diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix
index 5ee69e4..38a52b2 100644
--- a/containers/emerald/flake.nix
+++ b/containers/emerald/flake.nix
@@ -39,7 +39,7 @@
         useACMEHost = "lava.moe";
         forceSSL = true;
         locations."/".proxyPass = "http://[${client}]:4533";
-        listenAddresses = [ "100.67.2.1" ];
+        listenAddresses = config.me.localAddrs;
       };
 
       systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix
index 870915a..eedcc2c 100644
--- a/hosts/alyssum/default.nix
+++ b/hosts/alyssum/default.nix
@@ -34,6 +34,7 @@
     ./filesystem.nix
     ./kernel.nix
     ./home.syncthing.nix
+    ./immich.nix
     ./networking.nix
     ./restic.nix
     ./samba.nix
diff --git a/hosts/alyssum/immich.nix b/hosts/alyssum/immich.nix
new file mode 100644
index 0000000..f6767ba
--- /dev/null
+++ b/hosts/alyssum/immich.nix
@@ -0,0 +1,28 @@
+{ config, ... }: {
+  services.immich = {
+    enable = true;
+    accelerationDevices = null;
+    settings.server.externalDomain = "https://photos.lava.moe";
+  };
+
+  me.binds."/var/lib/immich" = "immich";
+  hardware.graphics.enable = true;
+  users.users.immich.extraGroups = [ "video" "render" ];
+
+  services.nginx.virtualHosts."photos.lava.moe" = {
+    useACMEHost = "lava.moe";
+    forceSSL = true;
+    listenAddresses = config.me.localAddrs;
+
+    locations."/" = {
+      proxyPass = "http://[::1]:${toString config.services.immich.port}";
+      proxyWebsockets = true;
+      extraConfig = ''
+        client_max_body_size 50000M;
+        proxy_read_timeout   600s;
+        proxy_send_timeout   600s;
+        send_timeout         600s;
+      '';
+    };
+  };
+}
diff --git a/hosts/alyssum/networking.nix b/hosts/alyssum/networking.nix
index 281cbb6..c25c21f 100644
--- a/hosts/alyssum/networking.nix
+++ b/hosts/alyssum/networking.nix
@@ -12,4 +12,5 @@
     defaultGateway = "192.168.1.1";
     nameservers = [ "8.8.8.8" "8.8.4.4" ];
   };
+  me.localAddrs = [ "100.67.2.1" ];
 }
diff --git a/modules/options.nix b/modules/options.nix
index e861c12..0ec037f 100644
--- a/modules/options.nix
+++ b/modules/options.nix
@@ -49,5 +49,9 @@ in {
       type = with lib.types; attrsOf str;
       default = {};
     };
+
+    localAddrs = lib.mkOption {
+      type = with lib.types; listOf str;
+    };
   };
 }