{ pkgs, lib, config, ... }:
let
  inherit (config.users) users;
  domain = config.networking.domain;
in
{
networking.nftables.ruleset = ''
  add rule inet filter net2fw udp dport 64738 counter accept comment "Murmur"
  add rule inet filter net2fw tcp dport 64738 counter accept comment "Murmur"
'';
users.groups.acme.members = [ users."murmur".name ];
security.acme.certs."${domain}" = {
  postRun = "systemctl reload murmur";
};
systemd.services.murmur = {
  wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
  after = [ "acme-selfsigned-${domain}.service" ];
};
services.murmur = {
  enable = true;
  welcometext = ''
    Bienvenue sur mumble.sourcephile.fr
    Avant de commencer à parler, rejoignez un salon ou bien créez en un nouveau !
  '';
  bonjour = false;
  registerName = "sourcephile";
  registerHostname = "mumble.${domain}";
  #registerUrl = "https://${domain}";
  #registerLocation = "FR";
  allowHtml = true;
  users = 42;
  sslKey = "/var/lib/acme/${domain}/full.pem";
  extraConfig = ''
    username = "[A-Za-z0-9_-]{2,12}"
    channelnestinglimit = 10
    opusthreshold = 50
  '';
};
}