diff --git a/roles/kvm/files/kvm.conf b/roles/kvm/files/kvm.conf
new file mode 100644
index 0000000..679c3a6
--- /dev/null
+++ b/roles/kvm/files/kvm.conf
@@ -0,0 +1 @@
+options kvm_intel nested=1
diff --git a/roles/kvm/tasks/main.yml b/roles/kvm/tasks/main.yml
index 18c961c..ffacac7 100644
--- a/roles/kvm/tasks/main.yml
+++ b/roles/kvm/tasks/main.yml
@@ -50,3 +50,24 @@
   template:
     src: libvirt-default-uri.sh
     dest: /etc/profile.d/libvirt-default-uri.sh
+
+- name: Allow libvirt-qemu to access images
+  lineinfile:
+    line: "{{ item }}"
+    dest: "/etc/apparmor.d/abstractions/libvirt-qemu"
+  with_items:
+    - "  /var/lib/libvirt/qemu/channel/target/* rw,"
+    - "  /var/lib/libvirt/images/* rwk,"
+
+- name: Enable libvirt default network
+  shell:
+    cmd: virsh --connect=qemu:///system net-autostart default
+
+- name: Enable nested virtualization and reboot
+  copy:
+    src: kvm.conf
+    dest: /etc/modprobe.d/kvm.conf
+    mode: 0644
+  notify:
+    - reboot
+  when: ansible_system_vendor != "QEMU"