{ pkgs, ... }:
{
  virtualisation = {
    podman = {
      enable = true;
      defaultNetwork.settings.dns_enabled = true;
    };
    # docker = {
    #   enable = true;
    # };
    libvirtd = {
      enable = true;
      qemu = {
        runAsRoot = false;
        swtpm.enable = true;
        # ovmf.packages = [
        #   (pkgs.OVMF.override ({ tpmSupport = true; secureBoot = true; })).fd
        # ];
      };
    };
    spiceUSBRedirection.enable = true;
  };
  # allow libvirts internal network stuff
  networking.firewall.trustedInterfaces = [ "virbr0" ];
  programs.virt-manager.enable = true;
  environment.systemPackages = with pkgs; [
    virt-viewer
    podman-compose
  ];
  systemd.nspawn = {
    n1 = {
      networkConfig = {
        Private = true;
        VirtualEthernet = true;
        Bridge = "br0";
      };
    };
    n2 = {
      networkConfig = {
        Private = true;
        VirtualEthernet = true;
        Bridge = "br0";
      };
    };
  };
}