From 84ecbc9a19eed41e3602dccb22a590dcf93a857f Mon Sep 17 00:00:00 2001
From: Graham Christensen <graham@grahamc.com>
Date: Wed, 8 Jul 2020 18:35:15 -0400
Subject: [PATCH] libvirtd: don't start libvirtd-tcp.socket by default

Per upstream:

> libvirtd-tcp.socket - the unit file corresponding to the TCP 16509
> port for non-TLS remote access. This socket should not be configured
> to start on boot until the administrator has configured a suitable
> authentication mechanism.
---
 nixos/modules/virtualisation/libvirtd.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/virtualisation/libvirtd.nix b/nixos/modules/virtualisation/libvirtd.nix
index 43b5fcfa8fae..1d6a9457dde4 100644
--- a/nixos/modules/virtualisation/libvirtd.nix
+++ b/nixos/modules/virtualisation/libvirtd.nix
@@ -265,8 +265,8 @@ in {
       restartIfChanged = false;
     };
 
-    systemd.sockets.libvirtd    .wantedBy = [ "sockets.target" ];
-    systemd.sockets.libvirtd-tcp.wantedBy = [ "sockets.target" ];
+    # https://libvirt.org/daemons.html#monolithic-systemd-integration
+    systemd.sockets.libvirtd.wantedBy = [ "sockets.target" ];
 
     security.polkit.extraConfig = ''
       polkit.addRule(function(action, subject) {