{
  config,
  pkgs,
  lib,
  components,
  inputs,
  ...
}:
let
  mySQLPackage = pkgs.mariadb;
  photoprismPort = 2342;
  mysqlPort = 3336;
in
{

  networking.firewall.interfaces.wg0.allowedTCPPorts = [ photoprismPort ];
  # networking.firewall.interfaces.wg0.allowedUDPPorts = [ photoprismPort ];

  healthchecks.closed.public.ports.photoprism = [
    photoprismPort
    mysqlPort
  ];
  healthchecks.http.photoprism = {
    url = "http://10.100.0.1:2342/library/login";
    expectedContent = "AI-Powered Photos App";
  };

  containers.photoprism = {
    privateNetwork = false;
    autoStart = true;

    config =
      { config, lib, ... }:
      {
        nixpkgs.pkgs = pkgs;
        imports = [
          inputs.nix-topology.nixosModules.default
          inputs.telemetry.nixosModules.container-telemetry-non-private-network
        ];
        system.stateVersion = "23.11";
        services.logrotate.checkConfig = false; # because uid 3000 does not exist in here

        environment.systemPackages = [
          config.services.photoprism.package
        ];

        # Photoprism
        # ----------
        services.photoprism = {
          enable = true;
          port = photoprismPort;
          originalsPath = "/var/lib/private/photoprism/originals";
          address = "0.0.0.0";
          settings = {
            PHOTOPRISM_ADMIN_USER = "admin";
            PHOTOPRISM_ADMIN_PASSWORD = "..."; # change me after initialisation
            PHOTOPRISM_DEFAULT_LOCALE = "en";
            PHOTOPRISM_DATABASE_DRIVER = "mysql";
            PHOTOPRISM_DATABASE_NAME = "photoprism";
            PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock";
            PHOTOPRISM_DATABASE_USER = "photoprism";
            PHOTOPRISM_SITE_URL = "http://photoprism.orbi.private:${toString photoprismPort}";
            PHOTOPRISM_SITE_TITLE = "PhotoPrism";
            PHOTOPRISM_UPLOAD_NSFW = "true";
            #PHOTOPRISM_THUMB_UNCACHED = "false"; # https://docs.photoprism.app/user-guide/settings/advanced/#static-and-dynamic-size-limits < prevents thumbs from  beeing wrong orientation, but takes time for photo import.
          };
        };

        # MySQL Database
        # --------------
        services.mysql = {
          enable = true;
          package = mySQLPackage;
          settings.mysqld.port = mysqlPort;
          ensureDatabases = [ "photoprism" ];
          ensureUsers = [
            {
              name = "photoprism";
              ensurePermissions = {
                "photoprism.*" = "ALL PRIVILEGES";
              };
            }
          ];
        };

        # Backup Database
        # ---------------
        services.mysqlBackup = {
          enable = true;
          databases = config.services.mysql.ensureDatabases;
          singleTransaction = true;
        };

      };
  };

}