{ config, pkgs, ... }: let
  stateDir = "/var/lib/audiobookshelf";
in {
  users.users.audiobookshelf = {
    group = config.users.groups.audiobookshelf.name;
    isSystemUser = true;
  };
  users.groups.audiobookshelf = { };
  
  systemd.services.audiobookshelf = {
    after = [ "network.target" ];
    environment = {
    };
    path = with pkgs; [
      util-linux
    ];
    serviceConfig = {
      user = config.users.users.audiobookshelf.name;
      group = config.users.groups.audiobookshelf.name;
      ExecStart = "${pkgs.audiobookshelf}/bin/audiobookshelf --port ${toString 7991}";
      WorkingDirectory = "${stateDir}";
      PrivateTmp = "true";
      PrivateDevices = "true";
      ProtectHome = "true";
      ProtectSystem = "strict";
      AmbientCapabilities = "CAP_NET_BIND_SERVICE";
      StateDirectory = "audiobookshelf";
      StateDirectoryMode = "0700";
      Restart = "always";
    };
    wantedBy = [ "multi-user.target" ];
  };
  services.caddy.virtualHosts = {
    "books.syzygial.cc" = {
      extraConfig = ''
        reverse_proxy 127.0.0.1:${toString 7991}
      '';
    };
  };

}