{ config, ... }:

let
    workDir = "/srv/containers/nextcloud";
in
{
    systemd.tmpfiles.rules = [
        "d ${workDir} 2700 root admin"
        "d ${workDir}/html 2700 root admin"
        "d ${workDir}/db 2700 root admin"
    ];

    virtualisation.oci-containers.containers = {
        nextcloud = {
            autoStart = true;
            image = "nextcloud:31-apache";

            ports = [
                "0.0.0.0:10003:80"
            ];

            volumes = [
                "${workDir}/html:/var/www/html"
            ];
        
            environmentFiles = [
                config.age.secrets.nextcloud.path
            ];

            dependsOn = [
                "nextcloud-db"
                "nextcloud-redis"
            ];
        };

        nextcloud-db = {
            image = "postgres:18"; # trixie

            volumes = [
                "${workDir}/db:/var/lib/postgresql/data"
            ];

            environmentFiles = [
                config.age.secrets.nextcloud-db.path
            ];
        };

        nextcloud-redis = {
            image = "redis:8-alpine"; # trixie
        };
    };
}