diff --git a/docs/modules/nixos/open-webui-oci.md b/docs/modules/nixos/open-webui-oci.md
index cc258b4..17bd06b 100644
--- a/docs/modules/nixos/open-webui-oci.md
+++ b/docs/modules/nixos/open-webui-oci.md
@@ -9,19 +9,33 @@ View the [*synix* NixOS module on Forgejo](https://git.sid.ovh/sid/synix/tree/ma
 - [Homepage](https://openwebui.com/)
 - [GitHub](https://github.com/open-webui/open-webui)
 - [Environment Configuration](https://docs.openwebui.com/getting-started/env-configuration/)
+- [Nixpkgs Docker tools](https://github.com/NixOS/nixpkgs/blob/master/doc/build-helpers/images/dockertools.section.md)
 
 ## Configuration
 
 ```nix
-{ inputs, ... }:
-
 {
   imports = [ inputs.synix.nixosModules.open-webui-oci ];
 
   services.open-webui-oci.enable = true;
+
+  # You can provide an image to use:
+  services.open-webui-oci.image = pkgs.dockerTools.pullImage {
+    imageName = "ghcr.io/open-webui/open-webui";
+    imageDigest = "sha256:2deb90b0423473d8f97febced2e62b8fd898aa3eb61877bb3aa336370214c258";
+    hash = "sha256-2cdKfvZGUyPUm7TFXcf5OcG9ey4BvOZPUOVim1S2C+s=";
+    finalImageName = "ghcr.io/open-webui/open-webui";
+    finalImageTag = "0.8.5";
+  };
 }
 ```
 
+You can use `nix-prefetch-docker` to get the attribute set to pass to `dockerTools.pullImage`:
+
+```bash
+nix run nixpkgs#nix-prefetch-docker -- --image-name ghcr.io/open-webui/open-webui --arch amd64 --os linux --image-tag 0.8.5
+```
+
 ## Usage
 
 Visit the web interface at your specified location to create an admin account.
diff --git a/flake.nix b/flake.nix
index 20467b0..2c658d4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -219,6 +219,15 @@
               };
             in
             testPkgs.testers.runNixOSTest ./tests/run/synapse.nix;
+
+          # NOTE: disabled for now since the test takes too long to execute
+          # open-webui-oci-test =
+          #   let
+          #     testPkgs = import nixpkgs {
+          #       inherit system;
+          #     };
+          #   in
+          #   testPkgs.testers.runNixOSTest ./tests/run/open-webui-oci.nix;
         }
 
       );
diff --git a/modules/nixos/open-webui-oci/default.nix b/modules/nixos/open-webui-oci/default.nix
index 7daed62..a0bdbf0 100644
--- a/modules/nixos/open-webui-oci/default.nix
+++ b/modules/nixos/open-webui-oci/default.nix
@@ -8,6 +8,14 @@
 let
   cfg = config.services.open-webui-oci;
 
+  image = pkgs.dockerTools.pullImage {
+    imageName = "ghcr.io/open-webui/open-webui";
+    imageDigest = "sha256:2deb90b0423473d8f97febced2e62b8fd898aa3eb61877bb3aa336370214c258";
+    hash = "sha256-2cdKfvZGUyPUm7TFXcf5OcG9ey4BvOZPUOVim1S2C+s=";
+    finalImageName = "ghcr.io/open-webui/open-webui";
+    finalImageTag = "0.8.5";
+  };
+
   defaultEnv = {
     ANONYMIZED_TELEMETRY = "False";
     BYPASS_MODEL_ACCESS_CONTROL = "True";
@@ -42,11 +50,10 @@ in
 {
   options.services.open-webui-oci = {
     enable = mkEnableOption "Open WebUI container with Podman.";
-    version = mkOption {
-      type = types.str;
-      default = "main";
-      example = "v0.8.5";
-      description = "Container version string.";
+    image = mkOption {
+      type = types.package;
+      default = image;
+      description = "The Docker image to use (`pkgs.dockerTools.pullImage`).";
     };
     externalUrl = mkOption {
       type = types.nullOr types.str;
@@ -93,7 +100,8 @@ in
     virtualisation.oci-containers.backend = "podman";
 
     virtualisation.oci-containers.containers."open-webui" = {
-      image = "ghcr.io/open-webui/open-webui:${cfg.version}";
+      image = with cfg.image; imageName + ":" + imageTag;
+      imageFile = cfg.image;
       environment =
         defaultEnv
         // cfg.environment
diff --git a/tests/run/open-webui-oci.nix b/tests/run/open-webui-oci.nix
new file mode 100644
index 0000000..88bd652
--- /dev/null
+++ b/tests/run/open-webui-oci.nix
@@ -0,0 +1,37 @@
+let
+  port = 3000;
+in
+{
+  name = "open-webui-oci-test";
+
+  nodes.machine =
+    { ... }:
+    {
+      imports = [
+        ../../modules/nixos/open-webui-oci
+      ];
+
+      config = {
+        virtualisation.diskSize = 32768;
+        virtualisation.memorySize = 8192;
+
+        services.open-webui-oci = {
+          enable = true;
+          inherit port;
+        };
+
+        networking.firewall.enable = false;
+      };
+    };
+
+  testScript = ''
+    start_all()
+
+    machine.wait_for_unit("default.target")
+
+    machine.wait_for_unit("podman-open-webui.service")
+    machine.wait_for_open_port(${toString port})
+
+    machine.succeed("curl --fail --retry 10 --retry-delay 5 --retry-connrefused http://localhost:${toString port}/")
+  '';
+}