{
  lib,
  pkgs,
  config,
  myhost,
  ...
}:
let
  cfg = config.services.immich;
  srv = cfg.settings.server;
in
with lib;
{
  options = {
    immich = {
      enable = mkEnableOption "enables immich";
      domain = lib.mkOption {
        type = lib.types.str;
        default = "immich.wastring.com";
        description = "The hostname that Immich is served on.";
      };
      port = lib.mkOption {
        type = lib.types.int;
        default = 8000;
        description = "The port that Immich is served on.";
      };
    };
  };
  config = mkMerge [
    (mkIf config.immich.enable {
      services.nginx = {
        virtualHosts.${config.immich.domain} = {
          forceSSL = true;
          enableACME = true;
          locations."/" = {
            proxyPass = "http://[::1]:${toString config.immich.port}";
            proxyWebsockets = true;
            recommendedProxySettings = true;
            extraConfig = ''
              client_max_body_size 50000M;
              proxy_read_timeout   600s;
              proxy_send_timeout   600s;
              send_timeout         600s;
            '';
          };
        };
      };

      sops.secrets.immich-secrets-file = { };

	  services.immich = {
		enable = true;
		port = config.immich.port;
		settings = {
			server.externalDomain = "https://${toString config.immich.domain}";
		};
		secretsFile = config.sops.secrets.immich-secrets-file.path;
	  };

    })
  ];

}