{
  config,
  lib,
  ...
}: let
  cfg = config.vhack.murmur;
in {
  options.vhack.murmur = {
    enable = lib.mkEnableOption "murmur, a mumble server software";
    murmurStore = lib.mkOption {
      type = lib.types.str;
      default = "/var/lib/murmur";
      description = "The location of murmurs data dir.";
    };
    host = lib.mkOption {
      type = lib.types.str;
      description = "The domain murmur should be served on.";
      example = "mumble.vhack.eu";
    };
    url = lib.mkOption {
      type = lib.types.str;
      description = "The url this instance should be registered under. Note that
      this is not the domain mumur is served on";
      example = "vhack.eu";
    };
    name = lib.mkOption {
      type = lib.types.str;
      description = "The name this instance should be registered under.";
      example = "vhack";
    };
  };
  config = lib.mkIf cfg.enable {
    vhack.persist.directories = [
      {
        directory = cfg.murmurStore;
        user = "murmur";
        group = "murmur";
        mode = "0700";
      }
    ];

    services.murmur = {
      enable = true;
      openFirewall = true;
      welcometext = ''
        <b>You never get a second chance to make a first impression</b><br>

        The entire team of [name of the company] is thrilled to welcome you on board. We hope you’ll do some amazing work here!
      '';
      sslKey = "${cfg.murmurStore}/key.pem";
      sslCert = "${cfg.murmurStore}/fullchain.pem";

      registerUrl = cfg.url;
      registerName = cfg.name;
      registerHostname = cfg.host;
      hostName = cfg.host;
      clientCertRequired = true;
      bandwidth = 7200000;
    };

    security.acme.certs.murmur = {
      domain = cfg.host;
      postRun =
        /*
        bash
        */
        ''
          set -x
          rm "${cfg.murmurStore}/key.pem"
          rm "${cfg.murmurStore}/fullchain.pem"

          cp key.pem "${cfg.murmurStore}";
          cp fullchain.pem "${cfg.murmurStore}";

          chown murmur:murmur "${cfg.murmurStore}/key.pem"
          chown murmur:murmur "${cfg.murmurStore}/fullchain.pem"
        '';
    };
  };
}