{ inputs, config, pkgs, lib, ... }:
let
  homelabDomain = inputs.nixos-secrets.homelabDomain;
  certDir = config.security.acme.certs."${homelabDomain}".directory;
  svcDomain = "books.${homelabDomain}";
  svcHttpPort = config.services.calibre-web.listen.port;
  web_data_dir = "calibre-web";
  library_path = "/tank/media/library/books";
in
{
  # TODO: This isn't the right place for this, but we need to guarantee that a
  # media group exists.
  users.users.calibre-web.extraGroups = [ "media" ];
  users.groups.media = {};

  services.caddy.virtualHosts."${svcDomain}".extraConfig = ''
    reverse_proxy :${toString svcHttpPort}
    encode {
      zstd
      gzip
      minimum_length 1024
    }
  '';

  services.calibre-web = {
    enable = true;
    listen.port = 8083;
    # NOTE: Don't need to open calibre-web port, it's served by reverse_proxy
    openFirewall = false;

    user = "calibre-web";
    group = "calibre-web";

    # Either absolute path or directory name under "/var/lib"
    # /tank/media/library/books
    dataDir = web_data_dir;

    options = {
      enableBookUploading = true;
      enableBookConversion = true;
      calibreLibrary = library_path;
    };
  };
}