{ config, pkgs, lib, ... }:

let
  cfg = config.pepe.services.immich;
in
{
  options.pepe.services.immich = with lib; {
    enable = mkEnableOption "Enable immich";
    package = mkPackageOption pkgs "immich" { };
    domain = mkOption {
      type = types.str;
      default = null;
    };
  };

  config = lib.mkIf cfg.enable {
    services = {
      immich = {
        enable = true;
        package = cfg.package;
        # accelerationDevices = null;
      };
    };

    architect.vhost.${cfg.domain} = {
      dnsInterfaces = [ "tailscale" "lan" ];
      locations."/" = {
        host = "[::1]";
        port = config.services.immich.port;
        allowLan = true;
        allowWAN = true;
        allow = [ config.architect.networks."tailscale".net ];
        proxyWebsockets = true;
        extraConfig = ''
          # allow large file uploads
          client_max_body_size 50000M;
        '';
      };
    };

    users.users.immich.extraGroups = [ "video" "render" "media" "nextcloud" ];
  };
}