Success with Gitlab-Runner with Podman or Docker?

Has anyone had success with gitlab-runner as a shell executor that runs docker or podman? If so, would you mind sharing your configuration?

If I test my project using Docker, I run into issues during the job teardown because the container creates files owned by root and then the gitlab-runner doesn’t have permission to delete them. All the recommendations I’ve read for that problem are to use Podman.

If I test my project with Podman, I just run into deeper, more confusing issues like:
potentially insufficient UIDs or GIDs available in user namespace

msg="running /run/wrappers/bin/newuidmap 3249 0 1002 1 1 100000 165536: newuidmap: write to uid_map failed: Operation not permitted\n"

msg="set sticky bit on: chmod /run/user/1002/libpod: read-only file system"

Part of this seems to be because podman running under the gitlab-runner service doesn’t have proper permissions but errors like these (to me) indicate that something is fundamentally wrong with my approach.

In case it’s helpful for any future me’s, I was able to get things working through docker. I was hoping to find a NixOS configuration based solution but after a lot of trial and error, I just got things working at the command line by setting the uid/gid and the user home directory.
Something like:

docker run --rm 
  -u `stat -c "%u:%g" ${CI_PROJECT_DIR}`  
  -e HOME=/tmp 
  -v ${CI_PROJECT_DIR}:/app
  ci-tests