{
    config,
    ...
}: let
    inherit (config.poz.other.system) username;
in {
    virtualisation = {
        libvirtd = {
            enable = true;
            onBoot = "ignore";
            qemu = {
                ovmf.enable = true;
                runAsRoot = false;
                swtpm.enable = true;
            };
        };
    };

    networking.firewall.trustedInterfaces = [ "virbr0" ];

    users.users.${username} = {
        extraGroups = [ "libvirtd" ];
    };
}