{
  pkgs,
  config,
  lib,
  ...
}:
with lib;
let
  cfg = config.eboskma.libvirtd;
in
{
  options.eboskma.libvirtd = {
    enable = mkEnableOption "libvirtd";
  };

  config = mkIf cfg.enable {
    virtualisation.libvirtd = {
      enable = true;
      allowedBridges = [ "br0" ];
    };

    systemd.network = {
      netdevs = {
        "40-br0" = {
          enable = true;
          netdevConfig = {
            Kind = "bridge";
            Name = "br0";
          };
          extraConfig = ''
            [Bridge]
            STP=yes
          '';
        };
      };

      networks = {
        "40-br0" = {
          enable = true;
          matchConfig = {
            Name = "br0";
          };
          linkConfig = {
            MACAddress = "04:d9:f5:f9:c2:c6";
          };
          networkConfig = {
            DHCP = "yes";
            IPv6PrivacyExtensions = "kernel";
          };
        };

        "40-enp4s0" = {
          enable = true;
          bridge = [ "br0" ];
          matchConfig = {
            Name = "enp4s0";
          };
          networkConfig = {
            DHCP = mkForce "no";
            IPv6PrivacyExtensions = "kernel";
          };
        };
      };
    };

    systemd.services.docker = {
      serviceConfig = {
        ExecStartPre = "${pkgs.iptables}/bin/iptables -I DOCKER-USER -i br0 -o br0 -j ACCEPT";
      };
    };
    users.users.${config.eboskma.var.mainUser}.extraGroups = [ "libvirtd" ];

    environment.systemPackages = with pkgs; [ virt-manager ];
  };
}