diff --git a/roles/admin.nix b/roles/admin.nix
index 9797b1e..439f110 100644
--- a/roles/admin.nix
+++ b/roles/admin.nix
@@ -8,17 +8,47 @@ in {
     kubectl
     pwgen
     whois
-    unstable.argocd
     unstable.kubernetes-helm
     unstable.kustomize
     unstable.vault
 
-    podman-compose
+    # podman
+    conmon
     fuse-overlayfs
+    podman
+    podman-compose
+    runc
+    slirp4netns
   ];
 
-  virtualisation.podman = {
-    enable = true;
-    dockerCompat = true;
+  users.users.stefan.subUidRanges = [{ startUid = 100000; count = 65536; }];
+  users.users.stefan.subGidRanges = [{ startGid = 100000; count = 65536; }];
+
+  environment.etc."containers/policy.json" = {
+    mode="0644";
+    text=''
+      {
+        "default": [
+          {
+            "type": "insecureAcceptAnything"
+          }
+        ],
+        "transports":
+          {
+            "docker-daemon":
+              {
+                "": [{"type":"insecureAcceptAnything"}]
+              }
+          }
+      }
+    '';
+  };
+
+  environment.etc."containers/registries.conf" = {
+    mode="0644";
+    text=''
+      [registries.search]
+      registries = ['docker.io', 'quay.io']
+    '';
   };
 }
diff --git a/roles/base.nix b/roles/base.nix
index 6070db7..b61b74a 100644
--- a/roles/base.nix
+++ b/roles/base.nix
@@ -98,10 +98,4 @@ in {
 
   services.resolved.enable = true;
   services.lorri.enable = true;
-
-  services.zfs.autoSnapshot = {
-    enable = true;
-    frequent = 8;
-    monthly = 6;
-  };
 }