{ pkgs, ... }: 
let
  cids = import ../modules/staticids.nix;
  json = pkgs.formats.json { };

  update-containers = pkgs.writeShellScriptBin "update-containers" ''
    SUDO=""
    if [[ $(id -u) -ne 0 ]]; then
      SUDO="sudo"
    fi

      images=$($SUDO ${pkgs.podman}/bin/podman ps -a --format="{{.Image}}" | sort -u)

      for image in $images
      do
        $SUDO ${pkgs.podman}/bin/podman pull $image
      done
  '';
in {
  users.groups.podman.gid = cids.gids.podman;
  virtualisation = {
    # containers.containersConf.settings = {
    #   containers.dns_servers = [ "10.42.97.1" ];
    # };
    podman = {
      enable = true;
      dockerCompat = true;
      # defaultNetwork.settings = {
      #   dns_enabled = true; # Enable DNS resolution in the podman network.
      # };
    };
  };

  environment.etc."containers/networks/server.json" = {
    source = json.generate "server.json" ({
      name = "server";
      id = "d3a55d6bcc28571c124b4e65cdf1831339045d296858f79e7130fa70da9c0904";
      driver = "bridge";
      network_interface = "server";
      ipv6_enabled = false;
      internal = false;
      dns_enabled = false;
      subnets = [
        {
          subnet = "10.42.97.0/24";
          gateway = "10.42.97.1";
        }
      ];
      ipam_options = {
        driver = "host-local";
      };
    });
  };

  systemd.timers = {
    # ...
    updatecontainers = {
      timerConfig = {
        Unit = "updatecontainers.service";
        OnCalendar = "02:00";
      };
      wantedBy = [ "timers.target" ];
    };
    # ...
  };

  systemd.services = {
    # ...
    updatecontainers = {
      serviceConfig = {
        Type = "oneshot";
        ExecStart = "${update-containers}/bin/update-containers";
      };
    };
    # ...
  };
}