{
  pkgs,
  config,
  lib,
  ...
}:
with lib; let
  cfg = config.my.services.nextcloud;
in {
  options.my.services.nextcloud = {
    enable = mkEnableOption "Nextcloud";
    port = mkOption {
      type = types.port;
      default = 9090;
      example = 8080;
      description = "HTTP port for the Nextcloud service.";
    };
  };

  config = mkIf cfg.enable {
    services.nextcloud = {
      enable = true;
      package = pkgs.nextcloud29;
      hostName = "cloud.thomasfmly.org";
      phpExtraExtensions = ext: with ext; [smbclient];

      database.createLocally = true;
      configureRedis = true;

      maxUploadSize = "16G";

      autoUpdateApps.enable = true;
      extraAppsEnable = true;
      # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
      extraApps = with config.services.nextcloud.package.packages.apps; {
        inherit calendar notes user_oidc;
      };

      config = {
        dbtype = "pgsql";
        adminuser = "michael";
        adminpassFile = config.age.secrets.nextcloudAdminpass.path;
      };

      settings = {
        # Proxy Settings
        overwriteprotocol = "https";
        trusted_proxies = ["192.168.1.10"];

        # Configuration Settings
        default_phone_region = "US";
        maintenance_window_start = 1;
      };

      phpOptions = {
        "opcache.interned_strings_buffer" = "23";
      };
    };

    age.secrets.nextcloudAdminpass = {
      file = ../../../secrets/nextcloud-adminpass.age;
      owner = "nextcloud";
      group = "nextcloud";
    };

    services.nginx.virtualHosts."${config.services.nextcloud.hostName}".listen = [
      {
        addr = "0.0.0.0";
        inherit (cfg) port;
      }
    ];

    networking.firewall.allowedTCPPorts = [cfg.port];
  };
}