{ config, pkgs, home-manager, ... }:

{
  virtualisation = {
    libvirtd = {
      enable = true;
      qemu.swtpm.enable = true;
    };
    spiceUSBRedirection.enable = true;
    docker = {
      rootless = {
        enable = true;
        setSocketVariable = true;
      };
      # Use journald for logging for better integration with system logs
      extraOptions = "--log-driver=journald";
      # Optional: configure daemon settings as needed (e.g., registry mirrors, storage drivers)
      # settings = {
      #   "registry-mirrors" = [ "https://mirror.gcr.io" ];
      # };
    };
  };

  services.spice-vdagentd.enable = true;

  environment.systemPackages = with pkgs; [
    virt-manager   # optional GUI for libvirt, not required for Quickemu
    virt-viewer    # gives remote-viewer
    spice-gtk
    spice-protocol
    virtio-win
    win-spice
    quickemu
    docker
  ];

  environment.sessionVariables.LIBVIRT_DEFAULT_URI = [ "qemu:///system" ];

  boot.kernelModules = [ "bridge" ];

  # Enable network-online.target
  systemd.services.network-online = {
    enable = true;
    wantedBy = [ "network.target" ];
  };

  # Tie services to network-online.target
  systemd.services.libvirtd = {
    after = [ "network-online.target" ];
    wants = [ "network-online.target" ];
  };

  # Optional: Add a debug hook
  systemd.services.network-debug = {
    description = "Log network status";
    serviceConfig = {
      # Use bash and provide full paths for commands
      ExecStart = "${pkgs.bash}/bin/bash -c '${pkgs.iproute2}/bin/ip a && journalctl -u network.target'";
      Type = "oneshot";
    };
    wantedBy = [ "network-online.target" ];
  };

  virtualisation.libvirtd.allowedBridges = [ "br0" ];
}