{
  config,
  lib,
  namespace,
  ...
}:
with lib;
let
  name = "immich";
  cfg = config.${namespace}.services.${name};
  net = lib.${namespace}.network;
  dbPassword = config.sops.secrets."jallen-nas/immich/db-password".path;

  immichConfig = lib.${namespace}.mkModule {
    inherit config name;
    serviceName = "${name}-server";
    description = "immich";
    options = { };
    moduleConfig = {
      # Enable immich service
      services.immich = {
        enable = true;
        port = cfg.port;
        openFirewall = true;
        secretsFile = dbPassword;
        mediaLocation = "${cfg.dataDir}/photos";

        environment = {
          IMMICH_HOST = lib.mkForce cfg.listenAddress;
          IMMICH_TRUSTED_PROXIES = net.hosts.nas.lan;
          TZ = "America/Chicago";
        };

        machine-learning = {
          enable = true;
        };
      };
    };
  };
in
{
  imports = [ immichConfig ];
}