{
  config,
  lib,
  pkgs,
  ...
}:
with pkgs;
let
  port = 8000;
  group = "media";
in
{
  users.users.audiobookshelf = {
    isSystemUser = true;
    group = group;
  };

  networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ port ];
  networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ port ];

  networking.firewall.interfaces.wg0.allowedTCPPorts = [ port ];
  networking.firewall.interfaces.wg0.allowedUDPPorts = [ port ];

  systemd.services.audiobookshelf = {
    enable = true;
    description = "Self-hosted audiobook server for managing and playing audiobooks";
    serviceConfig = {
      Type = "simple";
      WorkingDirectory = "/srv/audiobookshelf";
      ExecStart = "${audiobookshelf}/bin/audiobookshelf --port ${toString port}";
      ExecReload = "${util-linux}/bin/kill -HUP $MAINPID";
      Restart = "always";
      User = config.users.users.audiobookshelf.name;
      Group = config.users.users.audiobookshelf.group;
    };
    wantedBy = [ "multi-user.target" ];
    requires = [ "network.target" ];
  };

}