{ config, lib, ... }:
let
  cfg = config.services.immich;
  domain = "photos.t5.st";
in
{
  services.immich = {
    enable = true;
    host = "0.0.0.0";
    openFirewall = true;
    mediaLocation = "/mnt/storage/immich";
    group = "storage";
    accelerationDevices = [ "/dev/dri/renderD128" ];
    # environment = {
    #   INFO: Not needed but left for reference
    #   ENCODED_VIDEO_LOCATION = "/var/cache/immich/encoded-video";
    #   MPLCONFIGDIR = "/var/cache/immich/mpl";
    #   PROFILE_LOCATION = "/var/cache/immich/profile";
    #   THUMB_LOCATION = "/var/cache/immich/thumbs";
    # };
    settings = {
      metadata.faces.import = true;
      newVersionCheck.enabled = false;
      server.externalDomain = "https://${domain}";
      storageTemplate = {
        enabled = true;
        hashVerificationEnabled = true;
        template = "{{y}}/{{MM}}/{{dd}}/{{filename}}";
      };
      # TODO: add smtp authentication to environment
      # notifications.smtp.enabled = true;
      # notifications.smtp.from = "Odin Photos <noreply@t5.st>";
    };
  };

  services.caddy.virtualHosts.immich = {
    hostName = "photos.odin.t5.st";
    extraConfig = ''
      encode gzip zstd
      reverse_proxy ${cfg.host}:${toString cfg.port}
    '';
  };

  systemd.tmpfiles = {
    settings.immich."${cfg.mediaLocation}".e.mode = lib.mkForce "0750";

    rules = [
      "d  /var/cache/immich 0750 immich storage - -"
      "d  /var/cache/immich/mpl 0750 immich storage - -"
      "d  /var/cache/immich/encoded-video 0750 immich storage - -"
      "d  /var/cache/immich/profile 0750 immich storage - -"
      "d  /var/cache/immich/thumbs 0750 immich storage - -"
      "L+ /var/cache/immich/encoded-video - - - - /mnt/storage/immich/encoded-video"
      "L+ /var/cache/immich/profile - - - - /mnt/storage/immich/profile"
      "L+ /var/cache/immich/thumbs - - - - /mnt/storage/immich/thumbs"
    ];
  };
}