diff --git a/flake.nix b/flake.nix
index 0463940..77cdae1 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,6 @@
 # flake for blakes nixos config
 # define new devices in outputs
-# generation: 165 current  2025-10-09 14:23:49  25.05.20251006.20c4598  6.12.50                          *
+# generation: 166 current  2025-10-09 15:08:58  25.05.20251006.20c4598  6.12.50                          *
 {
   description = "blakes nix config";
   inputs = {
diff --git a/modules/homelab/services/immich/default.nix b/modules/homelab/services/immich/default.nix
index dfe18e5..976ac67 100644
--- a/modules/homelab/services/immich/default.nix
+++ b/modules/homelab/services/immich/default.nix
@@ -48,10 +48,10 @@ in
       description = "${service} server user";
       uid = lib.mkForce cfg.ids;
       isSystemUser = true;
-#      home = cfg.data_dir;
-#      createHome = true;
+      home = cfg.data_dir;
+      createHome = true;
       group = "${service}";
-      extraGroups = [ "media" "video" "render" ];
+      extraGroups = [ "video" "render" ];
     };
 
     # enable the ${service} service
@@ -60,16 +60,16 @@ in
       openFirewall = true;
       user = "${service}";
       group = "${service}";
-#      mediaLocation = /holocron/vault/users/blake/pictures/immich/upload;
+      mediaLocation = /holocron/vault/users/blake/pictures/immich/upload;
       host = "0.0.0.0";
       port = cfg.port;
       settings.server.externalDomain = "https://pics.blakedheld.xyz";
     };
 
     # override umask to make permissions work out
-#    systemd.services.${service}.serviceConfig = {
-#      UMask = lib.mkForce "0007";
-#    };
+    systemd.services.${service}.serviceConfig = {
+      UMask = lib.mkForce "0007";
+    };
 
 #    # open firewall
 #    networking.firewall.allowedTCPPorts = [ cfg.port ];