nixos/home/common/optional/transmission.nix

{
  config,
  pkgs,
  ...
}: let
in {
  systemd.user.services.transmission-daemon = {
    Unit = {
      Description = "Transmission Bittorrent Daemon";
      Wants = "network-online.target";
      After = "network-online.target";
      Documentation = "man:transmission-daemon(1)";
    };
    Install = {
      WantedBy = ["multi-user.target"];
    };
    Service = {
      User = "transmission";
      Type = "notify";
      ExecStart = "${pkgs.transmission}/bin/transmission-daemon -f --log-level=error";
      ExecReload = "${pkgs.coreutils}/bin/kill -s HUP $MAINPID";
      CapabilityBoundingSet = "";
      DevicePolicy = "closed";
      KeyringMode = "private";
      LockPersonality = "true";
      NoNewPrivileges = "true";
      MemoryDenyWriteExecute = "true";
      PrivateTmp = "true";
      PrivateDevices = "true";
      ProtectClock = "true";
      ProtectKernelLogs = "true";
      ProtectControlGroups = "true";
      ProtectKernelModules = "true";
      ProtectSystem = "true";
      ProtectHostname = "true";
      ProtectKernelTunables = "true";
      ProtectProc = "invisible";
      RestrictNamespaces = "true";
      RestrictSUIDSGID = "true";
      RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
      RestrictRealtime = "true";
      SystemCallFilter = "@system - service";
      SystemCallArchitectures = "native";
      SystemCallErrorNumber = "EPERM";
    };
  };
  # home.file.".config/transmission-daemon/settings.json" = {
  #   recursive = true;
  #   text = ''
  #
  #   '';
  # };
}