{ pkgs, config, ...} :
let
  root_host = "grimmauld.de";
  nextcloud_host = "cloud.${root_host}";
  nextcloud_port = 8083;
in {
  security.acme.certs."${root_host}".extraDomainNames = [ nextcloud_host ];
  age.secrets.nextcloud_admin_pass = {
    file = ../secrets/nextcloud_admin_pass.age;
    owner = "nextcloud";
    group = "nextcloud";
    mode = "0600";
  };


  services.nextcloud = {
    enable = true;
    https = true;
    hostName = nextcloud_host;
    package = pkgs.nextcloud28;
#    extraApps = with config.services.nextcloud.package.packages.apps; [
#      news contacts calendar tasks;
#    ];
    config = {
      adminpassFile = config.age.secrets.nextcloud_admin_pass.path;
    };
  };

  services.nginx = {
    enable = true;
    virtualHosts."${nextcloud_host}" = {
      serverName = nextcloud_host;
      forceSSL = true;
      useACMEHost = root_host;
    };
  };
}