{ config, lib, pkgs, ... }:

{
  containers.nextcloud.timeoutStartSec = "10 min";
  hacc.containers.nextcloud = {
    config = { config, lib, pkgs, ... }: {
      environment.systemPackages = [ pkgs.htop ];

      services.nextcloud = {
        enable = true;

        # must be set manually; may not be incremented by more than one at
        # a time, otherwise nextcloud WILL break
        package = pkgs.nextcloud30;

        home = "/persist/nextcloud";
        https = true;

        hostName = "cloud.infra4future.de";
        config = {
          dbtype = "pgsql";
          dbuser = "nextcloud";
          dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
          dbname = "nextcloud";
          # socket auth does not needs this, but the module insists it does
          adminpassFile = "/persist/adminpassfile";
          adminuser = "root";
        };

        # multiple pools may be doable using services.phpfpm.pools,
        # but i have not tried this yet. The nextcloud module defines a
        # pool "nextcloud"
        poolSettings = {
          pm = "dynamic";
          "pm.max_children" = "32";
          "pm.max_requests" = "500";
          "pm.max_spare_servers" = "4";
          "pm.min_spare_servers" = "2";
          "pm.start_servers" = "2";
        };

        settings = {
          instanceid = "ocxlphb7fbju";
          datadirectory = "/persist/nextcloud/data";
          loglevel = 0;
          "overwrite.cli.url" = "https://cloud.infra4future.de";
        };
      };

      services.postgresql = {
        enable = true;
        package = pkgs.postgresql_15;
        ensureDatabases = [ "nextcloud" ];
        ensureUsers = [
          { # by default, postgres has unix sockets enabled, and allows a
            # system user `nextcloud` to log in without other authentication
            name = "nextcloud";
            ensureDBOwnership = true;
          }
        ];
      };

      services.postgresqlBackup = {
        enable = true;
        databases = [ "nextcloud" ];
        startAt = "*-*-* 23:45:00";
        location = "/persist/backups/postgres";
      };

      # ensure that postgres is running *before* running the setup
      systemd.services."nextcloud-setup" = {
        requires = ["postgresql.service"];
        after = ["postgresql.service"];
      };
    };
  };

  services.nginx.virtualHosts."cloud.infra4future.de" = {
    locations."/".proxyPass = "http://${config.containers.nextcloud.localAddress}:80";
    enableACME = true;
    forceSSL = true;
    extraConfig = ''
      proxy_buffering off;
      client_max_body_size 0;
      add_header Cache-Control "no-store, no-cache, must-revalidate";
    '';
  };

}