{ config, ... }:
let
  inherit (import ../lib.nix config) havenisms mkPostgresContainer;
in
{
  imports = [
    (mkPostgresContainer {
      # Immich wants a custom build of postgres with the vectors extensions.
      image = "ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:c44be5f2871c59362966d71eab4268170eb6f5653c0e6170184e72b38ffdf107";
      name = "immich";
      directory = "/tank/immich/db";
      uid = config.users.users.immich.uid;
      gid = config.users.groups.immich.gid;
      passwordSecret = "immich/database";
    })
  ];

  sops.secrets = {
    "immich/database" = {
      restartUnits = [
        "${config.local.container-backend}-immich-db.service"
      ];
      mode = "0400";
      owner = config.users.users.immich.name;
    };
  };

  sops.templates."immich.env" = {
    restartUnits = [ "${config.local.container-backend}-immich.service" ];
    owner = config.users.users.immich.name;
    content = ''
      DB_HOSTNAME=immich-postgres
      DB_PASSWORD=${config.sops.placeholder."immich/database"}
      DB_USERNAME=immich
      DB_DATABASE_NAME=immich
      REDIS_HOSTNAME=immich-redis
      IMMICH_LOG_LEVEL=verbose
    '';
  };

  virtualisation.web-containers.containers.immich = {
    image = "ghcr.io/immich-app/immich-server:release";
    hostname = "immich";
    domain = havenisms;
    port = 2283;
    volumes = [
      "/tank/photos/immich:/data"
      "/etc/localtime:/etc/localtime:ro"
    ];
    dependsOn = [
      "immich-redis"
      "immich-postgres"
    ];
    environmentFiles = [
      "${config.sops.templates."immich.env".path}"
    ];
  };

  virtualisation.oci-containers.containers = {
    "immich-redis" = {
      image = "docker.io/valkey/valkey";
    };
    "immich-machine-learning" = {
      image = "ghcr.io/immich-app/immich-machine-learning:release";
      volumes = [
        "model-cache:/cache"
      ];
      environmentFiles = [
        "${config.sops.templates."immich.env".path}"
      ];
    };
  };
}