{ config, lib, ... }:
{
  virtualisation = {
    docker.enable = true;
    spiceUSBRedirection.enable = config.my.virtualisation.enable;
    libvirtd = lib.mkIf config.my.virtualisation.enable {
      enable = true;
      qemu = {
        swtpm.enable = true;
        runAsRoot = false;
      };
      onShutdown = "shutdown";
      nss.enableGuest = true;
    };
  };
}