# TODOs before actually using this
# - change root auth to use adminpassFile
# - figure out how to use multiple pools (do we need this?)
# - how to enable ldap?
#
# Additional notes:
#  - there is a services.nextcloud.phpExtraExtensions, which may be
#    useful for this, but it's only in nixos-unstable for now
#  - there's a services.nextcloud.autoUpdateApps – do we trust nextcloud
#    enough to enable it, or will everything break if we do?



{pkgs, config, ...}:

{

  containers.nextcloud = {

    autoStart = true;
    privateNetwork = true;
    hostAddress6 = "fd00::10:1";
    localAddress6 = "fs00::10:2";

    config = { pkgs, ... }: {

      environment.systemPackages = [ pkgs.htop ];

      imports = [ ../../../modules/nextcloud.nix ];

      services.nextcloud-patched = {
        enable = true;

        # must be set manually; may not be incremented by more than one at
        # a time, otherwise nextcloud WILL break
        package = pkgs.nextcloud21;

        hostName = "cloud2.infra4future.de";
        config = {
          dbtype = "pgsql";
          dbuser = "nextcloud";
          dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
          dbname = "nextcloud";
          # there's also a adminpassFile option, but for testing this seems
          # enough (less fiddling with getting the file into a nixos
          # container for ad-hoc setups)
          adminpass = "root";
          adminuser = "root";
        };

        caching.redis = true;

        # multiple pools may be doable using services.phpfpm.pools,
        # but i have not tried this yet. The nextcloud module defines a
        # pool "nextcloud"
        poolSettings = {
          pm = "dynamic";
          "pm.max_children" = "32";
          "pm.max_requests" = "500";
          "pm.max_spare_servers" = "4";
          "pm.min_spare_servers" = "2";
          "pm.start_servers" = "2";
        };

        extraOptions = ''
          'redis' => array(
            'host' => '/run/redis/redis.sock',
            'port' => 0,
            'dbindex' => 0,
            'password' => 'secret',
            'timeout' => 1.5,
          ),
        '';

      };

      services.redis = {
        enable = true;
        unixSocket = "/var/run/redis/redis.sock";
      };

      services.postgresql = {
        enable = true;
        ensureDatabases = [ "nextcloud" ];
        ensureUsers = [
          { # by default, postgres has unix sockets enabled, and allows a
          # system user `nextcloud` to log in without other authentication
          name = "nextcloud";
          ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
          }
        ];
      };

      # ensure that postgres is running *before* running the setup
      systemd.services."nextcloud-setup" = {
        requires = ["postgresql.service"];
        after = ["postgresql.service"];
      };

      networking.firewall.allowedTCPPorts = [ 80 443 ];
    };
  };

  services.nginx.virtualHosts."cloud2.infra4future.de" = {
    locations."/".proxyPass = "http:[${config.containers.nextcloud.localAddress6}]";
    enableACME = true;
    forceSSL = true;
  };
}