{
  pkgs,
  lib,
  config,
  ...
}: {
  systemd.targets.machines.enable = true;
  systemd.nspawn."allods" = {
    enable = true;
    execConfig = { 
      Boot = true; 
      CapabilityBoundingSet = "";
      PrivateUsers = true;	    
    };

    filesConfig = { BindReadOnly = [ "/etc/resolv.conf:/etc/resolv.conf" ]; };
    networkConfig = { Private = false; };
  };
  systemd.services."systemd-nspawn@allods" = {
    enable = true;
    requiredBy = [ "machines.target" ];
    overrideStrategy = "asDropin";
  };
}