feat: Add audiobookshelf service

flake.lock

@@ -14,11 +14,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1762618334,
+        "lastModified": 1770165109,
-        "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
+        "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "fcdea223397448d35d9b31f798479227e80183f6",
+        "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
         "type": "github"
       },
       "original": {
@@ -55,11 +55,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1768603898,
+        "lastModified": 1770260404,
-        "narHash": "sha256-vRV1dWJOCpCal3PRr86wE2WTOMfAhTu6G7bSvOsryUo=",
+        "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2a63d0e9d2c72ac4d4150ebb242cf8d86f488c8c",
+        "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b",
         "type": "github"
       },
       "original": {
@@ -92,17 +92,16 @@
     },
     "nix-rosetta-builder": {
       "inputs": {
-        "nixos-generators": "nixos-generators",
         "nixpkgs": [
           "nixpkgs-darwin"
         ]
       },
       "locked": {
-        "lastModified": 1756177999,
+        "lastModified": 1770491098,
-        "narHash": "sha256-aSbB7/jrt7ujiJ55f2uGhOo+usGxVSkqbAMVgg2jDls=",
+        "narHash": "sha256-ZfhynJqgV3A9hEivcgOEZa+TZnJPc26lIUjzKsSchgI=",
         "owner": "cpick",
         "repo": "nix-rosetta-builder",
-        "rev": "ebb7162a975074fb570a2c3ac02bc543ff2e9df4",
+        "rev": "50e6070082e0b4fbaf67dd8f346892a1a9ed685c",
         "type": "github"
       },
       "original": {
@@ -111,50 +110,13 @@
         "type": "github"
       }
     },
-    "nixlib": {
-      "locked": {
-        "lastModified": 1736643958,
-        "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "type": "github"
-      }
-    },
-    "nixos-generators": {
-      "inputs": {
-        "nixlib": "nixlib",
-        "nixpkgs": [
-          "nix-rosetta-builder",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1737057290,
-        "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=",
-        "owner": "nix-community",
-        "repo": "nixos-generators",
-        "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nixos-generators",
-        "type": "github"
-      }
-    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1768621446,
+        "lastModified": 1771208521,
-        "narHash": "sha256-6YwHV1cjv6arXdF/PQc365h1j+Qje3Pydk501Rm4Q+4=",
+        "narHash": "sha256-X01Q3DgSpjeBpapoGA4rzKOn25qdKxbPnxHeMLNoHTU=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "72ac591e737060deab2b86d6952babd1f896d7c5",
+        "rev": "fa56d7d6de78f5a7f997b0ea2bc6efd5868ad9e8",
         "type": "github"
       },
       "original": {
@@ -166,11 +128,11 @@
     },
     "nixpkgs-darwin": {
       "locked": {
-        "lastModified": 1767962478,
+        "lastModified": 1771352457,
-        "narHash": "sha256-7ywwapHmJ2/dtP0j1t9fV9KQc+byL9W9X9oG3aDS4qg=",
+        "narHash": "sha256-CCItBNMyLmtWqxTVaDAeeaIigbuaiZuN3WO8PZNkGBc=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "35588f29848c57ea8ac86699278d2a410dab0adb",
+        "rev": "f8a68d8ce473ec59300d9fb510a1b545c1290939",
         "type": "github"
       },
       "original": {
@@ -182,11 +144,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1768569498,
+        "lastModified": 1771177547,
-        "narHash": "sha256-bB6Nt99Cj8Nu5nIUq0GLmpiErIT5KFshMQJGMZwgqUo=",
+        "narHash": "sha256-trTtk3WTOHz7hSw89xIIvahkgoFJYQ0G43IlqprFoMA=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "be5afa0fcb31f0a96bf9ecba05a516c66fcd8114",
+        "rev": "ac055f38c798b0d87695240c7b761b82fc7e5bc2",
         "type": "github"
       },
       "original": {
@@ -204,11 +166,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1768680744,
+        "lastModified": 1771425294,
-        "narHash": "sha256-8mC5CSIG/FqwPYBMGFsE0o6GW+mVvGQJVjUqhlSBOHU=",
+        "narHash": "sha256-owiQE9oINf1cgaulbrr2sMjelk2cmR8rkxLRPYYL6Kg=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "9bbd09ceb26cc0d806571f4682b17e1565fc2486",
+        "rev": "242d44cd6af365da2dfa77422263b29d0ac9f39f",
         "type": "github"
       },
       "original": {
@@ -227,11 +189,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1767662275,
+        "lastModified": 1770766818,
-        "narHash": "sha256-d5Q1GmQ+sW1Bt8cgDE0vOihzLaswsm8cSdg8124EqXE=",
+        "narHash": "sha256-12RCFLyAedyMOdenUi7cN3ioJPEGjA/ZG1BLjugfUVs=",
         "owner": "nix-community",
         "repo": "plasma-manager",
-        "rev": "51816be33a1ff0d4b22427de83222d5bfa96d30e",
+        "rev": "44b928068359b7d2310a34de39555c63c93a2c90",
         "type": "github"
       },
       "original": {
@@ -242,11 +204,11 @@
     },
     "quadlet-nix": {
       "locked": {
-        "lastModified": 1767469290,
+        "lastModified": 1770606362,
-        "narHash": "sha256-VuxV4TzPXKFFvbqsaT9gCFsN30yx9dfMs5iZhL7sYrY=",
+        "narHash": "sha256-6pOOPOQr4rtgShBtkLkSDTql5rRqcUgTRz8O+axK2eM=",
         "owner": "SEIAROTg",
         "repo": "quadlet-nix",
-        "rev": "f5dd07b6a491b67d4f0742e6a8f46d92ff92cdc7",
+        "rev": "f4ae60350ea6015b6560cbd0e1f11f7e195c993d",
         "type": "github"
       },
       "original": {
@@ -278,11 +240,11 @@
       },
       "locked": {
         "dir": "pkgs/firefox-addons",
-        "lastModified": 1768622624,
+        "lastModified": 1771301023,
-        "narHash": "sha256-Em6PP667PeXbEjidbV2LnNwmUYohbrSFvVPLYLUDHms=",
+        "narHash": "sha256-0XauSmXBLOqn8SYHRWOL7Z9O7m5qtF0Yw6rqXVHkEnw=",
         "owner": "rycee",
         "repo": "nur-expressions",
-        "rev": "8061c6d9199dc6cc0727d4241959eea28f2fa0a6",
+        "rev": "1cf8b4f42720573ef35dcd7d2ba0fd80e40954e9",
         "type": "gitlab"
       },
       "original": {

secrets.nix

@@ -36,6 +36,8 @@ in {
     ++ [ corianne-host ];
   "secrets/freshrss.toml.age".publicKeys = system-administrators
     ++ [ mcentire-host ];
+  "secrets/millironx-books-s3.age".publicKeys = system-administrators
+    ++ [ mcentire-host ];
   "secrets/network-information.age".publicKeys = system-administrators
     ++ [ bosephus-host ];
 }

services/audiobookshelf.nix

@@ -0,0 +1,78 @@
+{ config, pkgs, home-manager-quadlet-nix, ... }:
+let
+  user = "audiobookshelf";
+  port = "28346";
+  stateDirectory = "/var/lib/${user}";
+in {
+  age.secrets = {
+    millironx-books-s3-token.file = ./../secrets/millironx-books-s3.age;
+  };
+
+  environment.systemPackages = [ pkgs.s3fs ];
+
+  fileSystems."millironx-books" = {
+    device = "millironx-books";
+    mountPoint = "/mount/s3/millironx-books";
+    fsType = "fuse./run/current-system/sw/bin/s3fs";
+    noCheck = true;
+    options = [
+      "_netdev"
+      "allow_other"
+      "use_path_request_style"
+      "url=https://us-east-1.linodeobjects.com/"
+      "passwd_file=${config.age.secrets.millironx-books-s3-token.path}"
+    ];
+  };
+
+  systemd.tmpfiles.rules =
+    map (d: "d ${stateDirectory}/${d} 1775 ${user} ${user} -") [
+      ""
+      "config"
+      "metadata"
+    ];
+
+  services.borgmatic.configurations."${config.networking.hostName}" = {
+    source_directories =
+      map (d: "${stateDirectory}/${d}") [ "config" "metadata" ];
+  };
+
+  services.caddy.virtualHosts."books.millironx.com".extraConfig = ''
+    reverse_proxy http://127.0.0.1:${port}
+  '';
+
+  users.users."${user}" = {
+    group = "${user}";
+    isNormalUser = true;
+    home = stateDirectory;
+    createHome = true;
+    linger = true;
+    autoSubUidGidRange = true;
+  };
+  users.groups."${user}" = { };
+
+  home-manager.users."${user}" = { config, osConfig, ... }: {
+    imports = [ home-manager-quadlet-nix ];
+
+    home.stateVersion = "25.05";
+
+    virtualisation.quadlet = {
+      autoUpdate.enable = true;
+      containers.audiobookshelf = {
+        autoStart = true;
+        containerConfig = {
+          image = "ghcr.io/advplyr/audiobookshelf:latest";
+          environments = { TZ = "America/New_York"; };
+          volumes = [
+            "/mount/s3/millironx-books/audiobooks:/audiobooks:U"
+            "/mount/s3/millironx-books/podcasts:/podcasts:U"
+            "${stateDirectory}/config:/config:U"
+            "${stateDirectory}/metadata:/metadata:U"
+          ];
+          publishPorts = [ "127.0.0.1:${port}:80" ];
+          addHosts = [ "auth.millironx.com:host-gateway" ];
+        };
+      };
+    };
+  };
+
+}

systems/linux/mcentire.nix

@@ -7,6 +7,7 @@
     ./../../services/borgmatic.nix
     ./../../services/crowdsec.nix
     ./../../services/authentik.nix
+    ./../../services/audiobookshelf.nix
     ./../../services/freshrss.nix
   ];