{ pkgs, config, lib, ... }:

let
  domain = "cloud.giugl.io";
  redis_port = 6379;

  utilities = import ./utilities.nix { inherit lib config; };
  inherit (utilities) architectInterfaceAddress;
in
{
  age.secrets = {
    nextcloud-admin = {
      file = ../../secrets/nextcloud-admin.age;
      owner = "nextcloud";
      group ="nginx";
    };
    nextcloud-database = {
      file = ../../secrets/nextcloud-database.age;
      owner = "nextcloud";
      group = "nginx";
    };
  };

  environment.systemPackages = with pkgs; [
    nodejs-18_x
    libtensorflow
    ffmpeg
  ];

  services = {
    nginx.virtualHosts.${domain} = {
      forceSSL = true;
      enableACME = true;
      extraConfig = ''
        aio threads;
        directio 1M;
        output_buffers 3 1M;

        sendfile on;
        sendfile_max_chunk 0;

        autoindex on;
      '';
    };

    mysql = {
      enable = true;
      package = pkgs.mariadb_1011;
    };

    redis = {
      vmOverCommit = true;
      servers."nextcloud" = {
        enable = true;
        port = redis_port;
      };
    };

    nextcloud = {
      enable = true;
      hostName = domain;
      https = true;
      package = pkgs.nextcloud30;
      datadir = "/services/nextcloud";
      configureRedis = true;
      caching = {
        redis = true;
      };

      autoUpdateApps.enable = true;
      autoUpdateApps.startAt = "05:00:00";

      maxUploadSize = "50G";

      settings = {
        overwriteprotocol = "https";
      };

      config = {
        dbtype = "mysql";
        dbuser = "nextcloud";
        dbhost = "localhost";
        dbname = "nextcloud";
        dbpassFile = config.age.secrets.nextcloud-database.path;
        adminpassFile = config.age.secrets.nextcloud-admin.path;
      };
    };
  };

  systemd.services."nextcloud-setup" = {
    requires = [ "mysql.service" ];
    after = [ "mysql.service" ];
  };

  networking.extraHosts = ''
    ${architectInterfaceAddress "lan"} ${domain}
    ${architectInterfaceAddress "tailscale"} ${domain}
  '';

}