Rootless podman, finally

hosts/common/default.nix

@@ -8,6 +8,7 @@
     ./networking.nix
     ./nix.nix
     ./packages.nix
+    ./security.nix
     ./services.nix
     ./users.nix
     ./virtualisation.nix

hosts/common/security.nix

@@ -0,0 +1,5 @@
+{ inputs, config, pkgs, lib, ... }:
+
+{
+  security.unprivilegedUsernsClone = true; # Needed for rootless podman
+}

hosts/common/virtualisation.nix

@@ -1,5 +1,9 @@
 { inputs, config, pkgs, lib, ... }:
 
 {
-  virtualisation.podman.enable = true;
+  virtualisation.podman = {
+    enable = true;
+    dockerCompat = true;
+    defaultNetwork.settings = { dns_enabled = true; };
+  };
 }