{config, ...}: let
  secrets = config.services.secrets.secrets;
  ports = import ../data/ports.nix;
in {
  systemd.tmpfiles.rules = [
    "d /caches - storage storage"
    "d /caches/main_webdav_serve - storage storage"
    "d /caches/media_webdav_serve - storage storage"
  ];

  services.rclone-serve = {
    enable = true;
    remotes = map (remote:
      {
        user = "storage";
        serviceConfig = {
          after = ["auto-secrets.service"];
          wants = ["auto-secrets.service"];
          partOf = ["auto-secrets.service"];
        };
      }
      // remote) [
      {
        id = "main";
        remote = "StorageBox:";
        type = "webdav";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.webdav_main}"
          "--htpasswd=${secrets.webdav_main_htpasswd.path}"
          "--baseurl=/Main/"
          "--cache-dir=/caches/main_webdav_serve"
          "--vfs-cache-mode=full"
        ];
      }
      {
        id = "media-combine";
        remote = "Media-Combine-Serve:";
        type = "webdav";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.webdav_media}"
          "--htpasswd=${secrets.webdav_media_htpasswd.path}"
          "--baseurl=/Media/"
          "--cache-dir=/caches/media_webdav_serve"
          "--vfs-cache-max-age=120m"
          "--vfs-cache-max-size=5g"
          "--vfs-cache-mode=full"
        ];
      }
      {
        id = "music-ro";
        remote = "StorageBox:Music";
        type = "webdav";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.webdav_music_ro}"
          "--read-only"
          "--baseurl=/MusicRO/"
        ];
      }
      {
        id = "public";
        remote = "StorageBox:Public";
        type = "webdav";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.webdav_public}"
          "--htpasswd=${secrets.webdav_media_htpasswd.path}"
          "--baseurl=/Public/"
        ];
      }
      {
        id = "uploads";
        remote = "StorageBox:Uploads";
        type = "webdav";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.webdav_uploads}"
          "--htpasswd=${secrets.webdav_uploads_htpasswd.path}"
          "--baseurl=/Uploads/"
        ];
      }

      {
        id = "music-ro";
        remote = "StorageBox:Music";
        type = "http";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.http_music}"
          "--baseurl=/Music/"
          "--read-only"
        ];
      }
      {
        id = "public";
        remote = "StorageBox:Public";
        type = "http";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.http_public}"
          "--baseurl=/Public/"
          "--read-only"
        ];
      }
      {
        id = "uploads-public";
        remote = "StorageBox:Uploads/Public";
        type = "http";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.http_uploads_public}"
          "--baseurl=/Uploads/"
          "--read-only"
        ];
      }
      {
        id = "restic-music";
        remote = "StorageBox:Backups/Restic/Music";
        type = "restic";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.restic_music}"
          "--htpasswd=${secrets.restic_music_htpasswd.path}"
          "--baseurl=/Music/"
        ];
      }
      {
        id = "restic-vault";
        remote = "StorageBox:Backups/Restic/Vault";
        type = "restic";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.restic_vault}"
          "--htpasswd=${secrets.restic_vault_htpasswd.path}"
          "--baseurl=/Vault/"
        ];
      }
      {
        id = "restic-social";
        remote = "StorageBox:Backups/Restic/Social";
        type = "restic";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.restic_social}"
          "--htpasswd=${secrets.restic_social_htpasswd.path}"
          "--baseurl=/Social/"
        ];
      }
      {
        id = "restic-quassel";
        remote = "StorageBox:Backups/Restic/Quassel";
        type = "restic";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.restic_quassel}"
          "--htpasswd=${secrets.restic_quassel_htpasswd.path}"
          "--baseurl=/Quassel/"
        ];
      }
      {
        id = "restic-postgresql";
        remote = "StorageBox:Backups/Restic/PostgreSQL";
        type = "restic";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.restic_postgresql}"
          "--htpasswd=${secrets.restic_postgresql_htpasswd.path}"
          "--baseurl=/PostgreSQL/"
        ];
      }
      {
        id = "restic-caldav";
        remote = "StorageBox:Backups/Restic/CalDAV";
        type = "restic";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.restic_caldav}"
          "--htpasswd=${secrets.restic_caldav_htpasswd.path}"
          "--baseurl=/CalDAV/"
        ];
      }
      {
        id = "restic-mail";
        remote = "StorageBox:Backups/Restic/Mail";
        type = "restic";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.restic_mail}"
          "--htpasswd=${secrets.restic_mail_htpasswd.path}"
          "--baseurl=/Mail/"
        ];
      }
      {
        id = "restic-forgejo";
        remote = "StorageBox:Backups/Restic/Forgejo";
        type = "restic";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.restic_forgejo}"
          "--htpasswd=${secrets.restic_forgejo_htpasswd.path}"
          "--baseurl=/Forgejo/"
        ];
      }
      {
        id = "restic-owncast";
        remote = "StorageBox:Backups/Restic/Owncast";
        type = "restic";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.restic_owncast}"
          "--htpasswd=${secrets.restic_owncast_htpasswd.path}"
          "--baseurl=/Owncast/"
        ];
      }
    ];
  };
}