{
  pkgs,
  inputs,
  ...
}: {
  imports = [inputs.arion.nixosModules.arion];
  environment.systemPackages = [
    pkgs.arion
    pkgs.docker-client
  ];

  virtualisation = {
    podman = {
      enable = true;
      dockerSocket.enable = true;
      defaultNetwork.settings.dns_enabled = true;
    };
  };

  # need to open firewall for dns resolving. see https://github.com/NixOS/nixpkgs/issues/226365#issuecomment-1814296639
  networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];

  environment.persistence."/persist" = {
    hideMounts = true;
    directories = [
      "/var/lib/containers"
    ];
  };
}