{

  pkgs ? (import (builtins.fetchTarball {
      name = "nixpkgs-2a39f9edcacd53413030853c5c40db3a70d08a65";
      url = "https://github.com/NixOS/nixpkgs/archive/020c74014b9e2fa905bb4059c979965816cd9118.tar.gz";
      sha256 = "0ggnczlrzvbj69wgsyyvg5jr17fq31mnzkg885zjqapgnl655vyn";
  })) {},

  # The directory all runtime and metadata are stored within.
  dataDir,

  # The directory all torrent files will be downloaded to.
  #
  # Must not end in slash.
  downloadDir,

  # Path to where the unix socket will be created which will serve the rutorrent
  # interface.
  socketPath,

}: let

  rtorrentConfig = pkgs.writeText "rutorrent-rtorrent-config" ''
    system.daemon.set = true
    execute.nothrow = rm,${dataDir}/rtorrent/rtorrent.sock
    network.scgi.open_local = ${dataDir}/rtorrent/rtorrent.sock
    log.open_file = "rtorrent", ${dataDir}/rtorrent/rtorrent.log
    log.add_output = "info", "rtorrent"
    min_peers = 40
    max_peers = 1200
    max_uploads = 15
    download_rate = 10000
    upload_rate = 5000
    directory = ${downloadDir}
    session = ${dataDir}/rtorrent/rtorrent_sess
    schedule = low_diskspace,5,60,close_low_diskspace=100M
    bind = 0.0.0.0
    port_range = 51413-51413
    check_hash = yes
    encryption = allow_incoming,try_outgoing,enable_retry
    dht.mode.set = disable
    protocol.pex.set = no
    encoding_list = UTF-8
  '';

  rutorrentConfig = pkgs.writeText "rutorrent-rutorrent-config" ''
    $log_file = "${dataDir}/rutorrent.log";
	$topDirectory = "${downloadDir}";
    $scgi_port = 0;
    $scgi_host = "unix://${dataDir}/rtorrent/rtorrent.sock";

    $pathToExternals = array(
      "php" => "${pkgs.php}/bin/php",
      "curl" => "${pkgs.curl}/bin/curl",
      "gzip" => "${pkgs.gzip}/bin/gzip",
      "id" => "${pkgs.coreutils}/bin/id",
      "stat" => "${pkgs.coreutils}/bin/stat",
    );

    $profilePath = "${dataDir}/rutorrent/profiles";
	$profileMask = 0700;

    $tempDirectory = "${dataDir}/rutorrent/tmp";

	$canUseXSendFile = true;
  '';

  rutorrent = pkgs.stdenv.mkDerivation rec {
    pname = "rutorrent-rutorrent";
    version = "v3.10";

    src = pkgs.fetchFromGitHub {
      owner = "Novik";
      repo = "ruTorrent";
      rev = "v3.10";
      sha256 = "sha256-5FU7rzNem5QUrpgSUS/z1sAeUalNAdOzI4ijrvxe2L4=";
    };

    installPhase = ''
      cp -rL $src $out

      chmod +w $out/conf/config.php
      cat ${rutorrentConfig} >> $out/conf/config.php
    '';
  };

  lighttpdConfig = pkgs.writeText "rutorrent-lighttpd-config" ''
    server.bind = "${socketPath}"
    server.document-root = "${rutorrent}"
    server.errorlog = "/${dataDir}/lighttpd.log"
    dir-listing.activate = "disable"
    index-file.names = ( "index.html" )
    mimetype.assign = (
        ".html" => "text/html",
        ".txt" => "text/plain",
        ".css" => "text/css",
        ".js" => "application/x-javascript",
        ".jpg" => "image/jpeg",
        ".jpeg" => "image/jpeg",
        ".gif" => "image/gif",
        ".png" => "image/png",
        "" => "application/octet-stream"
      )

      server.modules += ( "mod_scgi" )
      scgi.server = ( "/RPC2" =>
        ((
            "socket" => "${dataDir}/rtorrent/rtorrent.sock",
            "check-local" => "disable"
        ))
      )

      server.modules += ( "mod_fastcgi" )
      fastcgi.server = ( ".php" => ((
        "bin-path" => "${pkgs.php}/bin/php-cgi",
        "socket" => "${dataDir}/php.socket"
      )))
  '';

  pmux = pkgs.buildGoModule rec {

    pname = "pmux";
    version = "unstable";

    src = pkgs.fetchFromGitHub {
      owner = "cryptic-io";
      repo = "pmux";
      rev = "a451ee620c836aaed43e2abe6cabf3f9a3904d67";
      sha256 = "sha256-BEBy3eJvRXVpedo3RfU5QCcJSH+3GvtRf445pHDHGTg=";
    };

    vendorSha256 = "sha256-w3mFra7Je+8qIDQMSyUYucoLZ6GtrZmr56O6xmihIYc=";
  };

  pmuxConfig = pkgs.writeText "rutorrent-pmux-config" ''
    processes:

      - name: rtorrent
        cmd: ${pkgs.rtorrent}/bin/rtorrent
        args: [
          "-n", "-o", "import=${rtorrentConfig}"
        ]

      - name: rtorrent-tail
        cmd: ${pkgs.coreutils}/bin/tail
        args: [
          "-f", "-n0", "${dataDir}/rtorrent/rtorrent.log"
        ]

      - name: lighttpd
        cmd: ${pkgs.lighttpd}/bin/lighttpd
        args: [
          "-D", "-f", "${lighttpdConfig}"
        ]

      - name: lighttpd-tail
        cmd: ${pkgs.coreutils}/bin/tail
        args: [
          "-f", "-n0", "${dataDir}/lighttpd.log"
        ]

      # lighttpd creates the socket file with 750, which means only the
      # rutorrent user (which should be its own user) can access the socket. If
      # you're using a separate user for the reverse proxy then it's better to
      # set this as 777 and use acl permissions on the runDir.
      - name: lighttpd-sock-chmod
        cmd: ${pkgs.bash}/bin/bash
        args: [
          "-e", "-c", "chmod 777 ${socketPath}"
        ]
        noRestartOn: [ 0 ]
  '';

  pmuxEntrypoint = pkgs.writeScript "rutorrent-pmux-entrypoint" ''
    #!${pkgs.bash}/bin/bash -e

    mkdir -p ${dataDir}/rtorrent/rtorrent_sess
    mkdir -p ${dataDir}/rtorrent/tmp
    mkdir -p ${dataDir}/rutorrent/profiles/torrents
    mkdir -p ${downloadDir}

    exec ${pmux}/bin/pmux -c ${pmuxConfig}
  '';

in

  pmuxEntrypoint