refactor(tmpfiles): migrate 12 services to deferred serviceFilePerms

services/qbittorrent.nix

@@ -17,6 +17,11 @@
       "${config.services.qbittorrent.profileDir}/qBittorrent"
     ])
     (lib.vpnNamespaceOpenPort config.services.qbittorrent.webuiPort "qbittorrent")
+    (lib.serviceFilePerms "qbittorrent" [
+      "Z ${config.services.qbittorrent.serverConfig.Preferences.Downloads.SavePath} 0750 ${config.services.qbittorrent.user} ${service_configs.media_group}"
+      "Z ${config.services.qbittorrent.serverConfig.Preferences.Downloads.TempPath} 0700 ${config.services.qbittorrent.user} ${config.services.qbittorrent.group}"
+      "Z ${config.services.qbittorrent.profileDir} 0700 ${config.services.qbittorrent.user} ${config.services.qbittorrent.group}"
+    ])
   ];
 
   services.qbittorrent = {
@@ -96,12 +101,6 @@
 
   systemd.services.qbittorrent.serviceConfig.TimeoutStopSec = lib.mkForce 10;
 
-  systemd.tmpfiles.rules = [
-    "Z ${config.services.qbittorrent.serverConfig.Preferences.Downloads.SavePath} 0750 ${config.services.qbittorrent.user} ${service_configs.media_group}"
-    "Z ${config.services.qbittorrent.serverConfig.Preferences.Downloads.TempPath} 0700 ${config.services.qbittorrent.user} ${config.services.qbittorrent.group}"
-    "Z ${config.services.qbittorrent.profileDir} 0700 ${config.services.qbittorrent.user} ${config.services.qbittorrent.group}"
-  ];
-
   services.caddy.virtualHosts."torrent.${service_configs.https.domain}".extraConfig = ''
     import ${config.age.secrets.caddy_auth.path}
     reverse_proxy ${config.vpnNamespaces.wg.namespaceAddress}:${builtins.toString config.services.qbittorrent.webuiPort}