{
	containers.immich = {
		autoStart = true;
		privateNetwork = true;
		extraVeths.vb-immich = {
			hostBridge = "br-lan0";
			#localMacAddress = "02:00:00:00:00:01";  # TODO update to 26.05
		};

		# Host path
		bindMounts = {
			"/var/lib/immich" = {
				hostPath = "/media/ingens/immich";
				isReadOnly = false;
			};
		};

		# GPU
		#allowedDevices = [
		#	{ node = "/dev/dri/card1"; modifier = "rw"; }
		#	{ node = "/dev/dri/renderD128"; modifier = "rw"; }
		#];

		#bindMounts = {
		#	"/dev/dri/card1" = {
		#		hostPath = "/dev/dri/card1";
		#		isReadOnly = false;
		#	};
		#	"/dev/dri/renderD128" = {
		#		hostPath = "/dev/dri/renderD128";
		#		isReadOnly = false;
		#	};
		#};

		config = { lib, pkgs, config, ... }: {
			# Network
			networking.interfaces.vb-immich.useDHCP = true;
			networking.firewall.allowedTCPPorts = [ 80 ];  # Caddy

			# Immich
			services.immich = {
				enable = true;
				host = "0.0.0.0";
				openFirewall = true;
			};

			environment.systemPackages = with pkgs; [ immich immich-cli ];

			# Reverse proxy
			services.caddy = {
				enable = true;
				virtualHosts.":80".extraConfig = ''
					reverse_proxy localhost:2283
				'';
			};

			system.stateVersion = "25.11";
		};
	};
}