{ config, pkgs, ... }:
{
  users.users.omada = {
    isSystemUser = true;
    group = "omada";
    home = "/var/lib/omada";
    createHome = true;
  };
  users.groups.omada = { };
  users.groups.docker.members = [ "omada" ];

  # TODO: check if we can run docker service as other user than root
  virtualisation = {
    oci-containers.containers = {
      omada = {
        image = "mbentley/omada-controller:5.9";
        volumes = [
          "/var/lib/omada/data:/opt/tplink/EAPController/data"
          "/var/lib/omada/logs:/opt/tplink/EAPController/logs"
        ];
      };
    };
  };
}