{
  lib,
  config,
  kubenix,
  ...
}: {
  kubernetes.helm.releases.immich = {
    namespace = "immich";
    chart = kubenix.lib.helm.fetch {
      repo = "https://immich-app.github.io/immich-charts";
      chart = "immich";
      version = "0.6.0";
      sha256 = "p9fgqRMxRJ2rMBZZfMKuAIjp/N1/KgKCKLDhoXO0O6c=";
    };
    # arbitrary attrset passed as values to the helm release
    values = {
      image.tag = "v1.105.1";
      machine-learning.enabled = false;
      immich.persistence.library.existingClaim = "immich";
      redis = {
        enabled = true;
        
      };
      env = {
        PGSSLMODE = "no-verify";
        DB_PASSWORD.valueFrom.secretKeyRef = {
          name = "postgres-immich";
          key = "password";
        };
        DB_HOSTNAME.value = "192.168.50.236";
      };
      server.ingress.main = {
        enabled = true;
        annotations = {
          "cert-manager.io/cluster-issuer" = "le-issuer";
        };
        tls = [
          {
            hosts = ["photos.gmem.ca"];
          }
        ];
        hosts = [
          {
            host = "photos.gmem.ca";
            paths = [{path = "/";}];
          }
        ];
      };
    };
  };

  kubernetes.resources.persistentVolumeClaims.immich = {
    metadata = {
      name = "immich";
      namespace = "immich";
    };
    spec = {
      accessModes = ["ReadWriteOnce"];
      resources.requests.storage = "50Gi";
    };
  };

  kubernetes.resources.statefulSets.immich-redis-master = {
    metadata.namespace = "immich";
    spec.template.spec.containers.redis.image = lib.mkForce "registry.redict.io/redict:7.3-compat";
  };
}