{
  config,
  pkgs,
  ...
}: {
  networking.firewall.allowedTCPPorts = [4222];

  containers."libvirt-container" = {
    autoStart = true;

    bindMounts."/dev/kvm" = {
      hostPath = "/dev/kvm";
      isReadOnly = false;
    };

    allowedDevices = [
      {
        node = "/dev/kvm";
        modifier = "rw";
      }
      {
        node = "/dev/net/tun";
        modifier = "rw";
      }
      {
        node = "/dev/vnet*";
        modifier = "rw";
      }
    ];

    forwardPorts = [
      {
        hostPort = 4222;
      }
    ];

    enableTun = true;

    #extraFlags = [ "-U" ];

    config = {
      config,
      pkgs,
      ...
    }: {
      networking.firewall.enable = false;

      virtualisation.libvirtd.enable = true;
      security.polkit.enable = true;

      services.openssh = {
        enable = true;
        ports = [4222];
      };

      users.users.root = {
        openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"];
      };

      system.stateVersion = "22.11";
    };
  };
}