{ pkgs, ... }:
let
  mediaGroup = "media";
in
{
  users.users.torrenter = {};
  users.groups.${mediaGroup} = {
    members = [
      "ren"
      "prowlarr"
      "radarr"
    ];
  }; 

  age.secrets.mullvad = {
    file = ../../../keys/mullvad;
    path = "/etc/wireguard/mullvad.conf";
  };

  networking.firewall.trustedInterfaces = [ "wg-selene" ];
  services.prowlarr.enable = true;

  services.transmission = {
    enable = true;
    user = "torrenter";
    group = mediaGroup;
    settings = {
      incomplete-dir-enabled = true;
      incomplete-dir = "/media/torrents/.incomplete";
      blocklist-enabled = true;
      blocklist-url = "https://github.com/Naunter/BT_BlockLists/raw/master/bt_blocklists.gz";
      utp-enabled = true;
    };
  };

  systemd.services.transmission.serviceConfig.IOSchedulingPriority = 7;

  services.radarr = {
    enable = true;
    group = mediaGroup;
    openFirewall = false;
  };

  environment.systemPackages = [
    pkgs.flood-for-transmission
  ];

}