diff --git a/profiles/virtualisation.nix b/profiles/virtualisation.nix
index ac8f1b8..6b26de2 100644
--- a/profiles/virtualisation.nix
+++ b/profiles/virtualisation.nix
@@ -49,10 +49,14 @@ with config.deviceSpecific; {
         qemu = {
           ovmf.enable = true;
           ovmf.packages = [
-            pkgs.OVMFFull.fd
+            (pkgs.OVMFFull.override {
+              secureBoot = true;
+              tpmSupport = true;
+            }).fd
             pkgs.pkgsCross.aarch64-multiplatform.OVMF.fd
           ];
           runAsRoot = false;
+          swtpm.enable = true;
         };
         onBoot = "ignore";
         onShutdown = "shutdown";
@@ -61,6 +65,12 @@ with config.deviceSpecific; {
       spiceUSBRedirection.enable = true;
     };
 
+    users.users."qemu-libvirtd" = {
+      extraGroups =
+        lib.optionals (!config.virtualisation.libvirtd.qemu.runAsRoot)
+        [ "kvm" "input" ];
+    };
+
     security.unprivilegedUsernsClone = true;
 
     home-manager.users.${config.mainuser} = {
@@ -68,6 +78,12 @@ with config.deviceSpecific; {
         [storage]
         driver = "overlay2"
       '';
+      home.file.".config/libvirt/libvirt.conf".text = ''
+        uri_default = "qemu:///system"
+      '';
+      home.packages = lib.mkIf (!isServer) [
+        pkgs.virt-manager
+      ];
     };
 
     # users.users.${config.mainuser} = {