{ pkgs, config, ... }: {
    # enable rootless docker for more security
    virtualisation.docker.rootless = {
        enable = true;
        setSocketVariable = true;
    };
    # regulary clean unused docker images
    virtualisation.docker.autoPrune.enable = true;
}