{ pkgs, ... }:

{
  environment.etc."containers/libpod.conf".text = ''
    runtime_path = ["${pkgs.runc}/bin/runc"]
    conmon_path = ["${pkgs.conmon}/bin/conmon"]
  '';

  environment.etc."containers/policy.json".text = builtins.toJSON {
    # Not insecure when I'm manually pulling images on a workstation.
    default = [ { type = "insecureAcceptAnything"; } ];
  };

  environment.etc."containers/registries.conf".text = ''
    [registries.search]
    registries = ['docker.io']
  '';

  environment.systemPackages = with pkgs;
    let
      podman-bin = writeShellScriptBin "podman" ''
        HOME="$XDG_CONFIG_HOME/podman"
        exec ${podman}/bin/podman "$@"
      '';
    in
      [ podman-bin podman.man runc conmon slirp4netns ];

  users.users.qyliss.xdg.config.paths."podman/.config/containers/libpod.conf" =
    pkgs.writeText "libpod.conf" ''
      runtime_path = ["${pkgs.runc}/bin/runc"]
      conmon_path = ["${pkgs.conmon}/bin/conmon"]
    '';

  users.users.qyliss.xdg.config.paths."podman/.config/containers/storage.conf" =
    pkgs.writeText "storage.conf" ''
      [storage]
      driver = "zfs"
      runroot = "/tmp/1000"
      graphroot = "/home/state/podman/containers/storage"
    '';

  home.qyliss.dirs."state/containers" = {};
  home.qyliss.dirs."state/podman" = {};
}