{
  pkgs,
  config,
  ...
}: let
  inherit (pkgs) fetchNextcloudApp;
  nextcloud = pkgs.nextcloud23;
  hostName = "nextcloud.${config.services.nginx.domain}";
in {
  services.nextcloud = {
    inherit hostName;

    package = nextcloud;
    enable = true;
    maxUploadSize = "2G";
    https = true;

    config = {
      overwriteProtocol = "https";

      dbtype = "pgsql";
      dbhost = "/run/postgresql";

      adminuser = "tlater";
      adminpassFile = config.sops.secrets."nextcloud/tlater".path;

      defaultPhoneRegion = "AT";
    };

    # TODO(tlater): Add redis config. This will be much easier
    # starting with 22.11, since this will add an `extraOptions` where
    # the necessary redis config can go.
  };

  # Ensure that this service doesn't start before postgres is ready
  systemd.services.nextcloud-setup.after = ["postgresql.service"];

  # Set up SSL
  services.nginx.virtualHosts."${hostName}" = {
    forceSSL = true;
    enableACME = true;
  };
}