diff --git a/.config/emacs/init.el b/.config/emacs/init.el
index 187fe69..6668595 100644
--- a/.config/emacs/init.el
+++ b/.config/emacs/init.el
@@ -172,7 +172,9 @@
   :disabled t)
 
 (use-package docker
-  :bind ("C-c d" . docker))
+  :bind ("C-c d" . docker)
+  :custom
+  (docker-command "podman"))
 
 (use-package iedit)
 (use-package wgrep)
diff --git a/.config/setup/01-install-packages.sh b/.config/setup/01-install-packages.sh
index d30fe19..2d10bf4 100755
--- a/.config/setup/01-install-packages.sh
+++ b/.config/setup/01-install-packages.sh
@@ -14,7 +14,6 @@ DEB_PKGS=(
     cargo-doc
     curl
     direnv
-    docker.io
     emacs-mozc
     eza
     fcitx5-frontend-all
@@ -90,6 +89,7 @@ DEB_PKGS=(
 META_PKGS=(
     # keep-sorted start
     fonts-noto
+    podman-compose
     # keep-sorted end
 )
 
diff --git a/.config/setup/02-setup-packages.sh b/.config/setup/02-setup-packages.sh
index 53edb83..93b737f 100755
--- a/.config/setup/02-setup-packages.sh
+++ b/.config/setup/02-setup-packages.sh
@@ -1,7 +1,5 @@
 #! /usr/bin/sh
 
-sudo usermod --append --groups docker "${USER}"
-
 systemctl --user enable --now syncthing.service
 
 mkdir -p ~/Pictures/screenshots
diff --git a/.local/bin/pull-emacs-tide b/.local/bin/pull-emacs-tide
index 75606cb..37582d3 100755
--- a/.local/bin/pull-emacs-tide
+++ b/.local/bin/pull-emacs-tide
@@ -1,6 +1,6 @@
 #! /usr/bin/sh
 
-docker run \
+podman run \
        --rm \
        --volume /home/ohad/Sync/docker:/shared \
        emacs_compile:latest \
diff --git a/.local/bin/vaulter b/.local/bin/vaulter
index 957f8cb..fecf132 100755
--- a/.local/bin/vaulter
+++ b/.local/bin/vaulter
@@ -1,14 +1,14 @@
 #! /usr/bin/sh
 
-docker run --rm -ti \
+podman run --rm -ti \
     --env WAYLAND_DISPLAY \
     --env XDG_RUNTIME_DIR=/tmp \
     --hostname localhost \
+    --userns=keep-id \
     --mount type=bind,source="${XDG_RUNTIME_DIR}"/"${WAYLAND_DISPLAY}",target=/tmp/"${WAYLAND_DISPLAY}" \
     --mount type=bind,readonly=true,source="${HOME}"/.keys/vaults,target=/home/user/.age/key \
     --mount type=bind,readonly=true,source="${HOME}"/.keys/vaults.pub,target=/home/user/.age/key.pub \
     --mount type=bind,source="${HOME}"/Vaults,target=/home/user/Vaults \
     --network none \
-    --privileged=true \
     vaulter:latest \
     --execute '(set-frame-name "Vault Editor")'