs.callPackage ./images/sabnzbd.nix pkgs;
       restart = "always";
 
       ports = ["8382:8082"];
@@ -31,4 +25,7 @@ in {
       networks = ["proxy_net"];
     };
   };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }

configurations/nos/modules/docker/media/seerr/compose.nix

@@ -1,17 +1,11 @@
-{
+rwDataDir: {pkgs, ...}: let
-  config,
-  pkgs,
-  ...
-}: let
-  inherit (config.khepri) rwDataDir;
-
   rwPath = rwDataDir + "/media/seerr";
 in {
-  khepri.compositions."seerr" = {
+  virtualisation.docker.compose."seerr" = {
     networks.proxy_net = {external = true;};
 
     services."seerr" = {
-      image = import ./images/jellyseerr.nix pkgs;
+      image = pkgs.callPackage ./images/jellyseerr.nix pkgs;
       restart = "always";
 
       environment = {
@@ -27,4 +21,7 @@ in {
       ports = ["5055:5055"];
     };
   };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }

configurations/nos/modules/docker/media/sonarr/compose.nix

@@ -1,17 +1,11 @@
-{
+rwDataDir: {pkgs, ...}: let
-  config,
-  pkgs,
-  ...
-}: let
-  inherit (config.khepri) rwDataDir;
-
   rwPath = rwDataDir + "/media/sonarr";
 in {
-  khepri.compositions."sonarr" = {
+  virtualisation.docker.compose."sonarr" = {
     networks.proxy_net = {external = true;};
 
     services."sonarr" = {
-      image = import ./images/sonarr.nix pkgs;
+      image = pkgs.callPackage ./images/sonarr.nix pkgs;
       restart = "always";
 
       ports = ["8989:8989"];
@@ -31,4 +25,7 @@ in {
       networks = ["proxy_net"];
     };
   };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }

configurations/nos/modules/docker/music/jbots/compose.nix

@@ -1,21 +1,19 @@
-{
+rwDataDir: {
-  config,
   pkgs,
   self,
   ...
 }: let
   inherit (self.packages.${pkgs.system}) jmusicbot;
-  inherit (config.khepri) rwDataDir;
 
   rwPath = rwDataDir + "/music/jbots";
-  image = import ./images/jmusicbot.nix {inherit pkgs jmusicbot;};
+  image = pkgs.callPackage ./images/jmusicbot.nix {inherit pkgs jmusicbot;};
 in {
-  khepri.compositions."jbots" = {
+  virtualisation.docker.compose."jbots" = {
     networks.proxy_net = {external = true;};
 
     services = {
       "musicbot_be" = {
-        containerName = "be";
+        container_name = "be";
         restart = "always";
         inherit image;
 
@@ -26,7 +24,7 @@ in {
       };
 
       "musicbot_br" = {
-        containerName = "br";
+        container_name = "br";
         restart = "always";
         inherit image;
 
@@ -37,4 +35,7 @@ in {
       };
     };
   };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }

configurations/nos/modules/docker/nextcloud/compose.nix

@@ -1,20 +1,19 @@
-{
+rwDataDir: {
   config,
   pkgs,
   ...
 }: let
   inherit (config.sops) secrets;
-  inherit (config.khepri) rwDataDir;
 
   mainContainerName = "app-server";
   rwPath = rwDataDir + "/nextcloud";
 in {
-  khepri.compositions."nextcloud" = {
+  virtualisation.docker.compose."nextcloud" = {
     networks.proxy_net = {external = true;};
 
     services = {
       "${mainContainerName}" = {
-        image = import ./images/nextcloud.nix pkgs;
+        image = pkgs.callPackage ./images/nextcloud.nix pkgs;
         restart = "always";
 
         expose = [
@@ -29,7 +28,7 @@ in {
           "/data/docs:/var/www/drive"
         ];
 
-        environmentFiles = [secrets.nextcloud.path];
+        env_file = [secrets.nextcloud.path];
 
         environment = {
           POSTGRES_DB = "nextcloud";
@@ -60,7 +59,7 @@ in {
             exec /app/ds/run-document-server.sh
           '';
       in {
-        image = import ./images/onlyoffice.nix pkgs;
+        image = pkgs.callPackage ./images/onlyoffice.nix pkgs;
         restart = "always";
 
         environment.JWT_ENABLED = "false";
@@ -90,7 +89,7 @@ in {
       };
 
       "nginx-server" = {
-        image = import ./images/nginx.nix pkgs;
+        image = pkgs.callPackage ./images/nginx.nix pkgs;
         restart = "always";
         ports = ["8042:80"];
 
@@ -102,9 +101,9 @@ in {
       };
 
       "nextcloud-db" = {
-        image = import ./images/postgres.nix pkgs;
+        image = pkgs.callPackage ./images/postgres.nix pkgs;
         restart = "always";
-        environmentFiles = [secrets.nextcloud.path];
+        env_file = [secrets.nextcloud.path];
         volumes = [
           "${rwPath}/database:/var/lib/postgresql/data"
           "/etc/localtime:/etc/localtime:ro"
@@ -122,11 +121,13 @@ in {
             exec redis-server --requirepass "$REDIS_HOST_PASSWORD"
           '';
       in {
-        image = import ./images/redis.nix pkgs;
+        image = pkgs.callPackage ./images/redis.nix pkgs;
         restart = "always";
-        #mem_limit = "2048m";
+
-        #mem_reservation = "512m";
+        mem_limit = "2048m";
-        environmentFiles = [secrets.nextcloud.path];
+        mem_reservation = "512m";
+
+        env_file = [secrets.nextcloud.path];
 
         entrypoint = "/entrypoint.sh";
 
@@ -148,12 +149,15 @@ in {
   };
   systemd.services.nextcloud-cron = {
     description = "Nextcloud Cron";
-    requires = ["docker-nextcloud_app-server.service"];
+    requires = ["compose-nextcloud.service"];
-    after = ["docker-nextcloud_app-server.service"];
+    after = ["compose-nextcloud.service"];
 
     serviceConfig = {
       Type = "oneshot";
-      ExecStart = "${pkgs.docker}/bin/docker exec -u www-data nextcloud_${mainContainerName} php -f /var/www/html/cron.php";
+      ExecStart = "${pkgs.docker}/bin/docker exec -u www-data ${mainContainerName} php -f /var/www/html/cron.php";
     };
   };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }

configurations/nos/modules/docker/resume/compose.nix

@@ -1,19 +1,18 @@
-{
+rwDataDir: {
   config,
   pkgs,
   ...
 }: let
   inherit (config.sops) secrets;
-  inherit (config.khepri) rwDataDir;
 
   rwPath = rwDataDir + "/resume";
 in {
-  khepri.compositions."resume" = {
+  virtualisation.docker.compose."resume" = {
     networks.proxy_net = {external = true;};
 
     services = {
       "postgres" = {
-        image = import ./images/postgres.nix pkgs;
+        image = pkgs.callPackage ./images/postgres.nix pkgs;
         restart = "always";
 
         ports = ["5432:5432"];
@@ -22,19 +21,19 @@ in {
           "${rwPath}/db:/var/lib/postgresql/data"
         ];
 
-        environmentFiles = [secrets.resume.path];
+        env_file = [secrets.resume.path];
         networks = ["proxy_net"];
       };
 
       "server" = {
-        image = import ./images/resume-server.nix pkgs;
+        image = pkgs.callPackage ./images/resume-server.nix pkgs;
         restart = "always";
 
         ports = ["3100:3100"];
 
-        dependsOn = ["postgres"];
+        depends_on = ["postgres"];
 
-        environmentFiles = [secrets.resume.path];
+        env_file = [secrets.resume.path];
 
         environment = {
           PUBLIC_URL = "https://resume.nelim.org";
@@ -44,12 +43,12 @@ in {
       };
 
       "client" = {
-        image = import ./images/resume-client.nix pkgs;
+        image = pkgs.callPackage ./images/resume-client.nix pkgs;
         restart = "always";
 
         ports = ["3060:3000"];
 
-        dependsOn = ["server"];
+        depends_on = ["server"];
 
         environment = {
           PUBLIC_URL = "https://resume.nelim.org";
@@ -59,4 +58,7 @@ in {
       };
     };
   };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }

configurations/nos/modules/docker/vaultwarden/compose.nix

@@ -1,18 +1,12 @@
-{
+rwDataDir: {pkgs, ...}: let
-  config,
-  pkgs,
-  ...
-}: let
-  inherit (config.khepri) rwDataDir;
-
   rwPath = rwDataDir + "/vaultwarden";
 in {
-  khepri.compositions."vaultwarden" = {
+  virtualisation.docker.compose."vaultwarden" = {
     networks.proxy_net = {external = true;};
 
     services = {
       "public-vault" = {
-        image = import ./images/vaultwarden.nix pkgs;
+        image = pkgs.callPackage ./images/vaultwarden.nix pkgs;
         restart = "always";
 
         ports = ["8781:80"];
@@ -22,7 +16,7 @@ in {
       };
 
       "private-vault" = {
-        image = import ./images/vaultwarden.nix pkgs;
+        image = pkgs.callPackage ./images/vaultwarden.nix pkgs;
         restart = "always";
 
         ports = ["8780:80"];
@@ -32,4 +26,7 @@ in {
       };
     };
   };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }

configurations/nos/modules/docker/wg-easy/compose.nix

@@ -1,21 +1,15 @@
-{
+rwDataDir: {pkgs, ...}: let
-  config,
-  pkgs,
-  ...
-}: let
-  inherit (config.khepri) rwDataDir;
-
   rwPath = rwDataDir + "/wg-easy";
 in {
-  khepri.compositions."wg-easy" = {
+  virtualisation.docker.compose."wg-easy" = {
     networks.proxy_net = {external = true;};
 
     services."wg-easy" = {
-      image = import ./images/wg-easy.nix pkgs;
+      image = pkgs.callPackage ./images/wg-easy.nix pkgs;
       restart = "always";
       privileged = true;
 
-      capAdd = [
+      cap_add = [
         "NET_ADMIN"
         "SYS_MODULE"
       ];
@@ -45,4 +39,7 @@ in {
       networks = ["proxy_net"];
     };
   };
+
+  # For accurate stack trace
+  _file = ./compose.nix;
 }

configurations/nos/modules/jellyfin/jfa-go.nix

@@ -5,16 +5,13 @@
 }: let
   jellyService = config.systemd.services.jellyfin.serviceConfig;
 in {
-  systemd.services."docker-jfa-go_jfa-go" = {
+  virtualisation.docker.compose."jfa-go" = {
-    after = ["jellyfin.service"];
+    systemdDependencies = ["jellyfin.service"];
-    partOf = ["jellyfin.service"];
-  };
 
-  khepri.compositions."jfa-go" = {
     networks.proxy_net = {external = true;};
 
     services."jfa-go" = {
-      image = import ./images/jfa-go.nix pkgs;
+      image = pkgs.callPackage ./images/jfa-go.nix pkgs;
       restart = "always";
 
       ports = ["8056:8056"];

configurations/servivi/default.nix

@@ -74,7 +74,8 @@
     sshd.enable = true;
   };
 
-  khepri.enable = true;
+  roles.docker.enable = true;
+
   services.kmscon.enable = true;
 
   home-manager.users.${mainUser} = {

configurations/wim/default.nix

@@ -88,6 +88,8 @@
     tailscale.enable = true;
   };
 
+  roles.docker.enable = true;
+
   boot.plymouth = {
     enable = true;
     theme = "dracula";
@@ -96,7 +98,6 @@
     ];
   };
 
-  khepri.enable = true;
   services.kmscon.enable = true;
 
   home-manager.users.${mainUser} = {

inputs/default.nix

@@ -144,9 +144,9 @@ let
   };
 
   nosInputs = {
-    khepri = mkInput {
+    docker-compose = mkInput {
       owner = "matt1432";
-      repo = "khepri";
+      repo = "nixos-docker-compose";
     };
 
     jellyfin-flake = mkInput {

modules/README.md

@@ -11,7 +11,7 @@ This directory contains every modules for NixOS exposed by this flake.
 | `borgbackup` | Sets up a wrapper around `services.borgbackup` to setup default behaviour and make configuration of backups easier. |
 | `caddy-plus` | Extends the caddy options to allow declaring subdirectory routes and reverse proxy directives through nix code. |
 | `desktop` | Sets up a Display Manager, a Desktop Environment and themes for any graphical apps to use the Dracula Theme. This module uses Hyprland as window manager and AGS / Astal for the UI. |
-| `docker` | Imports my [Khepri fork](https://github.com/matt1432/khepri), sets default options such as BTRFS filesystem and adds an update script for images. |
+| `docker` | Imports [nixos-docker-compose](https://github.com/matt1432/nixos-docker-compose), sets default options such as BTRFS filesystem and adds an update script for images. |
 | `esphome-plus` | Fixes a bug with compilation of m5-atom-stack firmware and allows declaring firmware configurations in nix code. |
 | `ha-plus` | Extends the home-assistant options to allow declaring the content of specific configuration files in the home-assistant configuration directory such as custom sentences through nix code. |
 | `kmscon` | Extends the kmscon options to add more descriptive ones. |

modules/default.nix

@@ -50,10 +50,10 @@ in {
 
   docker =
     module
-    (import ./docker self.inputs.khepri)
+    (import ./docker self)
     ''
-      Imports my [Khepri fork](https://github.com/matt1432/khepri), sets default
+      Imports [nixos-docker-compose](https://github.com/matt1432/nixos-docker-compose),
-      options such as BTRFS filesystem and adds an update script for images.
+      sets default options such as BTRFS filesystem and adds an update script for images.
     '';
 
   esphome-plus =

modules/docker/.template/compose.nix

@@ -1,10 +1,12 @@
-{config, ...}: let
+rwDataDir: {config, ...}: let
   inherit (config.sops) secrets;
-  inherit (config.khepri) rwDataDir;
 
   rwPath = rwDataDir + "/projectName";
 in {
-  khepri.compositions."projectName" = {
+  virtualisation.docker.compose."projectName" = {
     services = {};
   };
+
+  # For accurate stack trace
+  _file = ./default.nix;
 }

modules/docker/default.nix

@@ -1,4 +1,4 @@
-khepri: {
+self: {
   config,
   lib,
   pkgs,
@@ -6,11 +6,11 @@ khepri: {
 }: let
   inherit (lib) mkIf mkOption types;
 
-  cfg = config.khepri;
+  cfg = config.roles.docker;
 in {
-  imports = [khepri.nixosModules.default];
+  imports = [self.inputs.docker-compose.nixosModules.default];
 
-  options.khepri = {
+  options.roles.docker = {
     enable = mkOption {
       default = cfg.compositions != {};
       type = types.bool;
@@ -19,14 +19,6 @@ in {
       '';
     };
 
-    rwDataDir = mkOption {
-      default = "/var/lib/docker";
-      type = types.str;
-      description = ''
-        Directory to place persistent data in.
-      '';
-    };
-
     storageDriver = mkOption {
       default = "btrfs"; # I use BTRFS on all my servers
       type = types.str;
@@ -41,12 +33,9 @@ in {
 
         daemon.settings.dns = ["8.8.8.8" "1.1.1.1"];
       };
-
-      # khepri uses oci-containers under the hood and it must be set to docker to work
-      oci-containers.backend = "docker";
     };
 
-    # Script for updating the images of all images of a compose.nix file
+    # Script for updating the images of a compose.nix file
     environment.systemPackages = [
       (pkgs.callPackage ./updateImage.nix {})
     ];