{config, ...}: {

  users.users."starr" = {
    extraGroups = [ "transmission" ];
  };
  
  users.users.transmission = {
    isSystemUser = true;
    group = "transmission";
    uid = 992;
  };

  users.groups = {
    transmission.gid = 989;
  };

  virtualisation.oci-containers = let
    peerport = "63369";
  in {
    backend = "docker";
    containers = {
      gluetun = {
        image = "qmcgaw/gluetun";
        environment = {
          VPN_SERVICE_PROVIDER = "airvpn";
          VPN_TYPE = "wireguard";
          # WIREGUARD_PRIVATE_KEY = "from agenix";
          # WIREGUARD_PRESHARED_KEY = "from agenix";
          # WIREGUARD_ADDRESSES = "from agenix";
          # SERVER_COUNTRIES = "from agenix";
          FIREWALL_VPN_INPUT_PORTS = "13277,${peerport}";
        };
        environmentFiles = [
          config.age.secrets.airvpn-params.path
        ];
        extraOptions = [
          "--cap-add=NET_ADMIN"
          "--device=/dev/net/tun"
        ];
        ports = [
          "13277:13277"
          "9091:13277"
          "${peerport}:${peerport}"
          "${peerport}:${peerport}/udp"
        ];
      };
      transmission = {
        image = "docker.io/linuxserver/transmission:latest";
        volumes = [
          "/etc/transmission:/config"
          "/etc/localtime:/etc/localtime:ro"
          "/mnt/mediacenter/torrents:/mnt/mediacenter/torrents"
          "/mnt/data/transmission_downloads:/mnt/data/transmission_downloads"
        ];
        dependsOn = [
          "gluetun"
        ];
        extraOptions = [
          "--network=container:gluetun"
        ];
        environment = {
          PUID = toString config.users.users.transmission.uid;
          GUID = toString config.users.groups.transmission.gid;
          PEERPORT = peerport;
        };
      };
    };
  };
}