{
  lib,
  pkgs,
  config, 
  ...
}: {
  boot.kernelModules = lib.mkAfter ["tun"];
  environment.systemPackages = with pkgs; [
    qemu
    qemu_kvm
    virtiofsd
  ];

  services = {
    udev.extraRules = ''
      SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660"
      KERNEL=="tun", GROUP="kvm", MODE="0660"
    '';
    spice-vdagentd.enable = true;
    resolved.enable = true;
  };

  virtualisation.libvirtd = {
    enable = true;
    qemu = 
      if lib.versionOlder config.system.nixos.release "25.11"
      then {
        ovmf.enable = true;
        ovmf.packages = [pkgs.OVMFFull.fd];
        runAsRoot = false;
        swtpm.enable = true;
      } else {
        runAsRoot = false;
        swtpm.enable = true;
    };
  };



  users.users.lomig.extraGroups = ["libvirtd" "kvm" "input"];

  environment.etc."qemu/bridge.conf".text = ''
    allow br0
  '';

  security.wrappers.qemu-bridge-helper = lib.mkForce {
    source = "${pkgs.qemu}/libexec/qemu-bridge-helper";
    owner = "root";
    group = "kvm";
    setuid = true ;
    permissions = "u+rwx,g+rx,o+rx";
  };
}
# vim: set ts=2 sw=2 sts=2 et :