{ pkgs, options, ...}:

let
  unstable = import <nixos-unstable> {};
in {
  environment.systemPackages = with pkgs; [
    cryptsetup
    kubectl
    pwgen
    whois
    unstable.argocd
    unstable.kubernetes-helm
    unstable.kustomize
    unstable.vault

    # podman
    conmon
    fuse-overlayfs
    podman
    podman-compose
    runc
    slirp4netns
  ];

  users.users.stefan.subUidRanges = [{ startUid = 100000; count = 65536; }];
  users.users.stefan.subGidRanges = [{ startGid = 100000; count = 65536; }];

  environment.etc."containers/policy.json" = {
    mode="0644";
    text=''
      {
        "default": [
          {
            "type": "insecureAcceptAnything"
          }
        ],
        "transports":
          {
            "docker-daemon":
              {
                "": [{"type":"insecureAcceptAnything"}]
              }
          }
      }
    '';
  };

  environment.etc."containers/registries.conf" = {
    mode="0644";
    text=''
      [registries.search]
      registries = ['docker.io', 'quay.io']
    '';
  };
}