{
  lib,
  pkgs,
  ...
}: {
  boot.kernelModules = lib.mkAfter ["tun"];
  environment.systemPackages = with pkgs; [
    qemu_kvm
    virtiofsd
  ];

  services = {
    udev.extraRules = ''
      SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660"
    '';
    spice-vdagentd.enable = true;
    resolved.enable = true;
  };

  virtualisation.libvirtd = {
    enable = true;
    qemu = {
      swtpm.enable = true;
      ovmf.enable = true;
      ovmf.packages = [pkgs.OVMFFull.fd];
      runAsRoot = false;
    };
  };

  users.users.lomig.extraGroups = ["libvirtd" "kvm" "input"];
  networking = {
    useDHCP = false;
  };

  systemd.network.networks."10-br0" = {
    matchConfig.Name = "br0";
    networkConfig.DHCP = "yes";
  };

  environment.etc."qemu/bridge.conf".text = ''
    allow br0
  '';
}
# vim: set ts=2 sw=2 sts=2 et :