{ config, lib, pkgs, ... }:

{
  environment.systemPackages = with pkgs; [ libnatpmp gawk dig ];

  systemd.services = {
    wireguard-torrent = {
      bindsTo = [ "netns@torrent.service" ];
      after = [ "netns@torrent.service" ];
    };

    rtorrent = {
      bindsTo = [ "wireguard-torrent.service" ];
      after = [ "wireguard-torrent.service" ];
      unitConfig.JoinsNamespaceOf = "netns@torrent.service";
      serviceConfig = {
        PrivateNetwork = true;
        LimitNOFILE = 24000;
      };

      path = with pkgs; [ libnatpmp gawk dig findutils gzip ];
    };
  };

  networking.wireguard.interfaces = {
    torrent = { # phaenn
      ips = [ "10.10.10.2/32" ];
      privateKeyFile = "/root/wireguard/torrent.key";
      interfaceNamespace = "torrent";

      peers = [
        {
          publicKey = "z0xDKcXtU1koil57vykUK/7RY0EP/QPGesdEzYxM2g0=";
          endpoint = "45.152.210.73:51820";
          allowedIPs = [ "0.0.0.0/0" ];
          persistentKeepalive = 25;
        }
      ];
    };
  };

  services.rtorrent = {
    enable = true;
    package = pkgs.unstable.rtorrent.overrideAttrs (prev: {
      configureFlags = [
        "--with-xmlrpc-c"
        "--with-posix-fallocate"
      ];

      buildInputs = prev.buildInputs ++ [
        pkgs.xmlrpc_c
      ];
    });
    # dataDir = "/mnt/media/download";
    user = "media";
    group = "media";

    configText = lib.mkForce (lib.readFile ./rtorrent.rc);
  };
}