diff --git a/data.nix b/data.nix
index f807265..24116cd 100644
--- a/data.nix
+++ b/data.nix
@@ -23,6 +23,7 @@ rec {
   ports = {
     grafana = 3000;
     gitea = 3001;
+    immich = 3003;
 
     soju = 6697;
     soju-ws = 6698;
diff --git a/flake.lock b/flake.lock
index 9407cb4..8d56304 100644
--- a/flake.lock
+++ b/flake.lock
@@ -202,16 +202,16 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1727122398,
-        "narHash": "sha256-o8VBeCWHBxGd4kVMceIayf5GApqTavJbTa44Xcg5Rrk=",
+        "lastModified": 1727335715,
+        "narHash": "sha256-1uw3y94dA4l22LkqHRIsb7qr3rV5XdxQFqctINfx8Cc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "30439d93eb8b19861ccbe3e581abf97bdc91b093",
+        "rev": "28b5b8af91ffd2623e995e20aee56510db49001a",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-unstable",
+        "ref": "nixpkgs-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }
diff --git a/flake.nix b/flake.nix
index 5e065a6..733f5f8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -3,7 +3,7 @@
 
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
-    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
+    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
     flake-utils.url = "github:numtide/flake-utils";
     flake-compat.url = "github:nix-community/flake-compat";
     nixos-hardware.url = "github:NixOS/nixos-hardware/master";
diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix
index bd4dbaa..0a2a34b 100644
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@@ -441,6 +441,14 @@ in
         extraSubnets = [ myData.subnets.vno1.cidr ];
       };
 
+      immich = {
+        enable = true;
+        paths = {
+          "M-Camera" = "/home/motiejus/annex2/M-Active";
+          "Pictures" = "/home/motiejus/annex2/Pictures";
+        };
+      };
+
       ssh8022.server = {
         enable = true;
         keyfile = config.age.secrets.ssh8022-server.path;
diff --git a/modules/services/default.nix b/modules/services/default.nix
index 8d667f6..e31087a 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -10,6 +10,7 @@
     ./grafana
     ./hass
     ./headscale
+    ./immich
     ./jakstpub
     ./matrix-synapse
     ./minidlna
diff --git a/modules/services/immich/default.nix b/modules/services/immich/default.nix
new file mode 100644
index 0000000..aaf978d
--- /dev/null
+++ b/modules/services/immich/default.nix
@@ -0,0 +1,48 @@
+{
+  config,
+  lib,
+  pkgs,
+  myData,
+  nixpkgs-unstable,
+  ...
+}:
+let
+  cfg = config.mj.services.immich;
+in
+{
+  options.mj.services.immich = with lib.types; {
+    enable = lib.mkEnableOption "enable immich";
+    paths = lib.mkOption { type = attrsOf str; };
+  };
+
+  imports = [ "${nixpkgs-unstable}/nixos/modules/services/web-apps/immich.nix" ];
+
+  config = lib.mkIf cfg.enable {
+    services.immich = {
+      enable = true;
+      port = myData.ports.immich;
+      package = pkgs.pkgs-unstable.immich;
+      mediaLocation = "/var/cache/immich/userdata";
+    };
+
+    mj.services.friendlyport.ports = [
+      {
+        subnets = [ myData.subnets.tailscale.cidr ];
+        tcp = [ myData.ports.immich ];
+      }
+    ];
+
+    systemd = {
+      tmpfiles.rules = [ "d /var/cache/immich/userdata 0700 immich immich -" ];
+      services.immich.serviceConfig = {
+        ProtectHome = lib.mkForce "tmpfs";
+        CacheDirectory = "immich";
+        BindPaths = lib.mapAttrsToList (
+          name: srcpath: "${srcpath}:/var/cache/immich/userdata/${name}"
+        ) cfg.paths;
+      };
+    };
+
+  };
+
+}