{lib, ...}: {
  networking.firewall.allowedTCPPorts = [8025 8123];

  systemd.services = {
    docker-rustlog.serviceConfig = {PrivateNetwork = lib.mkForce false;};
  };

  virtualisation.oci-containers.containers = {
    clickhouse = {
      image = "clickhouse/clickhouse-server:latest";
      environment = {
        CLICKHOUSE_DB = "rustlog";
        CLICKHOUSE_HOST = "192.168.1.25";
      };
      extraOptions = ["--network=host"];
      volumes = [
        "/home/notoh/rustlog/clickhouse:/var/lib/clickhouse:rw"
      ];
    };
    rustlog = {
      image = "ghcr.io/boring-nick/rustlog:master";
      ports = ["8025:8025"];
      volumes = [
        "/home/notoh/rustlog/config.json:/config.json"
      ];
      dependsOn = ["clickhouse"];
      extraOptions = ["--network=host"];
    };
  };
}