{ lib, config, pkgs, ... }:

# TODO: setup prometheus exporter

let
  inherit (lib)
    mkEnableOption
    mkIf
  ;

  cfg = config.my.services.nextcloud;
  my = config.my;
  domain = config.networking.domain;
  dbName = "nextcloud";
in
{
  options.my.services.nextcloud = {
    enable = mkEnableOption "NextCloud";
  };

  config = mkIf cfg.enable {
    services.postgresql = {
      enable = true;

      ensureDatabases = [ dbName ];
      ensureUsers = [
        {
          name = "nextcloud";
          ensurePermissions = {
            "DATABASE ${dbName}" = "ALL PRIVILEGES";
          };
        }
      ];
    };

    # not handled by module
    systemd.services.nextcloud-setup= {
      requires = [ "postgresql.service" ];
      after = [ "postgresql.service" ];
    };

    services.postgresqlBackup = {
      databases = [ dbName ];
    };

    services.nextcloud = {
      enable = true;

      hostName = "cloud.${domain}";
      https = true;
      package = pkgs.nextcloud23;

      maxUploadSize = "1G";

      config = {
        overwriteProtocol = "https";

        defaultPhoneRegion = "FR";

        dbtype = "pgsql";
        dbuser = "nextcloud";
        dbname = dbName;
        dbhost = "/run/postgresql";

        adminuser = my.secrets.nextcloud-admin-user;
        adminpassFile = "${my.secrets.nextcloud-admin-pass}";
      };
    };

    services.nginx = {
      virtualHosts = {
        "cloud.${domain}" = {
          forceSSL = true;
          useACMEHost = domain;
        };
      };
    };

    my.services.restic-backup = let
      nextcloudHome = config.services.nextcloud.home;
    in mkIf cfg.enable  {
      paths = [ nextcloudHome ];
      exclude = [
        # borg can fail if *.part files disappear during backup
        "${nextcloudHome}/data/*/uploads"
        # image previews can take up a lot of space
        "${nextcloudHome}/data/appdata_*/preview"
        # specific account for huge files I don't care about losing
        "${nextcloudHome}/data/misc"
      ];
    };
  };
}