{
  config,
  lib,
  pkgs,
  zerotierInterface,
  ...
}:
let
  group = "media";
  port = 9002;
in
{

  healthchecks.http.audiobookshelf-via-zerotier = {
    url = "${config.networking.hostName}.${config.clan.static-hosts.topLevelDomain}:${toString port}";
    expectedContent = "audiobookshelf";
  };

  networking.firewall.interfaces.${zerotierInterface}.allowedTCPPorts = [ port ];

  users.users.audiobookshelf = {
    isSystemUser = true;
    group = lib.mkForce group;
  };

  #  systemd.services.audiobookshelf = {
  #    enable = true;
  #    description = "Self-hosted audiobook server for managing and playing audiobooks";
  #    serviceConfig = {
  #      Type = "simple";
  #      WorkingDirectory = "/srv/audiobookshelf";
  #      ExecStart = "${audiobookshelf}/bin/audiobookshelf --port ${toString port}";
  #      ExecReload = "${util-linux}/bin/kill -HUP $MAINPID";
  #      Restart = "always";
  #      User = config.users.users.audiobookshelf.name;
  #      Group = config.users.users.audiobookshelf.group;
  #    };
  #    wantedBy = [ "multi-user.target" ];
  #    requires = [ "network.target" ];
  #  };

  services.audiobookshelf = {
    enable = true;
    port = 8000;
  };

  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    virtualHosts."audiobookshelf.${config.networking.hostName}.${config.clan.static-hosts.topLevelDomain}" =
      {
        listen = [
          {
            addr = "[::]";
            port = port;
            ssl = false;
          }
        ];
        locations."/" = {
          proxyPass = "http://127.0.0.1:${toString config.services.audiobookshelf.port}";
          proxyWebsockets = true;
          extraConfig = ''
            proxy_redirect http:// $scheme://;
          '';
        };
      };
  };

}