{
  config,
  lib,
  self,
  ...
}:

with lib;

let
  cfg = config.modules.services.photoprism;
in
{
  options.modules.services.photoprism = {
    enable = mkOption {
      default = false;
      example = true;
    };
  };

  config = mkIf cfg.enable {
    services.nginx = {
      virtualHosts = {
        "gallery.vimium.com" = {
          forceSSL = true;
          enableACME = true;
          locations."/" = {
            proxyPass = "http://localhost:${toString config.services.photoprism.port}";
            extraConfig = ''
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header X-Forwarded-Proto $scheme;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_set_header Host $host;

              proxy_buffering off;
              proxy_http_version 1.1;
              proxy_set_header Upgrade $http_upgrade;
              proxy_set_header Connection "upgrade";
            '';
          };
        };
      };
    };

    age.secrets."passwords/services/photoprism/admin" = {
      file = "${self.inputs.secrets}/passwords/services/photoprism/admin.age";
    };

    services.photoprism = {
      enable = true;
      address = "localhost";
      passwordFile = config.age.secrets."passwords/services/photoprism/admin".path;
      originalsPath = "${config.services.photoprism.storagePath}/originals";
      settings = {
        PHOTOPRISM_APP_NAME = "Vimium Gallery";
        PHOTOPRISM_SITE_AUTHOR = "Vimium";
        PHOTOPRISM_SITE_TITLE = "Vimium Gallery";
        PHOTOPRISM_SITE_CAPTION = "Vimium Gallery";
        PHOTOPRISM_DISABLE_TLS = "true";
        PHOTOPRISM_SPONSOR = "true";
      };
    };
  };
}