diff --git a/checks/mumble/default.nix b/checks/mumble/default.nix
index d29c8a7ae..cf9478e60 100644
--- a/checks/mumble/default.nix
+++ b/checks/mumble/default.nix
@@ -11,8 +11,6 @@
           {
             clan.core.clanDir = ./.;
             environment.systemPackages = [ pkgs.killall ];
-            services.murmur.sslKey = "/etc/mumble-key";
-            services.murmur.sslCert = "/etc/mumble-cert";
             clan.core.facts.services.mumble.secret."mumble-key".path = "/etc/mumble-key";
             clan.core.facts.services.mumble.public."mumble-cert".path = "/etc/mumble-cert";
           }
@@ -37,14 +35,14 @@
               "mumble-cert".source = ./peer_1/peer_1_test_cert;
             };
             systemd.tmpfiles.settings."vmsecrets" = {
-              "/etc/secrets/mumble-key" = {
+              "/var/lib/murmur/sslKey" = {
                 C.argument = "${./peer_1/peer_1_test_key}";
                 z = {
                   mode = "0400";
                   user = "murmur";
                 };
               };
-              "/etc/secrets/mumble-cert" = {
+              "/var/lib/murmur/sslCert" = {
                 C.argument = "${./peer_1/peer_1_test_cert}";
                 z = {
                   mode = "0400";
@@ -52,8 +50,6 @@
                 };
               };
             };
-            services.murmur.sslKey = "/etc/mumble-key";
-            services.murmur.sslCert = "/etc/mumble-cert";
             clan.core.facts.services.mumble.secret."mumble-key".path = "/etc/mumble-key";
             clan.core.facts.services.mumble.public."mumble-cert".path = "/etc/mumble-cert";
           }
@@ -71,14 +67,14 @@
               "mumble-cert".source = ./peer_2/peer_2_test_cert;
             };
             systemd.tmpfiles.settings."vmsecrets" = {
-              "/etc/secrets/mumble-key" = {
+              "/var/lib/murmur/sslKey" = {
                 C.argument = "${./peer_2/peer_2_test_key}";
                 z = {
                   mode = "0400";
                   user = "murmur";
                 };
               };
-              "/etc/secrets/mumble-cert" = {
+              "/var/lib/murmur/sslCert" = {
                 C.argument = "${./peer_2/peer_2_test_cert}";
                 z = {
                   mode = "0400";
diff --git a/clanModules/mumble/default.nix b/clanModules/mumble/default.nix
index 53d6986d8..06fa4d4b9 100644
--- a/clanModules/mumble/default.nix
+++ b/clanModules/mumble/default.nix
@@ -41,8 +41,8 @@ in
       registerName = config.clan.core.machineName;
       openFirewall = true;
       bonjour = true;
-      sslKey = config.clan.core.facts.services.mumble.secret.mumble-key.path;
-      sslCert = config.clan.core.facts.services.mumble.public.mumble-cert.path;
+      sslKey = "/var/lib/murmur/sslKey";
+      sslCert = "/var/lib/murmur/sslCert";
     };
 
     clan.core.state.mumble.folders = [
@@ -54,6 +54,23 @@ in
       "d '/var/lib/mumble' 0770 '${config.clan.services.mumble.user}' 'users' - -"
     ];
 
+    systemd.tmpfiles.settings."murmur" = {
+      "/var/lib/murmur/sslKey" = {
+        C.argument = config.clan.core.facts.services.mumble.secret.mumble-key.path;
+        Z = {
+          mode = "0400";
+          user = "murmur";
+        };
+      };
+      "/var/lib/murmur/sslCert" = {
+        C.argument = config.clan.core.facts.services.mumble.public.mumble-cert.path;
+        Z = {
+          mode = "0400";
+          user = "murmur";
+        };
+      };
+    };
+
     environment.systemPackages =
       let
         mumbleCfgDir = "/var/lib/mumble";