{ pkgs, ... }:
{
  imports =
    [
      ../../../deployments/seedbox/qbittorrent/default.nix
    ];

  variables.qbittorrent = {
    user = "qbittorrent";
    group = "jellyfin";
    torrentPort = 60836;
    uiPort = 8888;
    configDir = "/var/lib/qbittorrent";
    openFilesLimit = 8192;
  };

  users.users.qbittorrent = {
    group = "jellyfin";
    isSystemUser = true;
    home = "/var/lib/qbittorrent";
  };

  services.nginx = {
    virtualHosts."ecchi.elmosco.lewd.wtf" = {
      serverName = "ecchi.elmosco.lewd.wtf";
      locations = {
        "/" = {
          extraConfig = ''
            auth_basic "Show slit";
            auth_basic_user_file /run/secrets/services/nginx/ecchi.htpasswd;
            proxy_pass http://127.0.0.1:8888;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            client_max_body_size 50M;
          '';
        };
      };
    };
  };

  systemd.timers."qbittools-unregistered" = {
    wantedBy = [ "timers.target" ];
    timerConfig = {
      OnBootSec = "5m";
      OnUnitActiveSec = "2h";
      Unit = "qbittools-unregistered.service";
    };
  };

  systemd.services."qbittools-unregistered" = {
    script = ''
      set -eu
      ${pkgs.podman}/bin/podman run -it --rm --network host registry.gitlab.com/alexkm/qbittools@sha256:74fe59f3ef0c23e48db3b2af34a5b1f8b43a4afd3dbf45df7529e300a6f50820 tagging --unregistered --port 8888 -s 127.0.0.1
    '';
    serviceConfig = {
      Type = "oneshot";
      User= "nobody";
    };
  };
}