{
  config,
  lib,
  pkgs,
  ...
}:

with lib;
mkIf (elem "virt-manager" config.machine.services) {
  virtualisation.libvirtd.enable = true;
  programs.virt-manager.enable = true;
  dconf.settings = {
    "org/virt-manager/virt-manager/connections" = {
      autoconnect = [ "qemu:///system" ];
      uris = [ "qemu:///system" ];
    };
  };

  services.nfs.server.enable = true;

  # rule for vagrant virtualbox provider.
  networking.firewall.extraCommands = lib.optionalString (config.virtualisation.virtualbox.host.enable) ''
    ip46tables -I INPUT 1 -i vboxnet+ -p tcp -m tcp --dport 2049 -j ACCEPT
  '';

  # Add firewall exception for libvirt provider when using NFSv4
  networking.firewall.interfaces."virbr1" = {
    allowedTCPPorts = [ 2049 ];
    allowedUDPPorts = [ 2049 ];
  };

  environment = {
    systemPackages = with pkgs; [
      vagrant
    ];
    variables.VAGRANT_DEFAULT_PROVIDER = "libvirt";
  };
}