Pihole on Docker can't write files at all

I’m trying to get PiHole to run via Docker, but can’t seem to find a way to permit itself to exist.

virtualisation.oci-containers = {
          backend = "docker";
          containers = {
                        pihole = {
                                autoStart = true;
                                image = " pihole/pihole:latest";
                                # various attempts here
                                #user = "root:root";
                                environment = {
                                        VIRTUAL_HOST = "<host>";
                                        WEB_PORT = "8282";
                                extraOptions = [
    # required for port 53
                                ports = ["53:53" "8282:80"];
                                volumes = [
                                 # Again, various attemps here


It kind of starts, the web UI is available, but some content is missing and the logs reveal:

PHP error (2): fsockopen(): unable to connect to (Connection refused) in /var/www/html/admin/scripts/pi-hole/php/FTL.php:47

Now, that obviously looks like a permission issue, but I can’t figure out why. Some Google results suggested, that this is an issue with the mounted volumes,

I tried using podman and docker as backend, tried to use volumes, not paths (“volume:mount_path”), tried several location (including /tmp) and even nothing at all (so the container should write into some ephemeral storage). I also tried to run rootless and root-ful (if that’s a word), and played with different usernames (including nobody and root).

The image itself works fine, and starting the docker compose stack manually also seems to work, just the declarative way fails.

Am I completely misunderstanding something here?