diff --git a/roles/admin.nix b/roles/admin.nix
index 439f110..9797b1e 100644
--- a/roles/admin.nix
+++ b/roles/admin.nix
@@ -8,47 +8,17 @@ in {
     kubectl
     pwgen
     whois
+    unstable.argocd
     unstable.kubernetes-helm
     unstable.kustomize
     unstable.vault
 
-    # podman
-    conmon
-    fuse-overlayfs
-    podman
     podman-compose
-    runc
-    slirp4netns
+    fuse-overlayfs
   ];
 
-  users.users.stefan.subUidRanges = [{ startUid = 100000; count = 65536; }];
-  users.users.stefan.subGidRanges = [{ startGid = 100000; count = 65536; }];
-
-  environment.etc."containers/policy.json" = {
-    mode="0644";
-    text=''
-      {
-        "default": [
-          {
-            "type": "insecureAcceptAnything"
-          }
-        ],
-        "transports":
-          {
-            "docker-daemon":
-              {
-                "": [{"type":"insecureAcceptAnything"}]
-              }
-          }
-      }
-    '';
-  };
-
-  environment.etc."containers/registries.conf" = {
-    mode="0644";
-    text=''
-      [registries.search]
-      registries = ['docker.io', 'quay.io']
-    '';
+  virtualisation.podman = {
+    enable = true;
+    dockerCompat = true;
   };
 }
diff --git a/roles/base.nix b/roles/base.nix
index b61b74a..6070db7 100644
--- a/roles/base.nix
+++ b/roles/base.nix
@@ -98,4 +98,10 @@ in {
 
   services.resolved.enable = true;
   services.lorri.enable = true;
+
+  services.zfs.autoSnapshot = {
+    enable = true;
+    frequent = 8;
+    monthly = 6;
+  };
 }