{ config, ... }:
let
  cfg = import /etc/nixos/modules/vars.nix;
  #bazarr_port = cfg.arrstack.bazarr.port;
  #outpost_port = cfg.authentik.outpostPort;
  #domain = "mc-fucker.cool";
in
{

   virtualisation.oci-containers.containers.qbittorrent = {
    image = "docker.io/binhex/arch-qbittorrentvpn";
    environment = {
      TZ = "Europe/Berlin";
      PUID = toString config.users.users.arr.uid;
      PGID = toString config.users.groups.arr.gid;
      VPN_ENABLED = "yes";
      VPN_CLIENT = "wireguard";
      VPN_PROV = "custom";
      LAN_NETWORK = "192.168.178.0/24";
    };
    ports = [
      "6881:6881"
      "6881:6881/udp"
      "8080:8080"
      #"8118:8118"
    ];
    volumes = [
      "/var/lib/qbittorrent:/config"
      "/mnt/mergerfs/media/qbittorrent:/data/qbittorrent"
      "/mnt/cache/qbittorrent:/cache"
    ];
    #extraOptions = cfg.podman.extraOptions ++ [ "--cap-add=NET_ADMIN,NET_RAW" "--device=/dev/net/tun" ];
    extraOptions = cfg.podman.extraOptions ++ [ ''--sysctl="net.ipv4.conf.all.src_valid_mark=1"'' "--privileged=true" "--ip=10.88.13.37" ];
    autoStart = false;
  };

  #services.nginx.virtualHosts = {
  #};
}
# vim: set et ts=2 sw=2 ai: