nixos-vps/modules/podman.nix

# Podman Module
# Provides: Rootless container runtime configuration
{
  config,
  lib,
  pkgs,
  ...
}:

let
  cfg = config.myModules.podman;
  mainUser = config.myModules.system.mainUser;
in
{
  options.myModules.podman = {
    enable = lib.mkEnableOption "Podman container runtime";
  };

  config = lib.mkIf cfg.enable {
    virtualisation.podman = {
      enable = true;
      dockerCompat = true;
      defaultNetwork.settings.dns_enabled = true;
    };

    # Enable OCI containers (quadlet/podman containers)
    virtualisation.oci-containers.backend = "podman";

    # Give main user access to podman
    users.users.${mainUser}.extraGroups = [ "podman" ];

    # Enable IP forwarding for container networking
    boot.kernel.sysctl = {
      "net.ipv4.ip_forward" = 1;
      "net.ipv6.conf.all.forwarding" = 1;
    };
  };
}