diff --git a/dev/host_vars/podman.yml b/dev/host_vars/podman.yml
new file mode 100644
index 0000000..e9a8ba2
--- /dev/null
+++ b/dev/host_vars/podman.yml
@@ -0,0 +1,14 @@
+# base
+allow_reboot: false
+manage_network: false
+
+users:
+  kris:
+    uid: 1001
+    gid: 1001
+    home: true
+
+# podman
+user_namespaces:
+  - kris
+
diff --git a/dev/podman.yml b/dev/podman.yml
new file mode 100644
index 0000000..21ea295
--- /dev/null
+++ b/dev/podman.yml
@@ -0,0 +1,8 @@
+- name: Install Podman server
+  hosts: all
+  become: true
+  vars_files:
+    - host_vars/podman.yml
+  roles:
+    - base
+    - podman
diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml
index eece998..f6d3692 100644
--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@@ -16,10 +16,12 @@
     regex: "^bind-address"
     line: "bind-address            = {{ ansible_facts.docker0.ipv4.address }}"
   notify: restart_mariadb
+  when: ansible_facts.docker0 is defined
 
 - name: Flush handlers to ensure MariaDB restarts immediately
   ansible.builtin.meta: flush_handlers
   tags: restart_mariadb
+  when: ansible_facts.docker0 is defined
 
 - name: Allow database connections from Docker
   community.general.ufw:
diff --git a/roles/podman/tasks/main.yml b/roles/podman/tasks/main.yml
new file mode 100644
index 0000000..fac30bc
--- /dev/null
+++ b/roles/podman/tasks/main.yml
@@ -0,0 +1,62 @@
+- name: Install Podman
+  ansible.builtin.apt:
+    name: ["podman", "podman-compose", "podman-docker"]
+    state: present
+
+- name: Get user info for namespace users
+  ansible.builtin.getent:
+    database: passwd
+    key: "{{ item }}"
+  loop: "{{ user_namespaces }}"
+  register: user_info
+
+- name: Configure /etc/subuid for rootless users
+  ansible.builtin.lineinfile:
+    path: "/etc/subuid"
+    line:
+      "{{ item.item }}:{{ 100000 +
+      ((item.ansible_facts.getent_passwd[item.item][1] | int - 1000) * 65536)
+      }}:65536"
+    regexp: "^{{ item.item }}:"
+    create: true
+    backup: true
+    mode: "0644"
+  loop: "{{ user_info.results }}"
+
+- name: Configure /etc/subgid for rootless users
+  ansible.builtin.lineinfile:
+    path: "/etc/subgid"
+    line:
+      "{{ item.item }}:{{ 100000 +
+      ((item.ansible_facts.getent_passwd[item.item][1] | int - 1000) * 65536)
+      }}:65536"
+    regexp: "^{{ item.item }}:"
+    create: true
+    backup: true
+    mode: "0644"
+  loop: "{{ user_info.results }}"
+
+- name: Create nodocker file to disable Docker CLI emulation message
+  ansible.builtin.file:
+    path: /etc/containers/nodocker
+    state: touch
+    owner: root
+    group: root
+    mode: "0644"
+
+- name: Create global containers config directory
+  ansible.builtin.file:
+    path: /etc/containers
+    state: directory
+    mode: "0755"
+
+- name: Configure global containers.conf for rootless
+  ansible.builtin.copy:
+    content: |
+      [engine]
+      cgroup_manager = "cgroupfs"
+      events_logger = "journald"
+      runtime = "crun"
+    dest: /etc/containers/containers.conf
+    mode: "0644"
+    backup: true