{ config, pkgs, ... }: {
  users.users.omada = {
    isSystemUser = true;
    group = "omada";
    home = "/var/lib/omada";
    createHome = true;
  };
  users.groups.omada = { };
  users.groups.docker.members = [ "omada" ];

  # TODO: check if we can run docker service as other user than root
  virtualisation = {
    oci-containers.containers = {
      omada = {
        autoStart = false;
        image = "mbentley/omada-controller:5.14.26.1";
        volumes = [
          "/var/lib/omada/data:/opt/tplink/EAPController/data"
          "/var/lib/omada/logs:/opt/tplink/EAPController/logs"
        ];
        extraOptions = [
          "--network=server"
          "--mac-address=1a:c4:04:6e:29:bd"
          "--ip=10.42.97.2"
        ];
      };
    };
  };
}