{
  lib,
  config,
  pkgs,
  ...
}:
with lib;
with lib.custom; let
  cfg = config.services.torrent;
in {
  options.services.torrent = with types; {
    enable = mkBoolOpt false "Enable Transmission Service (for Linux ISOs)";
  };
  config = mkIf cfg.enable {
    services.wg-container.enable = true;

    systemd.services.transmission.vpnConfinement = {
      enable = true;
      vpnNamespace = "wg";
    };

    services.transmission = {
      enable = true;
      package = pkgs.transmission_4;
      settings = {
        incomplete-dir-enabled = true;
        rpc-bind-address = "192.168.15.1"; # Bind RPC/WebUI to VPN network namespace address
        rpc-whitelist-enabled = false;
        rpc-whitelist = [
          "192.168.15.1"
          "192.168.15.5" # Access from default network namespace
          "192.168.1.*" # Access from other machines on specific subnet
          "127.0.0.1" # Access through loopback within VPN network namespace
        ];
      };
    };
  };
}