diff --git a/configuration/services/immich.nix b/configuration/services/immich.nix
index b74c877..516ea3e 100644
--- a/configuration/services/immich.nix
+++ b/configuration/services/immich.nix
@@ -8,58 +8,60 @@ let
   hostName = "immich.${config.services.nginx.domain}";
 in
 {
-  services.immich = {
-    enable = true;
-    settings.server.externalDomain = "https://${hostName}";
+  services = {
+    immich = {
+      enable = true;
+      settings.server.externalDomain = "https://${hostName}";
 
-    environment.IMMICH_TELEMETRY_INCLUDE = "all";
+      environment.IMMICH_TELEMETRY_INCLUDE = "all";
+    };
+
+    nginx.virtualHosts.${hostName} =
+      let
+        local = "http://${config.services.immich.host}:${toString config.services.immich.port}";
+      in
+      {
+        forceSSL = true;
+        useACMEHost = "tlater.net";
+        enableHSTS = true;
+
+        locations."/" = {
+          proxyPass = local;
+          proxyWebsockets = true;
+        };
+        locations."/metrics" = {
+          extraConfig = ''
+            access_log off;
+            allow 127.0.0.1;
+            ${lib.optionalString config.networking.enableIPv6 "allow ::1;"}
+            deny all;
+          '';
+        };
+      };
+
+    backups.immich =
+      let
+        db-dump = "${config.services.immich.mediaLocation}/immich-db.sql";
+      in
+      {
+        user = "immich";
+        paths = [ config.services.immich.mediaLocation ];
+
+        preparation = {
+          packages = [ config.services.postgresql.package ];
+          text = ''
+            pg_dump ${config.services.immich.database.name} --clean --if-exists --file=${db-dump}
+          '';
+        };
+
+        cleanup = {
+          packages = [ pkgs.coreutils ];
+          text = "rm ${db-dump}";
+        };
+        pauseServices = [
+          "immich-server.service"
+          "immich-machine-learning.service"
+        ];
+      };
   };
-
-  services.nginx.virtualHosts.${hostName} =
-    let
-      local = "http://${config.services.immich.host}:${toString config.services.immich.port}";
-    in
-    {
-      forceSSL = true;
-      useACMEHost = "tlater.net";
-      enableHSTS = true;
-
-      locations."/" = {
-        proxyPass = local;
-        proxyWebsockets = true;
-      };
-      locations."/metrics" = {
-        extraConfig = ''
-          access_log off;
-          allow 127.0.0.1;
-          ${lib.optionalString config.networking.enableIPv6 "allow ::1;"}
-          deny all;
-        '';
-      };
-    };
-
-  backups.immich =
-    let
-      db-dump = "${config.services.immich.mediaLocation}/immich-db.sql";
-    in
-    {
-      user = "immich";
-      paths = [ config.services.immich.mediaLocation ];
-
-      preparation = {
-        packages = [ config.services.postgresql.package ];
-        text = ''
-          pg_dump ${config.services.immich.database.name} --clean --if-exists --file=${db-dump}
-        '';
-      };
-
-      cleanup = {
-        packages = [ pkgs.coreutils ];
-        text = "rm ${db-dump}";
-      };
-      pauseServices = [
-        "immich-server.service"
-        "immich-machine-learning.service"
-      ];
-    };
 }