diff --git a/flake.lock b/flake.lock
index 08d0508..1b3b17a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -122,11 +122,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1746066807,
-        "narHash": "sha256-JeUri9kpPguZnY69qXIcCLQAIx7GMbF2dRmRYM6JaZg=",
+        "lastModified": 1746001439,
+        "narHash": "sha256-MQplzhcXXrAlfDIfklvYxXtnxv5akmeLaeGIvouYYUI=",
         "owner": "nix-community",
         "repo": "emacs-overlay",
-        "rev": "9a415a8b4c90c1f0719aefed19a80514f7a2f771",
+        "rev": "769f426eb3f6bc6d26f03106ac5772b98595a7b8",
         "type": "github"
       },
       "original": {
@@ -387,11 +387,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1746040799,
-        "narHash": "sha256-osgPX/SzIpkR50vev/rqoTEAVkEcOWXoQXmbzsaI4KU=",
+        "lastModified": 1745987135,
+        "narHash": "sha256-8Up4QPuMZEJBU0eefAY+nUe7DYKQQzvaHnMpNdwRgKA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "5f217e5a319f6c186283b530f8c975e66c028433",
+        "rev": "d2b3e6c83d457aa0e7f9344c61c3fed32bad0f7e",
         "type": "github"
       },
       "original": {
diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix
index 9daa84c..9faac29 100644
--- a/hosts/sisko/default.nix
+++ b/hosts/sisko/default.nix
@@ -35,7 +35,6 @@
       "mosh"
       "amule"
       "adguard-home"
-      "garmin-grafana"
     ]
     ++ [
       ./disko.nix
diff --git a/modules/garmin-grafana/default.nix b/modules/garmin-grafana/default.nix
deleted file mode 100644
index 90795e6..0000000
--- a/modules/garmin-grafana/default.nix
+++ /dev/null
@@ -1,53 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-let
-  garmin-grafana-flake = builtins.getFlake "github:NixOS/nixpkgs/1f03fefb44665cd2377912033de22ffaba2be48d";
-  inherit (garmin-grafana-flake.legacyPackages.${pkgs.system}) garmin-grafana;
-in
-{
-  users.users.garmin-grafana = {
-    isSystemUser = true;
-    group = "garmin-grafana";
-    extraGroups = [ "garmin-grafana" ];
-    home = "/var/lib/garmin-grafana";
-  };
-
-  users.groups.garmin-grafana = { };
-
-  systemd.services.garmin-grafana = {
-    description = "garmin-grafana";
-    wantedBy = [ "multi-user.target" ];
-    environment = {
-      INFLUXDB_HOST = "localhost";
-      INFLUXDB_PORT = "8086"; # it's hardcoded in the influxdb NixOS module
-      INFLUXDB_USERNAME = "garmin-grafana";
-      INFLUXDB_PASSWORD = "password"; # FIXME terrible but the databse is not exposed at least
-      INFLUXDB_DATABASE = "garmin-stats";
-      GARMINCONNECT_IS_CN = "False";
-      USER_TIMEZONE = "Europe/Rome";
-      KEEP_FIT_FILES = "True";
-      ALWAYS_PROCESS_FIT_FILES = "True";
-      # MANUAL_START_DATE = "2024-06-01";
-      # MANUAL_END_DATE = "2025-12-31";
-    };
-    serviceConfig = {
-      ExecStart = lib.getExe garmin-grafana;
-      Group = "garmin-grafana";
-      User = "garmin-grafana";
-      WorkingDirectory = "/var/lib/garmin-grafana";
-    };
-  };
-
-  # garmin-grafana uses influxdb V1, probably it's the only software I'll ever use using the V1
-  # so I"m keeping its declaration inside this module
-  services.influxdb.enable = true;
-
-  environment.persistence."/persist".directories = [
-    "/var/lib/garmin-grafana"
-    config.services.influxdb.dataDir
-  ];
-}
diff --git a/modules/immich/default.nix b/modules/immich/default.nix
index bf93484..ffa5968 100644
--- a/modules/immich/default.nix
+++ b/modules/immich/default.nix
@@ -1,25 +1,99 @@
-{ config, ... }:
-{
-  environment.persistence."/persist".directories = [
-    config.services.immich.machine-learning.environment.MACHINE_LEARNING_CACHE_FOLDER
+{ ... }:
+let
+  vars = {
+    serviceConfigRoot = "/mnt/hd/immich/state";
+    mainArray = "/mnt/hd/immich/";
+    domainName = "photos.aciceri.dev";
+  };
+  directories = [
+    "${vars.serviceConfigRoot}/immich"
+    "${vars.serviceConfigRoot}/immich/postgresql"
+    "${vars.serviceConfigRoot}/immich/postgresql/data"
+    "${vars.serviceConfigRoot}/immich/config"
+    "${vars.serviceConfigRoot}/immich/machine-learning"
+    "${vars.mainArray}/Photos"
+    "${vars.mainArray}/Photos/Immich"
+    "${vars.mainArray}/Photos/S10m"
   ];
-
-  services.immich = {
-    enable = true;
-    mediaLocation = "/mnt/hd/immich";
+in
+{
+  systemd.tmpfiles.rules = map (x: "d ${x} 0775 root root - -") directories;
+  systemd.services = {
+    podman-immich = {
+      requires = [
+        "podman-immich-redis.service"
+        "podman-immich-postgres.service"
+      ];
+      after = [
+        "podman-immich-redis.service"
+        "podman-immich-postgres.service"
+      ];
+    };
+    podman-immich-postgres = {
+      requires = [ "podman-immich-redis.service" ];
+      after = [ "podman-immich-redis.service" ];
+    };
   };
 
-  # The reason for this hack is quite bad
-  # Before using the NixOS module Immich was installed using Docker, for this
-  # reason the paths of the images in the database looks like `/photos/...`
-  # and after migrating to the NixOS module I kept getting 404s for all the
-  # old pictures.
-  # Frankly it seems weird that it saved the absolute paths in the DB, perhaps
-  # it saves somewhere else the media location root and then merge the paths,
-  # however, nevertheless I set `mediaLocation` it didn't work
-  fileSystems."/photos" = {
-    device = "/mnt/hd/immich/";
-    fsType = "ext4";
-    options = [ "bind" ];
+  virtualisation.oci-containers.containers = {
+    immich = {
+      autoStart = true;
+      image = "ghcr.io/imagegenius/immich:latest";
+      volumes = [
+        "${vars.serviceConfigRoot}/immich/config:/config"
+        "${vars.mainArray}/Photos/Immich:/photos"
+        "${vars.mainArray}/Photos/S10m:/import:ro"
+        "${vars.serviceConfigRoot}/immich/machine-learning:/config/machine-learning"
+      ];
+      # environmentFiles = [ config.age.secrets.ariaImmichDatabase.path ];
+      environment = {
+        PUID = "994";
+        PGID = "993";
+        TZ = "Europe/Rome";
+        DB_HOSTNAME = "immich-postgres";
+        DB_USERNAME = "immich";
+        DB_DATABASE_NAME = "immich";
+        REDIS_HOSTNAME = "immich-redis";
+        DB_PASSWORD = "password";
+      };
+      extraOptions = [
+        "--pull=newer"
+        "--network=container:immich-redis"
+      ];
+    };
+
+    immich-redis = {
+      autoStart = true;
+      image = "redis";
+      extraOptions = [
+        "--pull=newer"
+        "-l=traefik.enable=true"
+        "-l=traefik.http.routers.immich.rule=Host(`photos.${vars.domainName}`)"
+        "-l=traefik.http.routers.immich.service=immich"
+        "-l=traefik.http.services.immich.loadbalancer.server.port=8080"
+      ];
+      ports = [
+        "8080:8080"
+      ];
+    };
+
+    immich-postgres = {
+      autoStart = true;
+      image = "tensorchord/pgvecto-rs:pg14-v0.2.1";
+      volumes = [
+        "${vars.serviceConfigRoot}/immich/postgresql/data:/var/lib/postgresql/data"
+      ];
+      # environmentFiles = [ config.age.secrets.ariaImmichDatabase.path ];
+      environment = {
+        POSTGRES_USER = "immich";
+        POSTGRES_DB = "immich";
+        POSTGRES_HOST_AUTH_METHOD = "trust";
+        POSTGRES_PASSWORD = "password";
+      };
+      extraOptions = [
+        "--pull=newer"
+        "--network=container:immich-redis"
+      ];
+    };
   };
 }
diff --git a/modules/sisko-proxy/default.nix b/modules/sisko-proxy/default.nix
index 19b32b5..f35fcd1 100644
--- a/modules/sisko-proxy/default.nix
+++ b/modules/sisko-proxy/default.nix
@@ -34,7 +34,7 @@
       forceSSL = true;
       enableACME = true;
       locations."/" = {
-        proxyPass = "http://localhost:${builtins.toString config.services.immich.port}";
+        proxyPass = "http://localhost:8080";
         proxyWebsockets = true;
       };
     };