{pkgs, ...}: {
  environment.systemPackages = with pkgs; [
    virt-manager
    dnsmasq
    virtiofsd
  ];
  programs.virt-manager.enable = true;
  virtualisation.libvirtd = {
    enable = true;
    qemu = {
      package = pkgs.qemu_kvm;
      runAsRoot = true;
      swtpm.enable = true;
      # ovmf = {
      #   enable = true;
      #   packages = [
      #     (pkgs.OVMF.override {
      #       secureBoot = true;
      #       tpmSupport = true;
      #     }).fd
      #   ];
      # };
    };
  };
  users.users.js0ny = {
    extraGroups = ["libvirtd"];
  };
  networking.firewall.trustedInterfaces = ["virbr0"];
  virtualisation.spiceUSBRedirection.enable = true;
}