{ pkgs, ... }:
{

  # Enable UEFI support
  systemd.tmpfiles.rules = [ "L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware" ];

  # Allow virtualising off-architecture systems
  boot.binfmt.emulatedSystems = [
    "aarch64-linux"
    "riscv64-linux"
  ];

  programs.virt-manager.enable = true;
  virtualisation.libvirtd = {
    enable = true;
    qemu = {
      swtpm.enable = true;
    };
  };

  networking.firewall.trustedInterfaces = [ "virbr0" ];

  environment.systemPackages = [
    pkgs.qemu
    pkgs.quickemu
    pkgs.dnsmasq # Required by virt-manager
  ];
}