{ config, pkgs, ... }:
{
    environment.systemPackages = with pkgs; [           # Default packages install system-wide
      appimage-run
    ];

    services.nextcloud = {
        enable = true;
        hostName = "cloud.kabtop.de";
        https = true;
        package = pkgs.nextcloud29;
        database.createLocally = false;
        notify_push.enable = true;
        caching = {
            redis = true;
            apcu = false;
        };
        settings = {
            log_type = "file";
            logfile = "nextcloud.log";
            overwriteprotocol = "https";
            default_phone_region = "DE";

            redis = {
                host = "/run/redis-nextcloud/redis.sock";
                port = 0;
            };
            "memcache.local" = "\\OC\\Memcache\\Redis";
            "memcache.distributed" = "\\OC\\Memcache\\Redis";
            "memcache.locking" = "\\OC\\Memcache\\Redis";
            "maintenance_window_start" = "1";
        };
        config = {
            dbtype = "pgsql";
            dbuser = "nextcloud";
            dbhost = "localhost";
            dbname = "nextclouddb";
            adminuser = "kabbone"; 
            adminpassFile = config.age.secrets."services/nextcloud/adminpassFile".path;
            dbpassFile = config.age.secrets."services/nextcloud/dbpassFile".path;
        };
        phpOptions = {
            "opcache.interned_strings_buffer" = "16";
        };
    #autoUpdateApps.enable = true;
    };

    services.onlyoffice = {
        enable = true;
        hostname = "docs.cloud.kabtop.de";
        postgresName = "onlyoffice";
        postgresHost = "localhost";
        postgresUser = "onlyoffice";
        postgresPasswordFile = config.age.secrets."services/nextcloud/onlyofficedb".path;
        jwtSecretFile = config.age.secrets."services/nextcloud/onlyofficejwt".path;
    };

    services.redis = {
        vmOverCommit = true;
        servers.nextcloud = {
            enable = true;
            user = "nextcloud";
            port = 0;
        };
    };

    services.nginx = {
      enable = true;
      virtualHosts = {
        "${config.services.nextcloud.hostName}" = {
          enableACME = true;
          forceSSL = true;
        };
        "${config.services.onlyoffice.hostname}".listen = [ {
            addr = "127.0.0.1"; port = 8080;
        } ];
      };
    };

    age.secrets."services/nextcloud/dbpassFile" = {
        file = ../../../secrets/services/nextcloud/dbpassFile.age;
        owner = "nextcloud";
    };
    age.secrets."services/nextcloud/adminpassFile" = {
        file = ../../../secrets/services/nextcloud/adminpassFile.age;
        owner = "nextcloud";
    };
    age.secrets."services/nextcloud/onlyofficedb" = {
        file = ../../../secrets/services/nextcloud/onlyofficedb.age;
        owner = "onlyoffice";
    };
    age.secrets."services/nextcloud/onlyofficejwt" = {
        file = ../../../secrets/services/nextcloud/onlyofficejwt.age;
        owner = "onlyoffice";
    };

    systemd.services."nextcloud-setup" = {
        requires = ["postgresql.service"];
        after = ["postgresql.service"];
    };

    security.acme.defaults.email = "webmaster@kabtop.de";
    security.acme.defaults.webroot = "/var/lib/acme/acme-challenge";
    security.acme.acceptTerms = true;

}