{config, pkgs, ...}:
let
  fqdn = "nextcloud.bib3.de";
in {
  services.nginx = {
    enable = true;
    
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;

    sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";

    virtualHosts.${fqdn} = {
      forceSSL = true;
      enableACME = true;
    };
  };

  services.nextcloud = {
    enable = true;
    hostName = fqdn;
    nginx.enable = true;
    config = {
      dbtype = "pgsql";
      dbuser = "nextcloud";
      dbhost = "/run/postgresql";
      dbname = "nextcloud";
      adminpassFile = "/var/lib/nextcloud/config/adminpass";
      adminuser = "root";
    };
  };  

  systemd.services."nextcloud-setup" = {
    requires = [ "postgresql.service" ];
    after =  [ "postgresql.service" ];
  };

  services.postgresql = {
    enable = true;
    ensureDatabases = [ "nextcloud" ];
    ensureUsers = [
      {
        name = "nextcloud";
        ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
      }
    ];
  };

}