{ pkgs, ... }:

let
  domain = "cloud.giugl.io";
  network = import ./network.nix;
  redis_port = 6379;
in {
  services = {
    mysql = {
      enable = true;
      package = pkgs.unstable.mysql80;
    };

    redis = {
      vmOverCommit = true;
      servers."nextcloud" = {
        enable = true;
        port = redis_port;
      };
    };

    nextcloud = {
      enable = true;
      hostName = domain;
      https = true;
      package = pkgs.unstable.nextcloud25;

      caching = {
        redis = true;
      };

      autoUpdateApps.enable = true;
      autoUpdateApps.startAt = "05:00:00";

      config = {
        overwriteProtocol = "https";
        dbtype = "mysql";
        dbuser = "oc_giulio2";
        dbhost = "localhost";
        dbname = "nextcloud_final";
        dbpassFile = "/secrets/nextcloud/dbpass.txt";
        adminpassFile = "/secrets/nextcloud/adminpass.txt";
        adminuser = "giulio";
        extraTrustedDomains = [ "${domain}" ];
      };
    };
  };

  systemd.services."nextcloud-setup" = {
    requires = [ "mysql.service" ];
    after = [ "mysql.service" ];
  };

  networking.extraHosts = ''
    ${network.architect-lan} ${domain}
    ${network.architect-wg} ${domain}
  '';

  services.nginx.virtualHosts.${domain} = {
    forceSSL = true;
    enableACME = true;
  };
}