{config, lib, ...}: let
  inherit (config) sops;
  inherit (sops) templates placeholder;
in {
  nixpkgs.config.permittedInsecurePackages = [
    "aspnetcore-runtime-6.0.36"
    "aspnetcore-runtime-wrapped-6.0.36"
    "dotnet-sdk-6.0.428"
    "dotnet-sdk-wrapped-6.0.428"
  ];
  users.groups.media = {
    gid = 979;
  };
  services.jackett = {
    enable = true;
  };
  services.lidarr = {
    enable = true;
    group = "media";
  };
  services.sonarr = {
    enable = true;
    group = "media";
  };
  services.radarr = {
    enable = true;
    group = "media";
  };
  services.jellyseerr.enable = true;
  sops.secrets.sonarr-sslkey = {
    sopsFile = ../../certs/alpine.prawn-justice.ts.net.key;
    format = "binary";
    owner = "nginx";
  };
  # this was fun to figure out, but pointless atm.
  services.nginx.virtualHosts."alpine.prawn-justice.ts.net" = {
    forceSSL = true;
    sslCertificateKey = config.sops.secrets.sonarr-sslkey.path;
    sslCertificate = ../../certs/alpine.prawn-justice.ts.net.crt;
  };
  # probably easier if i just put this in a nixos-container
  virtualisation.oci-containers.containers.transmission = {
    autoStart = false;
    image = "docker.io/haugene/transmission-openvpn:5.3.2";
    ports = ["9091:9091"];
    volumes = [
      "/var/lib/transmission/downloads:/data/incomplete"
      "/home/tristan/pods/transmission/config:/config"
      "/mnt/storage/media/unsorted:/data/completed"
    ];
    environmentFiles = [ templates."transmission/env".path ];
    environment = {
      PUID = "1000";
      PGID = toString config.users.groups.media.gid;
      LOCAL_NETWORK = "100.0.0.0/8";
      LOG_TO_STDOUT = "true";
      TRANSMISSION_WEB_UI = "flood-for-transmission";
    };
    privileged = true;
    capabilities = {
      "NET_ADMIN" = true;
      "NET_RAW" = true;
      "MKNOD" = true;
    };
  };
  sops.secrets = {
    "transmission/auth/OPENVPN_PROVIDER" = {};
    "transmission/auth/OPENVPN_CONFIG" = {};
    "transmission/auth/OPENVPN_USERNAME" = {};
    "transmission/auth/OPENVPN_PASSWORD" = {};
  };
  sops.templates."transmission/env" = {
    owner = "tristan";
    content = ''
      OPENVPN_PROVIDER=${placeholder."transmission/auth/OPENVPN_PROVIDER"}
      OPENVPN_CONFIG=${placeholder."transmission/auth/OPENVPN_CONFIG"}
      OPENVPN_USERNAME=${placeholder."transmission/auth/OPENVPN_USERNAME"}
      OPENVPN_PASSWORD=${placeholder."transmission/auth/OPENVPN_PASSWORD"}
    '';
  };
}