{
  self,
  config,
  lib,
  pkgs,
  ...
}:

with self.lib.nginx;
{
  imports = [
    ./rtorrent.nix
    ./slsk.nix
  ];

  security.acme.certs = {
    "media.cocaine.farm" = {
      extraDomainNames = [ "*.media.cocaine.farm" ];
    };
  };

  users = {
    users = {
      media = {
        isSystemUser = true;
        group = "media";
      };
      audron.extraGroups = [ "media" ];
      magin.extraGroups = [ "media" ];
    };
    groups.media = { };
  };

  services.jellyfin = {
    enable = true;
    user = "media";
    group = "media";
  };

  services.radarr = {
    enable = true;
    user = "media";
    group = "media";
  };

  services.sonarr = {
    enable = true;
    package = pkgs.callPackage ./sonarr.nix { };
    user = "media";
    group = "media";
  };

  services.prowlarr = {
    enable = true;
  };

  services.rutorrent = {
    enable = true;
    hostName = "torrent.media.cocaine.farm";
    plugins = lib.mkForce [
      "httprpc"
      "data"
      "diskspace"
      "edit"
      "erasedata"
      "theme"
      "trafic"
    ];
    nginx.enable = true;
  };

  virtualisation.oci-containers.containers = {
    flaresolverr = {
      image = "ghcr.io/flaresolverr/flaresolverr:latest";
      autoStart = true;
      ports = [
        "10.10.0.2:8191:8191"
      ];
    };
  };

  services.nginx = {
    enable = true;
    virtualHosts = {
      "media.cocaine.farm" = (proxyDomain "media.cocaine.farm" "http://127.0.0.1:8096/");
      "sonarr.media.cocaine.farm" = proxyDomainAuth "media.cocaine.farm" "http://127.0.0.1:8989";
      "radarr.media.cocaine.farm" = proxyDomainAuth "media.cocaine.farm" "http://127.0.0.1:7878";
      "prowlarr.media.cocaine.farm" = proxyDomainAuth "media.cocaine.farm" "http://127.0.0.1:9696";
      "torrent.media.cocaine.farm" = domainAuth "media.cocaine.farm";

      "torrent.local" = {
        listen = [
          {
            addr = "10.10.0.2";
            port = 80;
          }
        ];

        serverAliases = [ "phaenn.wg.vapor.systems" ];

        locations."/RPC2" = {
          extraConfig = ''
            include ${pkgs.nginx}/conf/scgi_params;
            scgi_pass unix:/run/rtorrent/rpc.sock;
          '';
        };

        root = config.services.rutorrent.dataDir;
        locations = {
          "~ [^/]\\.php(/|$)" = {
            extraConfig = ''
              fastcgi_split_path_info ^(.+?\.php)(/.*)$;
              if (!-f $document_root$fastcgi_script_name) {
                return 404;
              }

              # Mitigate https://httpoxy.org/ vulnerabilities
              fastcgi_param HTTP_PROXY "";

              fastcgi_pass unix:${config.services.phpfpm.pools.rutorrent.socket};
              fastcgi_index index.php;

              include ${pkgs.nginx}/conf/fastcgi.conf;
            '';
          };
        };
      };
    };
  };

  services.nfs = {
    server = {
      enable = true;
      exports = ''
        /mnt/media      10.10.0.0/24(rw,fsid=0,no_subtree_check)
      '';
    };

    settings = {
      nfsd = {
        vers3 = false;
        vers4 = true;
        "vers4.0" = false;
        "vers4.1" = false;
        "vers4.2" = true;
      };
    };
  };

  networking.hosts = {
    "10.10.0.2" = [ "torrent.local" ];
  };
}