diff --git a/hosts/common/default.nix b/hosts/common/default.nix
index 3d8a780..6ec0aad 100644
--- a/hosts/common/default.nix
+++ b/hosts/common/default.nix
@@ -8,6 +8,7 @@
     ./networking.nix
     ./nix.nix
     ./packages.nix
+    ./security.nix
     ./services.nix
     ./users.nix
     ./virtualisation.nix
diff --git a/hosts/common/security.nix b/hosts/common/security.nix
new file mode 100644
index 0000000..eec59af
--- /dev/null
+++ b/hosts/common/security.nix
@@ -0,0 +1,5 @@
+{ inputs, config, pkgs, lib, ... }:
+
+{
+  security.unprivilegedUsernsClone = true; # Needed for rootless podman
+}
diff --git a/hosts/common/virtualisation.nix b/hosts/common/virtualisation.nix
index 558fcc1..7854d5d 100644
--- a/hosts/common/virtualisation.nix
+++ b/hosts/common/virtualisation.nix
@@ -1,5 +1,9 @@
 { inputs, config, pkgs, lib, ... }:
 
 {
-  virtualisation.podman.enable = true;
+  virtualisation.podman = {
+    enable = true;
+    dockerCompat = true;
+    defaultNetwork.settings = { dns_enabled = true; };
+  };
 }
diff --git a/hosts/servers/alexandria/arr.nix b/hosts/servers/alexandria/arr.nix
index 823a194..e66a8c2 100644
--- a/hosts/servers/alexandria/arr.nix
+++ b/hosts/servers/alexandria/arr.nix
@@ -5,7 +5,7 @@
     bazarr = {
       enable = true;
       user = "user";
-      group = "hosted";
+      group = "user";
     };
 
     jackett.enable = true;