{ config, pkgs, ... }:
let
    transcode = pkgs.callPackage ../packages/transcode.nix {};
    flacPath = "/data/music/flac";
    mp3Path = "/data/music/mp3";
    oggPath = "/data/music/ogg";
in
{
    systemd.services.transcode = {
        description = "Transcode music form FLAC to MP3 and OGG";
        onFailure = [ "status-email@%n.service" ];
        serviceConfig = {
            Type = "simple";
            ExecStart = "${transcode}/bin/transcode --mp3-out \"${mp3Path}\" --ogg-out \"${oggPath}\" \"${flacPath}\"";
            DynamicUser = true;
            Group = "music";
            UMask = "002";
            ReadOnlyDirectories = [ flacPath ];
            ReadWriteDirectories = [ mp3Path oggPath ];
            Nice = 19;
            NoNewPrivileges = true;
            PrivateTmp = true;
            PrivateDevices = true;
            PrivateUsers = true;
            ProtectClock = true;
            ProtectSystem = "strict";
            ProtectHome = true;
            ProtectKernelLogs = true;
            ProtectKernelModules = true;
            ProtectProc = "invisible";
        };
    };
}