{ pkgs, config, lib, ... }:
{
  services.nextcloud = {
    enable = true;
    hostName = "nuage.beta.rz.ens.wtf";
    https = true;

    package = pkgs.nextcloud23;

    config = {
      overwriteProtocol = "https";

      dbtype = "pgsql";
      dbhost = "/run/postgresql";

      dbpassFile = config.age.secrets.nextcloudDatabasePassword.path;
      adminpassFile = config.age.secrets.nextcloudAdminPassword.path;

      defaultPhoneRegion = "FR";
    };

    poolSettings = {
      pm = "dynamic";
      "pm.max_children" = 100;
      "pm.start_servers" = 16;
      "pm.min_spare_servers" = 8;
      "pm.max_spare_servers" = 16;
      "pm.status_path" = "/status";
    };
  };

  services.nginx = {
    virtualHosts = {
      "nuage.beta.rz.ens.wtf" = {
        forceSSL = true;
        enableACME = true;
        http2 = true;
      };
    };
  };

  services.postgresql = {
    enable = true;

    ensureDatabases = [ "nextcloud" ];
    ensureUsers = [
      { name = "nextcloud";
        ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
      }
    ];
  };

  systemd.services."nextcloud-setup" = {
    requires = [ "postgresql.service" ];
    after = [ "postgresql.service" ];
  };

  networking.firewall.allowedTCPPorts = [ 80 443 ];
}