diff --git a/nixos/modules/virtualisation/podman/default.nix b/nixos/modules/virtualisation/podman/default.nix
index baca48305188..83ddba3ce06e 100644
--- a/nixos/modules/virtualisation/podman/default.nix
+++ b/nixos/modules/virtualisation/podman/default.nix
@@ -183,10 +183,6 @@ in
 
       systemd.packages = [ cfg.package ];
 
-      systemd.services.podman.serviceConfig = {
-        ExecStart = [ "" "${cfg.package}/bin/podman $LOGGING system service" ];
-      };
-
       systemd.services.podman-prune = {
         description = "Prune podman resources";
 
@@ -207,10 +203,6 @@ in
       systemd.sockets.podman.wantedBy = [ "sockets.target" ];
       systemd.sockets.podman.socketConfig.SocketGroup = "podman";
 
-      systemd.user.services.podman.serviceConfig = {
-        ExecStart = [ "" "${cfg.package}/bin/podman $LOGGING system service" ];
-      };
-
       systemd.user.sockets.podman.wantedBy = [ "sockets.target" ];
 
       systemd.tmpfiles.packages = [
diff --git a/pkgs/applications/virtualization/podman/default.nix b/pkgs/applications/virtualization/podman/default.nix
index 8f206666e408..287fa02df75f 100644
--- a/pkgs/applications/virtualization/podman/default.nix
+++ b/pkgs/applications/virtualization/podman/default.nix
@@ -14,10 +14,52 @@
 , go-md2man
 , nixosTests
 , python3
+, makeWrapper
+, symlinkJoin
+, extraPackages ? [ ]
+, runc
+, crun
+, conmon
+, slirp4netns
+, fuse-overlayfs
+, util-linux
+, iptables
+, iproute2
+, catatonit
+, gvproxy
+, aardvark-dns
+, netavark
 , testers
 , podman
 }:
+let
+  # do not add qemu to this wrapper, store paths get written to the podman vm config and break when GCed
 
+  binPath = lib.makeBinPath ([
+  ] ++ lib.optionals stdenv.isLinux [
+    runc
+    crun
+    conmon
+    slirp4netns
+    fuse-overlayfs
+    util-linux
+    iptables
+    iproute2
+  ] ++ extraPackages);
+
+  helpersBin = symlinkJoin {
+    name = "podman-helper-binary-wrapper";
+
+    # this only works for some binaries, others may need to be be added to `binPath` or in the modules
+    paths = [
+      gvproxy
+    ] ++ lib.optionals stdenv.isLinux [
+      aardvark-dns
+      catatonit # added here for the pause image and also set in `containersConf` for `init_path`
+      netavark
+    ];
+  };
+in
 buildGoModule rec {
   pname = "podman";
   version = "4.4.2";
@@ -38,9 +80,9 @@ buildGoModule rec {
 
   doCheck = false;
 
-  outputs = [ "out" "man" ] ++ lib.optionals stdenv.isLinux [ "rootlessport" ];
+  outputs = [ "out" "man" ];
 
-  nativeBuildInputs = [ pkg-config go-md2man installShellFiles python3 ];
+  nativeBuildInputs = [ pkg-config go-md2man installShellFiles makeWrapper python3 ];
 
   buildInputs = lib.optionals stdenv.isLinux [
     btrfs-progs
@@ -52,13 +94,16 @@ buildGoModule rec {
     systemd
   ];
 
+  HELPER_BINARIES_DIR = "${PREFIX}/libexec/podman"; # used in buildPhase & installPhase
+  PREFIX = "${placeholder "out"}";
+
   buildPhase = ''
     runHook preBuild
     patchShebangs .
     ${if stdenv.isDarwin then ''
       make podman-remote # podman-mac-helper uses FHS paths
     '' else ''
-      make bin/podman bin/rootlessport
+      make bin/podman bin/rootlessport bin/quadlet
     ''}
     make docs
     runHook postBuild
@@ -66,26 +111,22 @@ buildGoModule rec {
 
   installPhase = ''
     runHook preInstall
-    mkdir -p {$out/{bin,etc,lib,share},$man} # ensure paths exist for the wrapper
     ${if stdenv.isDarwin then ''
-      mv bin/{darwin/podman,podman}
+      install bin/darwin/podman -Dt $out/bin
     '' else ''
-      install -Dm644 contrib/tmpfile/podman.conf -t $out/lib/tmpfiles.d
-      for s in contrib/systemd/**/*.in; do
-        substituteInPlace "$s" --replace "@@PODMAN@@" "podman" # don't use unwrapped binary
-      done
-      PREFIX=$out make install.systemd
-      install -Dm555 bin/rootlessport -t $rootlessport/bin
+      make install.bin install.systemd
     ''}
-    install -Dm555 bin/podman -t $out/bin
-    PREFIX=$out make install.completions
-    MANDIR=$man/share/man make install.man
+    make install.completions install.man
+    mkdir -p ${HELPER_BINARIES_DIR}
+    ln -s ${helpersBin}/bin/* ${HELPER_BINARIES_DIR}
+    wrapProgram $out/bin/podman \
+      --prefix PATH : ${lib.escapeShellArg binPath}
     runHook postInstall
   '';
 
   postFixup = lib.optionalString stdenv.isLinux ''
-    RPATH=$(patchelf --print-rpath $out/bin/podman)
-    patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/podman
+    RPATH=$(patchelf --print-rpath $out/bin/.podman-wrapped)
+    patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/.podman-wrapped
   '';
 
   passthru.tests = {
diff --git a/pkgs/applications/virtualization/podman/wrapper.nix b/pkgs/applications/virtualization/podman/wrapper.nix
deleted file mode 100644
index 7fe483a7079e..000000000000
--- a/pkgs/applications/virtualization/podman/wrapper.nix
+++ /dev/null
@@ -1,78 +0,0 @@
-{ podman-unwrapped
-, runCommand
-, makeWrapper
-, symlinkJoin
-, lib
-, stdenv
-, extraPackages ? []
-, runc # Default container runtime
-, crun # Container runtime (default with cgroups v2 for podman/buildah)
-, conmon # Container runtime monitor
-, slirp4netns # User-mode networking for unprivileged namespaces
-, fuse-overlayfs # CoW for images, much faster than default vfs
-, util-linux # nsenter
-, iptables
-, iproute2
-, catatonit
-, gvproxy
-, aardvark-dns
-, netavark
-}:
-
-# do not add qemu to this wrapper, store paths get written to the podman vm config and break when GCed
-
-let
-  binPath = lib.makeBinPath ([
-  ] ++ lib.optionals stdenv.isLinux [
-    runc
-    crun
-    conmon
-    slirp4netns
-    fuse-overlayfs
-    util-linux
-    iptables
-    iproute2
-  ] ++ extraPackages);
-
-  helpersBin = symlinkJoin {
-    name = "${podman-unwrapped.pname}-helper-binary-wrapper-${podman-unwrapped.version}";
-
-    # this only works for some binaries, others may need to be be added to `binPath` or in the modules
-    paths = [
-      gvproxy
-    ] ++ lib.optionals stdenv.isLinux [
-      aardvark-dns
-      catatonit # added here for the pause image and also set in `containersConf` for `init_path`
-      netavark
-      podman-unwrapped.rootlessport
-    ];
-  };
-
-in runCommand podman-unwrapped.name {
-  name = "${podman-unwrapped.pname}-wrapper-${podman-unwrapped.version}";
-  inherit (podman-unwrapped) pname version passthru;
-
-  preferLocalBuild = true;
-
-  meta = builtins.removeAttrs podman-unwrapped.meta [ "outputsToInstall" ];
-
-  outputs = [
-    "out"
-    "man"
-  ];
-
-  nativeBuildInputs = [
-    makeWrapper
-  ];
-
-} ''
-  ln -s ${podman-unwrapped.man} $man
-
-  mkdir -p $out/bin
-  ln -s ${podman-unwrapped}/etc $out/etc
-  ln -s ${podman-unwrapped}/lib $out/lib
-  ln -s ${podman-unwrapped}/share $out/share
-  makeWrapper ${podman-unwrapped}/bin/podman $out/bin/podman \
-    --set CONTAINERS_HELPER_BINARY_DIR ${helpersBin}/bin \
-    --prefix PATH : ${lib.escapeShellArg binPath}
-''
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index d9c88b8fc2ce..c75b666d4847 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -11074,8 +11074,7 @@ with pkgs;
 
   pocketbase = callPackage ../servers/pocketbase { };
 
-  podman = callPackage ../applications/virtualization/podman/wrapper.nix { };
-  podman-unwrapped = callPackage ../applications/virtualization/podman { };
+  podman = callPackage ../applications/virtualization/podman { };
 
   podman-compose = python3Packages.callPackage ../applications/virtualization/podman-compose {};