{ lib, config, ... }:
let
  cfg = config.services.immich;
in
{
  options.services.immich = with lib; {
    enable = mkEnableOption "Enable immich";

    fqdn = mkOption {
      type = types.str;
      description = "FQDN to use for the immich server";
    };
    data_dir = mkOption {
      type = types.str;
      description = "The directory to store immich data in";
    };
    secrets = mkOption {
      type = types.str;
      description = "Path to file with secrets";
    };
    version = mkOption {
      type = types.str;
      default = "release";
      description = "The version (docker image tag) of immich to use";
    };
    mounts = mkOption {
      type = types.listOf types.str;
      description = "Additional mounts to add to the immich container";
      default = [ ];
    };
    port = mkOption {
      type = types.int;
      default = 2283;
      description = "Port to expose the immich server on";
    };
  };

  imports = [
    ../util/container-services.nix
  ];

  config = lib.mkIf cfg.enable rec {
    container-services.immich = {
      description = "Immich image server";
      services = {
        server = {
          image = "ghcr.io/immich-app/immich-server:${cfg.version}";
          environmentFiles = [
            cfg.secrets
          ];
          volumes = [
            "${cfg.data_dir}:/usr/src/app/upload:rw"
            "/etc/localtime:/etc/localtime:ro"
          ] ++ cfg.mounts;
          ports = [ "${builtins.toString cfg.port}:3001/tcp" ];
          dependsOn = [
            container-services.immich.services.redis
            container-services.immich.services.postgres
          ];
        };
        machine_learning = {
          image = "ghcr.io/immich-app/immich-machine-learning:${cfg.version}";
          environmentFiles = [
            cfg.secrets
          ];
          volumes = [
            "model_cache:/cache:rw"
          ];
        };
        redis = {
          image = "registry.hub.docker.com/library/redis:6.2-alpine";
          healthCheck.test = "redis-cli ping || exit 1";
          environmentFiles = [
            cfg.secrets
          ];
        };
        postgres = {
          image = "registry.hub.docker.com/tensorchord/pgvecto-rs:pg14-v0.2.0";
          environmentFiles = [
            cfg.secrets
          ];
          environment = {
            POSTGRES_INITDB_ARGS = "--data-checksums";
          };
          volumes = [
            "db_data:/var/lib/postgresql/data:rw"
          ];
          cmd = [ "postgres" "-c" "shared_preload_libraries=vectors.so" "-c" "search_path=\"$user\", public, vectors" "-c" "logging_collector=on" "-c" "max_wal_size=2GB" "-c" "shared_buffers=512MB" "-c" "wal_compression=on" ];
          healthCheck = {
            test = ''
              pg_isready --dbname='$\{DB_DATABASE_NAME}' || exit 1
              Chksum="$(psql --dbname='$\{DB_DATABASE_NAME}' --username='$\{DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"
              echo "checksum failure count is $Chksum"
              [ "$Chksum" = '0' ] || exit 1
            '';
            interval = "5m";
            startInterval = "30s";
            startPeriod = "5m";
          };
        };
      };
    };

    services.caddy.virtualHosts = {
      "${cfg.fqdn}".extraConfig = ''
        reverse_proxy localhost:${builtins.toString cfg.port}
      '';
    };
  };
}