{
  config,
  inputs,
  lib,
  pkgs,
  ...
}:
with lib;
let
  cfg = config.nixfiles.modules.podman;
in
{
  options.nixfiles.modules.podman.enable = mkEnableOption "Podman";

  config = mkIf cfg.enable {
    assertions = [
      {
        assertion = cfg.enable -> !config.nixfiles.modules.docker.enable;
        message = "Pick only one!";
      }
    ];

    nixfiles.modules.common.shell.aliases.p = "podman";

    secrets.containers-auth = {
      file = "${inputs.self}/secrets/containers-auth";
      path = "${config.dirs.config}/containers/auth.json";
      owner = my.username;
      inherit (config.my) group;
    };

    virtualisation.podman = {
      enable = true;
      dockerCompat = true;
      dockerSocket.enable = true;
    };

    environment.systemPackages = with pkgs; [ podman-compose ];

    my.extraGroups = [ "podman" ];

    hm.xdg.configFile = {
      "containers/registries.conf".source = pkgs.writers.writeTOML "containers-registries.toml" {
        registries.search.registries = [ "docker.io" ];
      };

      "containers/storage.conf".source = pkgs.writers.writeTOML "containers-storage.toml" {
        storage.driver = "overlay";
      };
    };
  };
}