{ pkgs, config, ... }:
{
  services.nextcloud = {
    autoUpdateApps.enable = true;
    enable = true;
    hostName = "nc.mc-fucker.cool";
    package = pkgs.nextcloud22;
    https = true;
    config = {
      dbtype = "pgsql";
      #dbhost = "postgres";
      dbhost = "/run/postgresql";
      #dbpassFile = "/etc/nixos/keys/nextcloud-dbpassword";
      extraTrustedDomains = [ "mc4" ];
      adminpassFile = "/etc/nixos/keys/nextcloud-adminpassword";
      adminuser = "Superadmin";
    };
    poolSettings = {
      "pm" = "dynamic";
      "pm.max_children" = "128";
      "pm.max_requests" = "500";
      "pm.max_spare_servers" = "18";
      "pm.min_spare_servers" = "6";
      "pm.start_servers" = "12";
    };
  };

  services.nginx = {
    #package = pkgs.nginxMainline;
    package = pkgs.nginxQuic;
    virtualHosts."${config.services.nextcloud.hostName}" = {
      forceSSL = true;
      #sslCertificate = "/etc/letsencrypt/live/mc-fucker.cool/cert.pem";
      #sslCertificateKey = "/etc/letsencrypt/live/mc-fucker.cool/privkey.pem";
      enableACME = true;
      http3 = true;
    };
  };

  networking.firewall.allowedTCPPorts = [ 80 443 ];
  security.acme = {
    acceptTerms = true;
    email = "dev@mc-fucker.cool";
  };
}

# vim: set et ts=2 sw=2 ai: