diff --git a/hosts/faunus-ater/modules/mealie.nix b/hosts/faunus-ater/modules/mealie.nix
index c7f659d..6ac6320 100644
--- a/hosts/faunus-ater/modules/mealie.nix
+++ b/hosts/faunus-ater/modules/mealie.nix
@@ -3,29 +3,17 @@
   config,
   ...
 }: {
-  virtualisation.oci-containers.containers."mealie" = {
-    image = "ghcr.io/mealie-recipes/mealie:v1.0.0-RC2";
-    ports = let port = builtins.toString config.state.services.eat.port; in ["${port}:${port}"];
-    environment = {
-      PUID = builtins.toString config.users.users.mealie.uid;
-      PGID = builtins.toString config.users.groups.mealie.gid;
+  services.mealie = {
+    enable = true;
+    listenAddress = "127.0.0.1";
+    port = config.state.services.eat.port;
+    settings = {
       ALLOW_SIGNUP = "false";
       TZ = "Europe/Berlin";
       BASE_URL = "https://eat.tammena.me";
       TOKEN_TIME = "8760";
     };
-    volumes = [
-      "/data/dirty/mealie:/app/data"
-    ];
   };
-
-  # Create user and group for the data
-  users.users.mealie = {
-    isSystemUser = true;
-    group = "mealie";
-  };
-  users.groups.mealie = {};
-
   # Configure nginx reverse proxy
   services.nginx.virtualHosts."eat.tammena.me" = {
     addSSL = true;
@@ -44,8 +32,10 @@
   };
 
   # Secrets
-  sops.secrets."certificate-key-eat-tammena-me" = {
-    owner = config.users.users.nginx.name;
-    mode = "0400";
+  sops.secrets = {
+    "certificate-key-eat-tammena-me" = {
+      owner = config.users.users.nginx.name;
+      mode = "0400";
+    };
   };
 }