diff --git a/modules/default.nix b/modules/default.nix
index a5ff39d..3496268 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -43,6 +43,7 @@
     ./services/gitea
     ./services/gitea-runner
     ./services/headscale
+    ./services/immich
     ./services/mail
     ./services/matrix
     ./services/nginx
diff --git a/modules/services/immich/default.nix b/modules/services/immich/default.nix
new file mode 100644
index 0000000..84dafa1
--- /dev/null
+++ b/modules/services/immich/default.nix
@@ -0,0 +1,54 @@
+{ config, lib, self, ... }:
+
+with lib;
+
+let cfg = config.modules.services.immich;
+in {
+  options.modules.services.immich = {
+    enable = mkOption {
+      default = false;
+      example = true;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.nginx = {
+      virtualHosts = {
+        "gallery.vimium.com" = {
+          forceSSL = true;
+          enableACME = true;
+          locations."/" = {
+            proxyPass = "http://localhost:${toString config.services.immich.port}";
+            extraConfig = ''
+              client_max_body_size 50000M;
+
+              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+              proxy_set_header X-Forwarded-Proto $scheme;
+              proxy_set_header X-Real-IP $remote_addr;
+              proxy_set_header Host $host;
+
+              proxy_buffering off;
+              proxy_redirect off;
+              proxy_http_version 1.1;
+              proxy_set_header Upgrade $http_upgrade;
+              proxy_set_header Connection "upgrade";
+
+              proxy_read_timeout 600s;
+              proxy_send_timeout 600s;
+              send_timeout 600s;
+            '';
+          };
+        };
+      };
+    };
+
+    age.secrets."files/services/immich/envfile" = {
+      file = "${self.inputs.secrets}/files/services/immich/envfile.age";
+    };
+
+    services.immich = {
+      enable = true;
+      secretsFile = config.age.secrets."files/services/immich/envfile".path;
+    };
+  };
+}