{ config, lib, pkgs, ... }:

{
  environment.systemPackages = with pkgs; [
    libnatpmp
  ];

  services.qbittorrent = {
    enable = true;
    user = "qbittorrent";
    group = "media";

    webuiPort = 44304;

    serverConfig = {
      LegalNotice.Accepted = true;
      General.Locale = "fr";
      BitTorrent = {
        Session = {
          DefaultSavePath = "/var/data/media/torrent/";
          AnonymousModeEnabled=true;
          GlobalDLSpeedLimit=1250;
          GlobalUPSpeedLimit=125;
          AlternativeGlobalDLSpeedLimit=2500;
          AlternativeGlobalUPSpeedLimit=125;
          # BandwidthSchedulerEnabled=true;
          UseAlternativeGlobalSpeedLimit=false;
          QueueingSystemEnabled=true;
          MaxActiveDownloads = 7;
          MaxActiveTorrents = 7;
          MaxActiveUploads = 3;
          GlobalMaxSeedingMinutes=1440;
        };
      };
      Preferences = {
        WebUI = {
          Username = "lyes";
          Password_PBKDF2 = "@ByteArray(5UU0KdjkWdtIdml1aQVDOQ==:qs0cVTkuQzbHA3EmF9++MK9eJstbx95hIR52amh2PSSgmQxrXavu0oxUZdUMWnaIRKkUuq18o9GV+DMb7T99NA==)";
          AuthSubnetWhitelistEnabled = true;
          AuthSubnetWhitelist = "192.168.2.2/32";
          StatusbarExternalIPDisplayed = true;
        };
      };
    };
  };

  networking.vpn-netns.encapsulatedServices.qbittorrent = {
    enable = true;

    portForwarding = {
      enable = true;

      updateScript =
        let
          configFile = "/var/lib/qbittorrent/qBittorrent/config/qBittorrent.conf";
          passwordFile = config.age.secrets.tetra-pass.path;
          apiSetPreferenceUrl = "http://${config.networking.vpn-netns.vethIP}:${toString config.services.qbittorrent.webuiPort}/api/v2/app/setPreferences";
          curl = lib.getExe pkgs.curl;
          ip = "${pkgs.iproute2}/bin/ip";
        in
        ''
          CURRENT_PORT=$(cat ${configFile} | grep 'Session\\Port' | cut -d '=' -f 2)
          PASS=$(cat ${passwordFile})
          test "$PORT" -eq "$CURRENT_PORT" || (
            ${ip} netns exec netns-mogma ${curl} -i -X POST -d "json={\"random_port\": false}" "${apiSetPreferenceUrl}"
            ${ip} netns exec netns-mogma ${curl} -i -X POST -d "json={\"listen_port\": $PORT}" "${apiSetPreferenceUrl}"
          )
        '';
    };
  };

  age.secrets = {
    tetra-pass = {
      file = ../../../secrets/zora/services/tetra-pass.age;
      mode = "770";
      owner = "qbittorrent";
      group = "media";
    };
  };

  # users.users.qbittorrent.extraGroups = [ "media" ];
  users.users.qbittorrent.isSystemUser = true;
  users.users.qbittorrent.group = "media";
}