{ config, ... }:
let
  inherit (config.users) users;
  domain = config.networking.domain;
in
{
  networking.nftables.ruleset = ''
    table inet filter {
      chain input-net {
        meta l4proto { udp, tcp } th dport 64738 counter accept comment "Murmur"
      }
    }
  '';
  users.groups.acme.members = [ users."murmur".name ];
  security.acme.certs."${domain}" = {
    postRun = "systemctl try-restart --no-block murmur";
  };
  systemd.services.murmur = {
    wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service" ];
    after = [ "acme-selfsigned-${domain}.service" ];
  };
  services.murmur = {
    enable = true;
    welcometext = ''
      Bienvenue sur mumble.sourcephile.fr
      Avant de commencer à parler, rejoignez un salon ou bien créez en un nouveau !
    '';
    bonjour = false;
    registerName = "sourcephile";
    registerHostname = "mumble.${domain}";
    #registerUrl = "https://${domain}";
    #registerLocation = "FR";
    allowHtml = true;
    users = 42;
    sslKey = "/var/lib/acme/${domain}/full.pem";
    extraConfig = ''
      username = "[A-Za-z0-9_-]{2,12}"
      channelnestinglimit = 10
      opusthreshold = 50
    '';
  };
}