{
  config,
  pkgs,
  lib,
  ...
}: {
  virtualisation.containers.enable = config.u.has.container;
  virtualisation = {
    podman = {
      enable = config.u.has.container;
      dockerCompat = true;
      defaultNetwork.settings.dns_enabled = true;
    };
  };
  virtualisation.libvirtd.enable = config.u.has.virt;
  virtualisation.libvirtd.package = pkgs.libvirt.overrideAttrs (old: {
    postPatch =
      old.postPatch
      + (
        let
          script = pkgs.writeShellApplication {
            name = "virt-secret-init-encryption-sh";
            runtimeInputs = [
              pkgs.coreutils
              pkgs.systemd
            ];
            text = ''exec ${pkgs.runtimeShell} "$@"'';
          };
        in ''
          substituteInPlace src/secret/virt-secret-init-encryption.service.in \
            --replace-fail /usr/bin/sh ${lib.getExe script}
        ''
      );
  });
  programs.virt-manager.enable = config.u.has.graphical && config.u.has.virt;
  programs.nix-ld.enable = true;
  hardware.graphics.enable32Bit = config.u.has.graphical && config.u.has.wine;
}