diff --git a/inventory/serguzim.net.yml b/inventory/serguzim.net.yml
index 09fbdb7..b641194 100644
--- a/inventory/serguzim.net.yml
+++ b/inventory/serguzim.net.yml
@@ -28,6 +28,7 @@ all:
         volumes:
           - forgejo_data
           - homebox_data
+          - immich_upload
           - influxdb_data
           - jellyfin_config
           #- jellyfin_media # TODO
diff --git a/node002.yml b/node002.yml
index 0fe432f..f218d5a 100644
--- a/node002.yml
+++ b/node002.yml
@@ -37,6 +37,8 @@
       tags: [healthcheck, monitoring]
     - role: homebox
       tags: [homebox, inventory]
+    - role: immich
+      tags: [immich, gallery]
     - role: influxdb
       tags: [influxdb, sensors, monitoring]
     - role: jellyfin
diff --git a/roles/backup/files/node002/immich.sh b/roles/backup/files/node002/immich.sh
new file mode 100755
index 0000000..8d245d7
--- /dev/null
+++ b/roles/backup/files/node002/immich.sh
@@ -0,0 +1,5 @@
+backup_path="$BACKUP_LOCATION/immich"
+mkdir -p "$backup_path"
+
+cd /opt/services/immich || exit
+docker compose exec database pg_dump -U "$DB_USERNAME" "$DB_DATABASE" | gzip >"$backup_path/immich.sql.gz"
diff --git a/roles/backup/files/node002/postgres.sh b/roles/backup/files/node002/postgres.sh
index a114704..b4ddb73 100755
--- a/roles/backup/files/node002/postgres.sh
+++ b/roles/backup/files/node002/postgres.sh
@@ -6,9 +6,9 @@ postgres_tables=$(sudo -u postgres psql -Atc "SELECT datname FROM pg_database WH
 for i in $postgres_tables
 do
 	printf "dumping %s ..." "$i"
-	sudo -u postgres pg_dump "$i" | gzip >"pg_dump_$i.gz"
+	sudo -u postgres pg_dump "$i" | gzip >"pg_dump_$i.sql.gz"
 	echo " done"
 done
 
 echo "dumping all"
-sudo -u postgres pg_dumpall | gzip >"pg_dumpall.gz"
+sudo -u postgres pg_dumpall | gzip >"pg_dumpall.sql.gz"
diff --git a/roles/gethomepage/vars/main.yml b/roles/gethomepage/vars/main.yml
index d751904..ced8481 100644
--- a/roles/gethomepage/vars/main.yml
+++ b/roles/gethomepage/vars/main.yml
@@ -46,6 +46,8 @@ gethomepage_services_yml:
             key: "{{ vault_gethomepage.authentik.key }}"
       - coder.serguzim.me:
           href: https://coder.serguzim.me
+      - gallery.serguzim.me:
+          href: https://gallery.serguzim.me
       - git.serguzim.me:
           href: https://git.serguzim.me
       - inventory.serguzim.me:
diff --git a/roles/immich/tasks/main.yml b/roles/immich/tasks/main.yml
new file mode 100644
index 0000000..78fd542
--- /dev/null
+++ b/roles/immich/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
+- name: Deploy {{ svc.name }}
+  vars:
+    svc: "{{ immich_svc }}"
+    env: "{{ immich_env }}"
+    compose: "{{ immich_compose }}"
+  block:
+    - name: Import tasks to deploy common service
+      ansible.builtin.import_tasks: tasks/deploy-common-service.yml
diff --git a/roles/immich/vars/main.yml b/roles/immich/vars/main.yml
new file mode 100644
index 0000000..39f87ae
--- /dev/null
+++ b/roles/immich/vars/main.yml
@@ -0,0 +1,92 @@
+---
+immich_db_host: database
+immich_db_db: immich
+immich_db_user: "{{ vault_immich.db.user }}"
+immich_db_pass: "{{ vault_immich.db.pass }}"
+
+immich_svc:
+  domain: gallery.serguzim.me
+  name: immich
+  port: 3001
+  version: release
+  db:
+    host: "{{ postgres.host }}"
+    database: authentik
+
+
+immich_env:
+  # IMMICH_CONFIG_FILE: /immich.json
+
+  TZ: "{{ timezone }}"
+
+  DB_HOSTNAME: "{{ immich_db_host }}"
+  DB_DATABASE_NAME: "{{ immich_db_db }}"
+  DB_USERNAME: "{{ immich_db_user }}"
+  DB_PASSWORD: "{{ immich_db_pass }}"
+
+  POSTGRES_DB: "{{ immich_db_db }}"
+  POSTGRES_USER: "{{ immich_db_user }}"
+  POSTGRES_PASSWORD: "{{ immich_db_pass }}"
+
+  REDIS_HOSTNAME: redis
+
+immich_compose:
+  watchtower: false
+  image: ghcr.io/immich-app/immich-server:release
+  volumes:
+    - upload:/usr/src/app/upload
+  file:
+    services:
+      app:
+        command: ["start.sh", "immich"]
+        depends_on:
+          - database
+          - redis
+
+      microservices:
+        image: ghcr.io/immich-app/immich-server:release
+        # extends:
+        #   file: hwaccel.yml
+        #   service: hwaccel
+        command: ["start.sh", "microservices"]
+        volumes:
+          - upload:/usr/src/app/upload
+        env_file:
+          - service.env
+        depends_on:
+          - redis
+          - database
+        restart: always
+        networks:
+          default:
+
+      machine-learning:
+        image: ghcr.io/immich-app/immich-machine-learning:release
+        volumes:
+          - model-cache:/cache
+        env_file:
+          - service.env
+        restart: always
+        networks:
+          default:
+
+      redis:
+        image: redis:6.2-alpine
+        restart: always
+        networks:
+          default:
+
+      database:
+        image: tensorchord/pgvecto-rs:pg16-v0.1.11
+        env_file:
+          - service.env
+        volumes:
+          - pgdata:/var/lib/postgresql/data
+        restart: always
+        networks:
+          default:
+
+    volumes:
+      upload:
+      pgdata:
+      model-cache: