{ config, pkgs, ... }:
let
  cfg = config.variables.qbittorrent;
in
{
    environment.systemPackages = [ pkgs.qbittorrent-nox ];

    networking.firewall = {
      allowedTCPPorts = [ cfg.torrentPort cfg.uiPort ];
      allowedUDPPorts = [ cfg.torrentPort ];
    };

    systemd.services.qbittorrent = {
      after = [ "network.target" ];
      description = "qBittorrent Daemon";
      wantedBy = [ "multi-user.target" ];
      path = [ pkgs.qbittorrent-nox ];
      serviceConfig = {
        ExecStart = ''
          ${pkgs.qbittorrent-nox}/bin/qbittorrent-nox \
            --profile=${cfg.configDir} \
            --webui-port=${toString cfg.uiPort}
        '';
        Restart = "on-success";
        User = cfg.user;
        Group = cfg.group;
        UMask = "0002";
        LimitNOFILE = cfg.openFilesLimit;
      };
    };
}