diff --git a/system/services/nginx-proxy-manager.nix b/system/services/nginx-proxy-manager.nix
index 1e51fdf2..6afe7a21 100644
--- a/system/services/nginx-proxy-manager.nix
+++ b/system/services/nginx-proxy-manager.nix
@@ -3,41 +3,45 @@
   lib,
   pkgs,
   ...
-}: {
-  virtualisation.oci-containers.containers.nginx-proxy-manager = {
-    image = "jc21/nginx-proxy-manager:latest";
-    autoStart = true;
+}: let
+  nginxVersion = "2.12.6";
+in {
+  virtualisation.oci-containers.containers = {
+    nginx-proxy-manager = {
+      image = "jc21/nginx-proxy-manager:${nginxVersion}";
+      autoStart = true;
 
-    login = {
-      # Uses DockerHub by default
-      # registry = "";
+      login = {
+        # Uses DockerHub by default
+        # registry = "";
 
-      # DockerHub Credentials
-      username = "christoph.urlacher@protonmail.com";
-      passwordFile = "${config.sops.secrets.docker-password.path}";
+        # DockerHub Credentials
+        username = "christoph.urlacher@protonmail.com";
+        passwordFile = "${config.sops.secrets.docker-password.path}";
+      };
+
+      dependsOn = [];
+
+      ports = [
+        "80:80"
+        # "81:81" # Web interface
+        "443:443"
+      ];
+
+      volumes = [
+        "nginx_config:/data"
+        "nginx_snippets:/snippets"
+        "nginx_letsencrypt:/etc/letsencrypt"
+      ];
+
+      environment = {
+        DISABLE_IPV6 = "true";
+      };
+
+      extraOptions = [
+        # "--net=host"
+        "--net=behind-nginx"
+      ];
     };
-
-    dependsOn = [];
-
-    ports = [
-      "80:80"
-      # "81:81" # Web interface
-      "443:443"
-    ];
-
-    volumes = [
-      "nginx_config:/data"
-      "nginx_snippets:/snippets"
-      "nginx_letsencrypt:/etc/letsencrypt"
-    ];
-
-    environment = {
-      DISABLE_IPV6 = "true";
-    };
-
-    extraOptions = [
-      # "--net=host"
-      "--net=behind-nginx"
-    ];
   };
 }