{
  lib,
  config,
  ...
}:
with lib;
{
  options = {
    mediamtx = {
      enable = mkEnableOption "enables mediamtx";
      host = mkOption {
        type = types.str;
        default = "0.0.0.0";
        description = "The host address to bind RTSP on.";
      };
      rtspPort = mkOption {
        type = types.int;
        default = 8554;
        description = "RTSP port exposed by MediaMTX.";
      };
    };
  };

  config = mkMerge [
    (mkIf config.mediamtx.enable {
      virtualisation.podman.enable = true;

      virtualisation.oci-containers = {
        backend = "podman";
        containers = {
          mediamtx = {
            image = "bluenviron/mediamtx:latest";
            ports = [ "${config.mediamtx.host}:${toString config.mediamtx.rtspPort}:8554" ];
          };
        };
      };

      networking.firewall.allowedTCPPorts = [ config.mediamtx.rtspPort ];
    })
  ];
}