{ config, pkgs, ... }:
{
  virtualisation = {
    libvirtd = {
      enable = true;
      qemu = {
        swtpm.enable = true;
        ovmf.packages = [ pkgs.OVMFFull.fd ];
      };
    };

    spiceUSBRedirection.enable = true;
  };

  systemd.services = {
    libvirtd.after = [ "NetworkManager.service" ];

    libvirtd-network-default = {
      description = "Start Default Virtual Network for Libvirt";
      script = "${config.virtualisation.libvirtd.package}/bin/virsh net-start default";
      preStop = "${config.virtualisation.libvirtd.package}/bin/virsh net-destroy default";
      serviceConfig = {
        Type = "oneshot";
        RemainAfterExit = true;
      };
      wantedBy = [ "libvirtd.service" ];
      after = [ "libvirtd.service" ];
    };
  };

  environment = {
    systemPackages = [ config.virtualisation.libvirtd.qemu.swtpm.package ];
    etc = {
      "ovmf/edk2-x86_64-secure-code.fd".source =
        "${config.virtualisation.libvirtd.qemu.package}/share/qemu/edk2-x86_64-secure-code.fd";
      "ovmf/edk2-i386-vars.fd".source =
        "${config.virtualisation.libvirtd.qemu.package}/share/qemu/edk2-i386-vars.fd";
    };
    persistence."/persist/state"."/var/lib/libvirt" = { };
  };

  programs.virt-manager.enable = true;
}