diff --git a/configuration/default.nix b/configuration/default.nix
index 544e20c..0377e9c 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -19,6 +19,7 @@
     ./services/crowdsec.nix
     ./services/foundryvtt.nix
     ./services/gitea.nix
+    ./services/immich.nix
     ./services/metrics
     ./services/nextcloud.nix
     ./services/webserver.nix
diff --git a/configuration/services/immich.nix b/configuration/services/immich.nix
new file mode 100644
index 0000000..b74c877
--- /dev/null
+++ b/configuration/services/immich.nix
@@ -0,0 +1,65 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+let
+  hostName = "immich.${config.services.nginx.domain}";
+in
+{
+  services.immich = {
+    enable = true;
+    settings.server.externalDomain = "https://${hostName}";
+
+    environment.IMMICH_TELEMETRY_INCLUDE = "all";
+  };
+
+  services.nginx.virtualHosts.${hostName} =
+    let
+      local = "http://${config.services.immich.host}:${toString config.services.immich.port}";
+    in
+    {
+      forceSSL = true;
+      useACMEHost = "tlater.net";
+      enableHSTS = true;
+
+      locations."/" = {
+        proxyPass = local;
+        proxyWebsockets = true;
+      };
+      locations."/metrics" = {
+        extraConfig = ''
+          access_log off;
+          allow 127.0.0.1;
+          ${lib.optionalString config.networking.enableIPv6 "allow ::1;"}
+          deny all;
+        '';
+      };
+    };
+
+  backups.immich =
+    let
+      db-dump = "${config.services.immich.mediaLocation}/immich-db.sql";
+    in
+    {
+      user = "immich";
+      paths = [ config.services.immich.mediaLocation ];
+
+      preparation = {
+        packages = [ config.services.postgresql.package ];
+        text = ''
+          pg_dump ${config.services.immich.database.name} --clean --if-exists --file=${db-dump}
+        '';
+      };
+
+      cleanup = {
+        packages = [ pkgs.coreutils ];
+        text = "rm ${db-dump}";
+      };
+      pauseServices = [
+        "immich-server.service"
+        "immich-machine-learning.service"
+      ];
+    };
+}
diff --git a/configuration/services/metrics/victoriametrics.nix b/configuration/services/metrics/victoriametrics.nix
index 53864d6..f37b8b0 100644
--- a/configuration/services/metrics/victoriametrics.nix
+++ b/configuration/services/metrics/victoriametrics.nix
@@ -84,6 +84,11 @@ in
         in
         [ "${address}:${toString port}" ];
 
+      immich.targets = [
+        "127.0.0.1:8081"
+        "127.0.0.1:8082"
+      ];
+
       # Configured in the hookshot listeners, but it's hard to filter
       # the correct values out of that config.
       matrixHookshot.targets = [ "127.0.0.1:9001" ];