{
  pkgs,
  lib,
  ...
}: {
  systemd.user.services = let
    startup = pkgs.writeScript "dockerd-rootless" ''
      #!/bin/sh
      exec ${pkgs.rootlesskit}/bin/rootlesskit \
        --net=slirp4netns --mtu=65520 \
        --slirp4netns-sandbox=auto \
        --slirp4netns-seccomp=auto \
        --disable-host-loopback --port-driver=builtin \
        --copy-up=/etc --copy-up=/run \
        --propagation=rslave \
        ${pkgs.docker}/bin/dockerd
    '';
  in {
    docker = {
      Unit = {
        Description = "Docker Application Container Engine (Rootless)";
        Documentation = ["https://docs.docker.com/go/rootless/"];
      };

      Service = {
        ExecStart = "${startup}";
        Environment = ["PATH=${lib.makeBinPath (with pkgs; [fuse-overlayfs rootlesskit slirp4netns docker docker-compose])}:/usr/bin"];
        ExecReload = "/bin/kill -s HUP $MAINPID";
        TimeoutSec = "0";
        RestartSec = "2";
        Restart = "always";
        StartLimitBurst = "3";
        StartLimitInterval = "60s";
        LimitNOFILE = "infinity";
        LimitNPROC = "infinity";
        LimitCORE = "infinity";
        TasksMax = "infinity";
        Delegate = "yes";
        Type = "notify";
        NotifyAccess = "all";
        KillMode = "mixed";
      };

      Install = {
        WantedBy = ["default.target"];
      };
    };
  };
}