{config, ...}: {
  virtualisation = {
    docker.enable = true;
    oci-containers = {
      backend = "docker";
      containers = {
        portainer = {
          image = "portainer/portainer-ce:latest";
          ports = [ "9443:9443" ];
          volumes = [
            "/var/run/docker.sock:/var/run/docker.sock"
            "/var/lib/portainer:/data"
          ];

        };
      };
    };
  };
  networking.firewall.allowedTCPPorts = [ 9443 ];
}