diff --git a/system/services/portainer-agent.nix b/system/services/portainer-agent.nix
index b90c34e9..4a7d2e6d 100644
--- a/system/services/portainer-agent.nix
+++ b/system/services/portainer-agent.nix
@@ -3,36 +3,42 @@
   lib,
   pkgs,
   ...
-}: {
-  virtualisation.oci-containers.containers.portainer-agent = {
-    image = "portainer/agent:latest";
-    autoStart = true;
+}: let
+  # Match this with the portainer-ce version
+  portainerVersion = "2.31.3";
+in {
+  # Use the agent to connect clients to a main portainer instance
+  virtualisation.oci-containers.containers = {
+    portainer-agent = {
+      image = "portainer/agent:${portainerVersion}";
+      autoStart = true;
 
-    login = {
-      # Uses DockerHub by default
-      # registry = "";
+      login = {
+        # Uses DockerHub by default
+        # registry = "";
 
-      # DockerHub Credentials
-      username = "christoph.urlacher@protonmail.com";
-      passwordFile = "${config.sops.secrets.docker-password.path}";
+        # DockerHub Credentials
+        username = "christoph.urlacher@protonmail.com";
+        passwordFile = "${config.sops.secrets.docker-password.path}";
+      };
+
+      dependsOn = [];
+
+      ports = [
+        "9001:9001"
+      ];
+
+      volumes = [
+        "/var/run/docker.sock:/var/run/docker.sock"
+        "/var/lib/docker/volumes:/var/lib/docker/volumes"
+      ];
+
+      environment = {};
+
+      extraOptions = [
+        # This container needs to be accessible from another machine inside the LAN
+        # "--net=behind-nginx"
+      ];
     };
-
-    dependsOn = [];
-
-    ports = [
-      "9001:9001"
-    ];
-
-    volumes = [
-      "/var/run/docker.sock:/var/run/docker.sock"
-      "/var/lib/docker/volumes:/var/lib/docker/volumes"
-    ];
-
-    environment = {};
-
-    extraOptions = [
-      # This container needs to be accessible from another machine inside the LAN
-      # "--net=behind-nginx"
-    ];
   };
 }
diff --git a/system/services/portainer.nix b/system/services/portainer.nix
index 272ba112..b797bb62 100644
--- a/system/services/portainer.nix
+++ b/system/services/portainer.nix
@@ -3,37 +3,42 @@
   lib,
   pkgs,
   ...
-}: {
-  virtualisation.oci-containers.containers.portainer = {
-    image = "portainer/portainer-ce:latest";
-    autoStart = true;
+}: let
+  # Match this with the portainer agent version
+  portainerVersion = "2.31.3";
+in {
+  virtualisation.oci-containers.containers = {
+    portainer = {
+      image = "portainer/portainer-ce:${portainerVersion}";
+      autoStart = true;
 
-    login = {
-      # Uses DockerHub by default
-      # registry = "";
+      login = {
+        # Uses DockerHub by default
+        # registry = "";
 
-      # DockerHub Credentials
-      username = "christoph.urlacher@protonmail.com";
-      passwordFile = "${config.sops.secrets.docker-password.path}";
+        # DockerHub Credentials
+        username = "christoph.urlacher@protonmail.com";
+        passwordFile = "${config.sops.secrets.docker-password.path}";
+      };
+
+      dependsOn = [];
+
+      ports = [
+        # "8000:8000"
+        # "9443:9443"
+      ];
+
+      volumes = [
+        "portainer_config:/data"
+
+        "/var/run/docker.sock:/var/run/docker.sock"
+      ];
+
+      environment = {};
+
+      extraOptions = [
+        "--net=behind-nginx"
+      ];
     };
-
-    dependsOn = [];
-
-    ports = [
-      # "8000:8000"
-      # "9443:9443"
-    ];
-
-    volumes = [
-      "portainer_config:/data"
-
-      "/var/run/docker.sock:/var/run/docker.sock"
-    ];
-
-    environment = {};
-
-    extraOptions = [
-      "--net=behind-nginx"
-    ];
   };
 }