diff --git a/hosts/common/optional/vms.nix b/hosts/common/optional/vms.nix
index a82dbce..a8857e6 100644
--- a/hosts/common/optional/vms.nix
+++ b/hosts/common/optional/vms.nix
@@ -10,8 +10,19 @@
     "riscv64-linux"
   ];
 
+  programs.virt-manager.enable = true;
+  virtualisation.libvirtd = {
+    enable = true;
+    qemu = {
+      swtpm.enable = true;
+    };
+  };
+
+  networking.firewall.trustedInterfaces = [ "virbr0" ];
+
   environment.systemPackages = [
     pkgs.qemu
     pkgs.quickemu
+    pkgs.dnsmasq # Required by virt-manager
   ];
 }
diff --git a/hosts/common/users/primary/nixos.nix b/hosts/common/users/primary/nixos.nix
index 8302a24..e2c5708 100644
--- a/hosts/common/users/primary/nixos.nix
+++ b/hosts/common/users/primary/nixos.nix
@@ -5,14 +5,18 @@
   lib,
   pkgs,
   ...
-}: let
+}:
+let
   hostSpec = config.hostSpec;
   ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
 
   # Decrypt password to /run/secrets-for-users/ so it can be used to create the user
-  sopsHashedPasswordFile = lib.optionalString (!config.hostSpec.isMinimal) config.sops.secrets."passwords/${hostSpec.username}".path;
+  sopsHashedPasswordFile = lib.optionalString (
+    !config.hostSpec.isMinimal
+  ) config.sops.secrets."passwords/${hostSpec.username}".path;
   virtPass = pkgs.writeText "password" "$y$j9T$ZbQbNHUSFsePoP0X.TdwR/$.EKJWDSY7ZO/nqf4FxgUYA3a47CYAKLzaV7ZAy745R/";
-in {
+in
+{
   users = {
     mutableUsers = false; # Only allow declarative credentials; Required for password to be set via sops during system activation!
     users = {
@@ -21,9 +25,7 @@ in {
         home = "/home/${hostSpec.username}";
         isNormalUser = true;
         hashedPasswordFile =
-          if config.hostSpec.isVirtual
-          then builtins.toString virtPass
-          else sopsHashedPasswordFile;
+          if config.hostSpec.isVirtual then builtins.toString virtPass else sopsHashedPasswordFile;
         linger = true;
 
         extraGroups = lib.flatten [
@@ -38,7 +40,7 @@ in {
             "networkmanager"
             "scanner" # for print/scan"
             "lp" # for print/scan"
-            "vboxusers"
+            "libvirtd"
           ])
         ];
       };
diff --git a/hosts/nixos/Incarceron/default.nix b/hosts/nixos/Incarceron/default.nix
index 496f4c2..a472d2b 100644
--- a/hosts/nixos/Incarceron/default.nix
+++ b/hosts/nixos/Incarceron/default.nix
@@ -40,6 +40,7 @@
       "hosts/common/optional/keyd.nix"
       "hosts/common/optional/pentesting.nix"
       "hosts/common/optional/docker.nix"
+      "hosts/common/optional/vms.nix"
       "hosts/common/optional/printing.nix"
       "hosts/common/optional/gaming.nix"
       "modules/services/mesh/client.nix"