diff --git a/hosts/andromeda/configuration.nix b/hosts/andromeda/configuration.nix
index 8ccc55f..708db1a 100755
--- a/hosts/andromeda/configuration.nix
+++ b/hosts/andromeda/configuration.nix
@@ -18,6 +18,7 @@
     # Docker stacks
     ./stacks/traefik/docker-compose.nix
     ./stacks/caddy/docker-compose.nix
+    ./stacks/portainer/docker-compose.nix
     ./stacks/forgejo/docker-compose.nix
     ./stacks/mcaptcha/docker-compose.nix
     ./stacks/terah.dev/docker-compose.nix
diff --git a/hosts/andromeda/stacks/portainer/docker-compose.nix b/hosts/andromeda/stacks/portainer/docker-compose.nix
new file mode 100644
index 0000000..3d48d48
--- /dev/null
+++ b/hosts/andromeda/stacks/portainer/docker-compose.nix
@@ -0,0 +1,84 @@
+# Auto-generated using compose2nix v0.3.1.
+{ pkgs, lib, ... }:
+
+{
+  # Containers
+  virtualisation.oci-containers.containers."portainer-portainer" = {
+    image = "portainer/portainer-ce:lts";
+    volumes = [
+      "/var/run/docker.sock:/var/run/docker.sock:rw"
+      "portainer_portainer:/data:rw"
+    ];
+    labels = {
+      "traefik.http.routers.terahdev.rule" = "Host(`portainer.hofers.cloud`)";
+      "traefik.http.services.gitterahdev.loadbalancer.server.port" = "9000";
+    };
+    log-driver = "journald";
+    extraOptions = [
+      "--network-alias=portainer"
+      "--network=portainer_default"
+    ];
+  };
+
+  systemd.services."docker-portainer-portainer" = {
+    serviceConfig = {
+      Restart = lib.mkOverride 90 "on-failure";
+      RestartMaxDelaySec = lib.mkOverride 90 "1m";
+      RestartSec = lib.mkOverride 90 "100ms";
+      RestartSteps = lib.mkOverride 90 9;
+    };
+    after = [
+      "docker-network-portainer_default.service"
+      "docker-volume-portainer_portainer.service"
+    ];
+    requires = [
+      "docker-network-portainer_default.service"
+      "docker-volume-portainer_portainer.service"
+    ];
+    partOf = [
+      "docker-compose-portainer-root.target"
+    ];
+    wantedBy = [
+      "docker-compose-portainer-root.target"
+    ];
+  };
+
+  # Networks
+  systemd.services."docker-network-portainer_default" = {
+    path = [ pkgs.docker ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStop = "docker network rm -f portainer_default";
+    };
+    script = ''
+      docker network inspect portainer_default || docker network create portainer_default
+    '';
+    partOf = [ "docker-compose-portainer-root.target" ];
+    wantedBy = [ "docker-compose-portainer-root.target" ];
+  };
+
+  # Volumes
+  systemd.services."docker-volume-portainer_portainer" = {
+    path = [ pkgs.docker ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+    script = ''
+      docker volume inspect portainer_portainer || docker volume create portainer_portainer
+    '';
+    partOf = [ "docker-compose-portainer-root.target" ];
+    wantedBy = [ "docker-compose-portainer-root.target" ];
+  };
+
+  # Root service
+  # When started, this will automatically create all resources and start
+  # the containers. When stopped, this will teardown all resources.
+  systemd.targets."docker-compose-portainer-root" = {
+    unitConfig = {
+      Description = "Root target generated by compose2nix.";
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+}