{ config, self, lib, pkgs,  ... }:

with lib;

let
  hosts = import ../hosts.nix {};
in
{
  sops.defaultSopsFile = ./secrets.yaml;
  sops.secrets = {
    nextcloudAdminPass = {
      owner = "nextcloud";
      group = "nextcloud";
    };
  };

  networking = {
    hostName = mkDefault "nextcloud";
    useDHCP = false;
  };

  imports = [
    self.nixosModules.malobeo.metrics
    ../modules/malobeo_user.nix
    ../modules/sshd.nix
    ../modules/minimal_tools.nix
    ../modules/autoupdate.nix
  ];

  malobeo.metrics = {
    enable = true;
    enablePromtail = true;
    logNginx = true;
  };

  services.postgresqlBackup = {
    enable = true;
  };

  services.nextcloud = {
    enable = true;
    package = pkgs.nextcloud33;
    hostName = "cloud.malobeo.org";
    config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path;
    maxUploadSize = "10G";
    datadir = "/data/services/nextcloud/";
    database.createLocally = true;
    config.dbtype = "pgsql";
    configureRedis = true;
    caching = {
      redis = true;
      apcu = true;
    };
    extraAppsEnable = true;
    extraApps = {
      inherit (config.services.nextcloud.package.packages.apps) contacts calendar polls registration collectives forms;
      deck = pkgs.fetchNextcloudApp {
        sha256 = "sha256-Oc/J0Ey7f9aHhLBWoAXaDMe2t0eeEQKvpwY510qNpiI=";
        url = "https://s3.g.megas4.com/ya5mczgkbk6bw7tcy2yr4bl2vdryfe76ok2dj/malo/deck33.tar.gz";
        license = "agpl3Plus";
      };
    };
    settings = {
      trusted_domains = [ "cloud.malobeo.org" "cloud.hq.malobeo.org" ];
      trusted_proxies = [ hosts.malobeo.hosts.fanny.network.address ];
      overwriteprotocol = "https";
      "maintenance_window_start" = "1";
      "default_phone_region" = "DE";
    };
    phpOptions = {
      "realpath_cache_size" = "0";
      "opcache.interned_strings_buffer" = "32";
    };
  };

  networking.firewall.allowedTCPPorts = [ 80 443 ];

  system.stateVersion = "22.11"; # Did you read the comment?
}