{ config, pkgs, ... }:

let
  delugeBase = {
    pull = "always";
    environment = {
      PUID = "600";
      PGID = "100";
      TZ = "America/New_York";
      UMASK = "000";
      DEBUG = "true";
      DELUGE_DAEMON_LOG_LEVEL = "debug";
      DELUGE_WEB_LOG_LEVEL = "debug";
    };
  };

  vars = import ../vars.nix;
  #docker_path = vars.primary_docker;
  torr_path = vars.primary_torr;
  deluge_path = "${torr_path}/deluge";
  delugevpn_path = "${torr_path}/delugevpn";

  #genSopsConfWg = file: {
  #  "${file}" = {
  #    format = "binary";
  #    sopsFile = ./wg/${file};
  #    path = "${delugevpn_path}/config/wireguard/configs/${file}";
  #    owner = "docker-service";
  #    group = "users";
  #    restartUnits = [ "docker-delugeVPN.service" ];
  #  };
  #};

  genSopsConfOvpn = file: {
    "${file}" = {
      format = "binary";
      sopsFile = ./openvpn/${file};
      path = "${delugevpn_path}/config/openvpn/configs/${file}";
      owner = "docker-service";
      group = "users";
      restartUnits = [ "docker-delugeVPN.service" ];
    };

  };
in
{

  virtualisation.oci-containers.containers = {
    deluge = delugeBase // {
      image = "binhex/arch-deluge";
      volumes = [
        "${deluge_path}/config:/config"
        "${deluge_path}/data/:/data"
        "/etc/localtime:/etc/localtime:ro"
      ];
      ports = [
        "8084:8112"
        "29433:29433"
      ];
    };
    delugeVPN = delugeBase // {
      image = "binhex/arch-delugevpn:latest";
      capabilities = {
        NET_ADMIN = true;
      };
      autoRemoveOnStop = false;
      environment = delugeBase.environment // {
        VPN_ENABLED = "yes";
        VPN_CLIENT = "openvpn";
        VPN_PROV = "protonvpn";
        ENABLE_PRIVOXY = "yes";
        LAN_NETWORK = "192.168.0.0/16";
        ENABLE_STARTUP_SCRIPTS = "yes";
        #NAME_SERVERS = "194.242.2.9";
        #NAME_SERVERS = "9.9.9.9";
        # note, delete /config/perms.txt to force a bulk permissions update
      };
      environmentFiles = [ config.sops.secrets."docker/delugevpn".path ];
      volumes = [
        "${delugevpn_path}/config:/config"
        "${deluge_path}/data:/data" # use common torrent path yuck
        "/etc/localtime:/etc/localtime:ro"
      ];
      ports = [
        "8085:8112"
        "8119:8118"
        "39275:39275"
        "39275:39275/udp"
        "48346:48346"
        "48346:48346/udp"

      ];
    };
  };

  systemd.services.docker-delugeVPN = {
    serviceConfig = {
      ExecStartPre = [
        (
          "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/openvpn/configs "
          + "-type l -not -name network.ovpn "
          + "| ${pkgs.coreutils}/bin/shuf -n 1 "
          + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/openvpn/network.ovpn &&"
          + "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/openvpn/network.ovpn &&"
          + "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/openvpn/network.ovpn\""
        )
        (
          "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/scripts/links "
          + "-type l "
          + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/scripts/ \""
        )
      ];
      ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/scripts/*sh" ];
    };
  };

  sops.secrets = (genSopsConfOvpn "se.protonvpn.udp.ovpn") // {
    "docker/delugevpn" = {
      owner = "docker-service";
      group = "users";
      restartUnits = [ "docker-delugeVPN.service" ];
    };
    "docker/protonvpn-start-script" = {
      path = "${delugevpn_path}/config/scripts/links/protonvpn-start-script.sh";
      owner = "docker-service";
      group = "users";
      restartUnits = [ "docker-delugeVPN.service" ];
    };
  };
}