{
  pkgs,
  config,
  ...
}: let
  mountdir = "/var/media/danflix";
in {
  age.secrets = {
    danflix_hetzner_storage_box_pub_key.file = ../../secrets/danflix_hetzner_storage_box_pub_key.age;
    danflix_rclone_config.file = ../../secrets/danflix_rclone_config.age;
  };

  services = {
    jellyfin.enable = true;
    jellyfin.group = "media";

    transmission = {
      enable = true;
      package = pkgs.transmission_3;
      webHome = pkgs.transmission_3 + /share/transmission/web;
      settings = {
        rpc-host-whitelist-enable = true;
        rpc-host-whitelist = "bigding.squirrel-clownfish.ts.net,bigding";
      };
    };
  };

  users.users."daniel".extraGroups = ["transmission"];

  systemd.services.transmission.serviceConfig = {
    Restart = "always";
    RuntimeMaxSec = 28800;
    MemoryMax = "1G";
  };

  systemd.services.danflix-mount = {
    description = "Mount the Hetzner Storage Box media store";
    wantedBy = ["multi-user.target"];
    path = [pkgs.fuse3];
    preStart = ''
      mkdir -p -m 777 ${mountdir}
    '';
    environment = {
      "RCLONE_SFTP_KEY_FILE" = config.age.secrets.danflix_hetzner_storage_box_pub_key.path;
    };
    script = ''
      ${pkgs.rclone}/bin/rclone --config="${config.age.secrets.danflix_rclone_config.path}" mount danflix-union: ${mountdir} \
         --vfs-cache-mode full \
         --vfs-cache-max-age 336h \
         --vfs-cache-max-size 60G \
         --allow-other \
         --no-modtime \
         --rc \
         --sftp-concurrency 8 \
         --checkers 4 \
         --rc-addr=localhost:5572 \
         --rc-no-auth \
         -v
    '';
    postStart = ''
      sleep 5
      ${pkgs.rclone}/bin/rclone --config="${config.age.secrets.danflix_rclone_config.path}" rc vfs/refresh recursive=true _async=true
    '';
    postStop = ''
      sleep 3
      ${pkgs.fuse3}/bin/fusermount -u ${mountdir}
    '';
    serviceConfig = {
      Restart = "on-failure";
    };
  };
}