nix/modules/nixos/virtualisation/kvm/default.nix

{ config, lib, pkgs, ... }: {
  options.snowflake.virtualisation.kvm.enable =
    lib.mkEnableOption "enable kvm vms";
  options.snowflake.virtualisation.kvm.ovmf.enable =
    lib.mkEnableOption "enable ovmf module for vms";

  config = lib.mkIf config.snowflake.virtualisation.kvm.enable {

    # to enable nested virtualization
    boot.extraModprobeConfig = ''
      options kvm_intel nested=1
      options kvm_intel emulate_invalid_guest_state=0
      options kvm ignore_msrs=1
    '';

    virtualisation = {
      libvirtd = {
        enable = true;
        qemu = {
          package = pkgs.qemu_kvm;
          runAsRoot = true;
          swtpm.enable = true;
          ovmf = lib.mkIf config.snowflake.virtualisation.kvm.ovmf.enable {
            enable = true;
            packages = [
              (pkgs.OVMF.override {
                secureBoot = true;
                tpmSupport = true;
              }).fd
            ];
          };
        };
      };
    };
    programs.virt-manager.enable = true;
  };
}