{ pkgs, ... }:
{
  virtualisation = {
    containers.enable = true;
    podman.enable = true;
    oci-containers.containers = {
      sonarr = {
        image = "my-sonarr:latest";
        imageFile = pkgs.dockerTools.buildLayeredImage {
          name = "my-sonarr";
          tag = "latest";
          contents = [ pkgs.busybox ];
          config = {
            User = "911:911";
            Umask = "002";
            Cmd = [
              "${pkgs.sonarr}/bin/NzbDrone"
              "-nobrowser"
              "-data=/config"
            ];
            Env = [
              "COMPlus_EnableDiagnostics=0"
              "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
            ];
          };
        };
        volumes = [
          "sonarr-config:/config"
          "/video-data:/data"
        ];
        environment.TZ = "America/New_York";
        labels = {
          swag = "enable";
          swag_url = "sonarr.icanttype.org";
          swag_port = "8989";
        };
        extraOptions = [
          "--pull=newer"
          "--network=www"
        ];
      };
    };
  };
}