{ ... }:
{
  systemd.tmpfiles.rules = [
    "f /run/agenix/photoprism 0770 photoprism photoprism -"
  ];

  services = {
    photoprism = {
      enable = true;
      port = 2342;
      address = "photo.bhankas.org";
      passwordFile = "/run/agenix/photoprism";
      settings = {
        PHOTOPRISM_ADMIN_USER = "root";
      };
    };

    nginx = {
      enable = true;
      virtualHosts = {
        "photo.bhankas.org" = {
          addSSL = true;
          enableACME = true;
          locations."/" = {
            proxyPass = "http://127.0.0.1:2342";
            proxyWebsockets = false;
            extraConfig =
              "proxy_set_header Host $host;\n"
            ;
          };
        };
      };
    };
  };

  security.acme = {
    acceptTerms = true;
    certs = {
      "photo.bhankas.org" = {
        email = "admin@bhankas.org";
        dnsResolver = "1.1.1.1:53";
      };
    };
  };
}