feat: improve qemu config

SwarselSystems.org

@@ -3068,7 +3068,7 @@ This ensures that all user-configuration happens here in the config file.
         isNormalUser = true;
         description = "Leon S";
         hashedPasswordFile = lib.mkIf (!config.swarselsystems.initialSetup) config.sops.secrets.swarseluser.path;
-        extraGroups = [ "networkmanager" "syncthing" "docker" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ];
+        extraGroups = [ "networkmanager" "syncthing" "docker" "wheel" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ];
         packages = with pkgs; [ ];
       };
     };
@@ -6063,17 +6063,21 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9
       };
     };
 
+    networking.firewall.trustedInterfaces = [ "virbr0" ];
+
     virtualisation = {
       docker.enable = true;
+      spiceUSBRedirection.enable = true;
       libvirtd = {
         enable = true;
         qemu = {
           package = pkgs.qemu_kvm;
           runAsRoot = true;
           swtpm.enable = true;
+          vhostUserPackages = with pkgs; [ virtiofsd ];
           ovmf = {
             enable = true;
-            packages = [(pkgs.OVMF.override {
+            packages = [(pkgs.OVMFFull.override {
               secureBoot = true;
               tpmSupport = true;
             }).fd];
@@ -6094,10 +6098,21 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9
       libisoburn
       govc
       terraform
+
+      # vm
+      virt-manager
+      virt-viewer
+      virtiofsd
+      spice
+      spice-gtk
+      spice-protocol
+      win-virtio
+      win-spice
     ];
 
 
     services = {
+      spice-vdagentd.enable = true;
       openssh = {
         enable = true;
         extraConfig = ''