diff --git a/modules/config/instances/config/audiobookshelf.nix b/modules/config/instances/config/audiobookshelf.nix
new file mode 100644
index 0000000..6e21bbe
--- /dev/null
+++ b/modules/config/instances/config/audiobookshelf.nix
@@ -0,0 +1,30 @@
+{ instancesFunctions }:
+let
+  inherit (instancesFunctions)
+    domain0
+    servicePath
+    sslPath
+    sopsPath
+    ;
+  audiobookshelfLabel = "Audiobookshelf";
+  audiobookshelfName = "audiobookshelf";
+  audiobookshelfSubdomain = "books";
+in
+{
+  label = audiobookshelfLabel;
+  name = audiobookshelfName;
+  sops = {
+    path0 = "${sopsPath}/${audiobookshelfName}";
+  };
+  subdomain = audiobookshelfSubdomain;
+  paths = {
+    path0 = "${servicePath}/${audiobookshelfLabel}";
+  };
+  ports = {
+    port0 = 8000;
+  };
+  ssl = {
+    cert = "${sslPath}/${audiobookshelfSubdomain}.${domain0}/fullchain.pem";
+    key = "${sslPath}/${audiobookshelfSubdomain}.${domain0}/key.pem";
+  };
+}
diff --git a/modules/nixos/services/acme/default.nix b/modules/nixos/services/acme/default.nix
index 2fa7914..0c23a31 100755
--- a/modules/nixos/services/acme/default.nix
+++ b/modules/nixos/services/acme/default.nix
@@ -38,6 +38,7 @@ in
           "syncthing"
           "searx"
           "vaultwarden"
+          "audiobookshelf"
         ]
       )
       ++ (map
diff --git a/modules/nixos/services/audiobookshelf/default.nix b/modules/nixos/services/audiobookshelf/default.nix
new file mode 100644
index 0000000..14bde53
--- /dev/null
+++ b/modules/nixos/services/audiobookshelf/default.nix
@@ -0,0 +1,43 @@
+{ flake, config, ... }:
+let
+  inherit (flake.config.instances) audiobookshelf web;
+  service = audiobookshelf;
+  host = "${service.subdomain}.${web.domains.url0}";
+  localhost = web.localhost.address0;
+in
+{
+  services = {
+    audiobookshelf = {
+      enable = true;
+      host = host;
+    };
+    caddy = {
+      virtualHosts = {
+        "${host}" = {
+          extraConfig = ''
+            reverse_proxy ${localhost}:${toString service.ports.port0} {
+              header_up X-Real-IP {remote_host}
+            }
+
+            tls ${service.ssl.cert} ${service.ssl.key}
+
+            encode zstd gzip
+          '';
+        };
+      };
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "Z ${service.paths.path0} 0755 ${service.name} ${service.name} -"
+    "Z ${service.sops.path0} 755 ${service.name} ${service.name} -"
+  ];
+
+  networking = {
+    firewall = {
+      allowedTCPPorts = [
+        service.ports.port0
+      ];
+    };
+  };
+}