{ config, pkgs, ... }:
{
  environment.systemPackages = with pkgs; [
    podman
    podman-compose
  ];

  virtualisation = {
    oci-containers.backend = "podman";
    podman = {
      autoPrune = {
        dates = "weekly";
        enable = true;
        flags = [ "--all" ];
      };
      enable = true;

      # Create a `docker` alias for podman, to use it as a drop-in replacement
      dockerCompat = !config.virtualisation.docker.enable;

      # Required for containers under podman-compose to be able to talk to each other.
      defaultNetwork.settings.dns_enabled = true;
    };
  };
  networking.firewall.trustedInterfaces = [ "podman1" ];
  # For rootless Podman (adjust for your user):
  systemd.services.podman-network-lm-network = {
    serviceConfig.Type = "oneshot";
    wantedBy = [ "podman-chromadb.service" ];
    script = "${config.virtualisation.podman.package}/bin/podman network create lm-network || true";
  };
}