{
  virtualisation = {
    containers.enable = true;
    oci-containers.backend = "podman";

    podman = {
      enable = true;

      # Create a `docker` alias for podman, to use it as a drop-in replacement
      dockerCompat = true;

      # Required for containers under podman-compose to be able to talk to each other.
      defaultNetwork.settings.dns_enabled = true;
    };
  };
  virtualisation.oci-containers.containers = {
    warpgate = {
      image = "ghcr.io/warp-tech/warpgate";
      ports = [
        "2222:2222"
        "8888:8888"
      ];
      volumes = [
        "/srv/warpgate/data:/data"
      ];
    };
  };

  systemd.tmpfiles.rules = [
    "d /srv/warpgate 0755 root root -"
    "d /srv/warpgate/data 0755 root root -"
  ];

  networking.firewall.allowedTCPPorts = [8888];
}