{ config, lib, pkgs, ... }:
{
  options.system.libvirtd = {
    enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = "Enable libvirtd and such";
    };
  };

  config = lib.mkIf config.system.libvirtd.enable {
    virtualisation = {
      libvirtd = {
        enable = true;
        onBoot = "ignore";
        onShutdown = "shutdown";
        qemu = {
          ovmf = {
            enable = true;
            packages = [
              pkgs.OVMFFull.fd
              pkgs.pkgsCross.aarch64-multiplatform.OVMF.fd
            ];
          };
          swtpm.enable = true;
        };
      };
    };

    environment.systemPackages = with pkgs; [
      virt-manager
      virtiofsd
      dnsmasq
      spice-vdagent
      looking-glass-client
    ];

    # Needed to make NAT work
    networking.firewall.trustedInterfaces = [
      "virbr0"
      "virbr1"
    ];

    systemd.tmpfiles.rules = [ "f /dev/shm/looking-glass 0660 jimbo libvirtd -" ];
  };
}