nixos-config/modules/system/services/general/libvirtd/default.nix

{ config, lib, pkgs, ... }:
{
  config = lib.mkIf config.virtualisation.libvirtd.enable {
    virtualisation.libvirtd = {
      onBoot = "ignore";
      onShutdown = "shutdown";
      qemu = {
        ovmf = {
          enable = true;
          packages = with pkgs; [ OVMFFull.fd ];
        };
        vhostUserPackages = with pkgs; [ virtiofsd ];
        swtpm.enable = true;
      };
    };

    programs.virt-manager.enable = true;

    networking.firewall.trustedInterfaces = [
      "virbr0"
      "virbr1"
    ];

    systemd.tmpfiles.rules = [ "f /dev/shm/looking-glass 0660 - libvirtd -" ];

    environment.persistence."/persist".directories = [
      "/var/lib/libvirt/dnsmasq"
      "/var/lib/libvirt/nwfilter"
      "/var/lib/libvirt/qemu"
      "/var/lib/libvirt/secrets"
      "/var/lib/libvirt/storage"
      "/var/lib/libvirt/swtpm"
    ];
  };
}