diff --git a/machines/photo01/_configuration.nix b/machines/photo01/_configuration.nix
new file mode 100644
index 0000000..18363b9
--- /dev/null
+++ b/machines/photo01/_configuration.nix
@@ -0,0 +1,97 @@
+# TODO: revamp to use the same framework as the other VMs
+{ lib, pkgs, inputs, ... }:
+
+let address = "129.199.146.101";
+in
+{
+  imports = [
+    ./hardware.nix
+
+    # NOTE: For now, only deploy the bare minimum
+    ./photoprism.nix
+    ./immich.nix
+  ];
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+
+  networking.hostName = "photoprism";
+
+  disko.devices = import ./disko.nix;
+
+  deployment.targetHost = address;
+
+  # Set your time zone.
+  time.timeZone = "Europe/Paris";
+
+  environment.systemPackages = with pkgs; [ neovim ];
+
+  services.openssh = {
+    enable = true;
+    settings = { PasswordAuthentication = false; };
+  };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrijwPlb7KQkYPLznMPVzPPT69cLzhEsJzZi9tmxzTh cst1@x270"
+  ];
+
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "webmaster@nixos.org";
+
+  networking.firewall.allowedTCPPorts = [ 22 80 443 8007 ];
+  networking.firewall.allowedUDPPorts = [ ];
+
+  networking.useNetworkd = true;
+
+  systemd.network = {
+    config.routeTables = {
+      he = 100;
+      mwan = 110;
+    };
+    networks = {
+      "10-ens18" = {
+        name = "ens18";
+
+        networkConfig = {
+          Description = "ENS uplink";
+          Address = [ "129.199.146.101/24" ];
+          Gateway = "129.199.146.254";
+          LLDP = true;
+        };
+      };
+    };
+  };
+
+  # TODO: switch to unixsockets if supported
+  services.nginx = {
+    enable = true;
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+    clientMaxBodySize = "500m";
+  };
+
+  nix = {
+    settings = {
+      trusted-users = [ "@wheel" "root" "nix-ssh" ];
+      auto-optimise-store = true;
+    };
+    #package = pkgs.nixUnstable;
+    extraOptions = let
+      empty_registry = builtins.toFile "empty-flake-registry.json"
+        ''{"flakes":[],"version":2}'';
+    in ''
+      experimental-features = nix-command flakes
+      flake-registry = ${empty_registry}
+      builders-use-substitutes = true
+    '';
+    registry.nixpkgs.flake = inputs.nixpkgs;
+    nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
+  };
+
+
+  system.stateVersion = "24.05";
+}
+
diff --git a/machines/photo01/_hardware-configuration.nix b/machines/photo01/_hardware-configuration.nix
new file mode 100644
index 0000000..9ce9955
--- /dev/null
+++ b/machines/photo01/_hardware-configuration.nix
@@ -0,0 +1,16 @@
+{ lib, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+
+  boot.initrd.availableKernelModules =
+    [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  networking.useDHCP = lib.mkDefault false;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
+
diff --git a/machines/photo01/immich.nix b/machines/photo01/immich.nix
new file mode 100644
index 0000000..e252ce9
--- /dev/null
+++ b/machines/photo01/immich.nix
@@ -0,0 +1,16 @@
+{
+  services.immich = {
+    enable = true;
+    # default port: 3001
+    machine-learning.enable = true;
+    host = "localhost";
+  };
+
+  services.nginx.virtualHosts."immich.cgiga.fr" = {
+    enableACME = true;
+    forceSSL = true;
+    serverAliases = [];
+    locations."/".proxyPass = "http://localhost:2283/";
+  };
+}
+
diff --git a/machines/photo01/photoprism.nix b/machines/photo01/photoprism.nix
new file mode 100644
index 0000000..0ee31da
--- /dev/null
+++ b/machines/photo01/photoprism.nix
@@ -0,0 +1,53 @@
+{ lib, modulesPath, pkgs, ... }:
+
+let port = 2342;
+in
+{
+  services.photoprism = {
+    enable = true;
+    port = port;
+    settings = {
+      PHOTOPRISM_DEFAULT_LOCALE = "fr";
+      PHOTOPRISM_ADMIN_USERNAME = "admin";
+      PHOHOPRISM_SITE_URL = "https://photoprism.cgiga.fr";
+      PHOTOPRISM_SITE_CAPTION = "PhotoPrism";
+
+      # DB access config
+      PHOTOPRISM_DATABASE_DRIVER = "mysql";
+      PHOTOPRISM_DATABASE_NAME = "photoprism";
+      PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock";
+      PHOTOPRISM_DATABASE_USER = "photoprism";
+    };
+
+    originalsPath = "/data/photos";
+
+    address = "localhost";
+
+    #importPath = "/photoprism/imports";
+    passwordFile = "/passwords/photoprism";
+  };
+
+  services.mysql = {
+    enable = true;
+    dataDir = "/data/mysql";
+    package = pkgs.mariadb;
+    ensureDatabases = [ "photoprism" ];
+    ensureUsers = [{
+      name = "photoprism";
+      ensurePermissions = {
+        "photoprism.*" = "ALL PRIVILEGES";
+      };
+    }];
+  };
+
+  services.nginx.virtualHosts."photoprism.cgiga.fr" = {
+    enableACME = true;
+    forceSSL = true;
+    serverAliases = [];
+    locations."/" = {
+      proxyPass = "http://localhost:${toString port}/";
+      proxyWebsockets = true;
+    };
+  };
+}
+
diff --git a/meta/nodes.nix b/meta/nodes.nix
index 1479f4e..03bc7d0 100644
--- a/meta/nodes.nix
+++ b/meta/nodes.nix
@@ -19,7 +19,6 @@
   - luj01 -> VM de Luj
 */
 {
-
   krz01 = {
     site = "pav01";
 
@@ -36,6 +35,15 @@
     stateVersion = "24.05";
     nixpkgs = "24.05";
   };
+  photo01 = {
+    site = "pav01";
+
+    # TODO 
+    hashedPassword = "$y$j9T$aFhOWa05W7VKeKt3Nc.nA1$uBOvG4wf7/yWjwOxO8NLf9ipCsAkS1.5cD2EJpLx57A";
+
+    stateVersion = "24.05";
+    nixpkgs = "24.05";
+  };
   router02 = {
     site = "pav01";