nix-conf/system/modules/virtualization.nix

{ username }:
{
  pkgs,
  config,
  ...
}:

{
  programs.virt-manager.enable = true;
  users.groups.libvirtd.members = [ username ];

  virtualisation = {
    docker.enable = true;

    # Run container as systemd service
    oci-containers = {
      backend = "docker";
      containers = { };
    };

    libvirtd = {
      enable = true;
      qemu = {
        package = pkgs.qemu_kvm;
        swtpm.enable = true;
        ovmf.enable = true;
        ovmf.packages = [ pkgs.OVMFFull.fd ];
      };
    };

    spiceUSBRedirection.enable = true;
  };

  environment.etc = {
    "ovmf/edk2-x86_64-secure-code.fd" = {
      source = config.virtualisation.libvirtd.qemu.package + "/share/qemu/edk2-x86_64-secure-code.fd";
    };

    "ovmf/edk2-i386-vars.fd" = {
      source = config.virtualisation.libvirtd.qemu.package + "/share/qemu/edk2-i386-vars.fd";
    };
  };
}