{
    config,
    ...
}: {
    virtualisation = {
        libvirtd = {
            enable = true;
            onBoot = "ignore";
            qemu = {
                ovmf.enable = true;
                runAsRoot = false;
                swtpm.enable = true;
            };
        };
    };

    networking.firewall.trustedInterfaces = [ "virbr0" ];

    users.users.${config.myOptions.other.system.username} = {
        extraGroups = [ "libvirtd" ];
    };

}