{
  pkgs,
  config,
  service_configs,
  lib,
  ...
}:
{
  imports = [
    (lib.serviceMountWithZpool "jellyseerr" service_configs.zpool_ssds [
      service_configs.jellyseerr.configDir
    ])
    (lib.serviceFilePerms "jellyseerr" [
      "Z ${service_configs.jellyseerr.configDir} 0700 jellyseerr jellyseerr"
    ])
  ];

  services.jellyseerr = {
    enable = true;
    port = service_configs.ports.jellyseerr;
    configDir = service_configs.jellyseerr.configDir;
  };

  systemd.services.jellyseerr.serviceConfig = {
    DynamicUser = lib.mkForce false;
    User = "jellyseerr";
    Group = "jellyseerr";
    ReadWritePaths = [ service_configs.jellyseerr.configDir ];
  };

  users.users.jellyseerr = {
    isSystemUser = true;
    group = "jellyseerr";
    home = service_configs.jellyseerr.configDir;
  };

  users.groups.jellyseerr = { };

  services.caddy.virtualHosts."jellyseerr.${service_configs.https.domain}".extraConfig = ''
    # import ${config.age.secrets.caddy_auth.path}
    reverse_proxy :${builtins.toString service_configs.ports.jellyseerr}
  '';
}