diff --git a/machines/metis/default.nix b/machines/metis/default.nix
index 86a5e9b..058a4a2 100644
--- a/machines/metis/default.nix
+++ b/machines/metis/default.nix
@@ -46,6 +46,9 @@
     # enable wireguard
     wireguard.enable = true;
 
+    # enable podman
+    container.podman.enable = true;
+
     # user setup
     users = {
       enable = true;
@@ -89,6 +92,9 @@
       externalInterface = "ens3";
       internalInterfaces = ["wg-stelnet"];
     };
+
+    # port for podman container
+    firewall.allowedTCPPorts = [8888];
   };
   system.stateVersion = "22.05";
 }
diff --git a/modules/container.nix b/modules/container.nix
new file mode 100644
index 0000000..b99b010
--- /dev/null
+++ b/modules/container.nix
@@ -0,0 +1,22 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
+  options.elss.container.podman.enable = mkEnableOption "enable podman dockerisation";
+
+  config = let
+    cfg = config.elss.container.podman;
+  in
+    mkIf cfg.enable {
+      virtualisation = {
+        podman = {
+          enable = true;
+          dockerCompat = true;
+          defaultNetwork.settings.dns_enabled = true;
+        };
+      };
+    };
+}