diff --git a/faucet/libvirt/default.nix b/faucet/libvirt/default.nix
new file mode 100644
index 00000000..4147a975
--- /dev/null
+++ b/faucet/libvirt/default.nix
@@ -0,0 +1,30 @@
+{ pkgs
+, lib
+, config
+, ... }: with lib; let
+  cfg = config.faucet.libvirt;
+in {
+  options.faucet.libvirt = {
+    enable = mkEnableOption "libvirt virtualisation daemon" // { default = true; };
+  };
+
+  config = mkIf cfg.enable {
+    virtualisation.libvirtd = {
+      enable = true;
+      qemu.runAsRoot = false;
+      qemu.swtpm.enable = true;
+
+      # disable as much implicit state as possible
+      onBoot = "ignore";
+      onShutdown = "shutdown";
+      parallelShutdown = 5;
+    };
+
+    # USB redirection requires a setuid wrapper
+    virtualisation.spiceUSBRedirection.enable = true;
+
+    environment.persistence."/nix/persist/fhs".directories = [
+      "/var/lib/libvirt"
+    ];
+  };
+}