{
  pkgs,
  lib,
  config,
  ...
}:

with lib;

let
  cfg = config.modules.podman;
in
{
  options.modules.podman = {
    enable = mkOption {
      default = false;
      example = true;
      description = mdDoc "Enable podman on this host";
    };
  };

  config = mkIf cfg.enable {
    virtualisation = {
      docker.enable = false;

      podman = {
        enable = true;
        defaultNetwork.settings.dns_enabled = true;
        autoPrune = {
          enable = true;
          dates = "weekly";
          flags = [ "--all" ];
        };
        extraPackages = [ pkgs.zfs ];
      };

      containers.storage.settings.storage = {
        driver = "zfs";
        graphroot = "/var/lib/containers/storage";
        runroot = "/run/containers/storage";
      };

      oci-containers.backend = "podman";
    };

    networking.firewall.interfaces."podman+" = {
      allowedUDPPorts = [ 53 ];
      allowedTCPPorts = [ 53 ];
    };
  };
}