{ pkgs, ... }:
{
  environment.systemPackages = with pkgs; [
    podman-compose
    docker-compose
    dnsmasq
    bridge-utils
    flex
    bison
    iptables
    libguestfs
  ];

  programs.virt-manager.enable = true;
  virtualisation = {
    podman = {
      enable = true;
      dockerCompat = false;
      defaultNetwork.settings.dns_enabled = true;
    };

    docker = {
      enable = true;
      rootless = {
        enable = true;
	setSocketVariable = true;
      };
    };

    # enable libvirt
    libvirtd = {
      enable = true;
      qemu = {
        package = pkgs.qemu_kvm;
        runAsRoot = true;
        swtpm.enable = true;
        ovmf = {
          enable = true;
          packages = [(pkgs.OVMF.override {
            secureBoot = true;
            tpmSupport = true;
          }).fd];
        };
      };
    };
  };
  
  users.users.caleb = {
    extraGroups = [ "libvirtd" ];
  };

  # bluebubbles container as a systemd service
  virtualisation.oci-containers = {
    backend = "podman";
    containers = {
      bluebubbles = {
        autoStart = false; # todo
	ports = [
	  "5999:5999"
	  "1234:1234"
	  "50922:10022"
	];
	volumes = [ 
	  "/tmp/.X11-unix:/tmp/.X11-unix"
	  "/home/caleb/bluebubbles/maindisk.qcow2:/image"
	  "/home/caleb/bluebubbles/bootdisk.qcow2:/bootdisk"
	];
	environment = {
	  IMAGE_PATH="/image";
	  BOOTDISK="/bootdisk";
	  EXTRA="-display none -vnc 0.0.0.0:99,password-secret=secvnc0 -object secret,id=secvnc0,data=vncpass";
	  ADDITIONAL_PORTS="hostfwd=tcp::1234-:1234,";
	  DISPLAY=":99";
	  WIDTH="1920";
	  HEIGHT="1080";
	  NOPICKER="true";
	};
	image = "sickcodes/docker-osx:naked";
      };
    };
  };
}