{
  self,
  config,
  lib,
  pkgs,
  ...
}: let
  domain = "cloud.sondell.org";
  nextcloud = pkgs.nextcloud29;
in {
  environment.systemPackages = [
    nextcloud
  ];
  systemd.timers."nextcloud-db-backup" = {
    wantedBy = ["timers.target"];
    timerConfig = {
      # OnBootSec = "5m";
      # OnUnitActiveSec = "5m";
      OnCalendar = "*-*-* 2:00:00";
      Unit = "nextcloud-db-backup.service";
    };
  };

  systemd.services.nextcloud-cron = {
    path = [pkgs.perl];
  };
  systemd.services."nextcloud-db-backup" = {
    script = with pkgs; ''
      set -eu
      date=$(date --iso-8601)
      ${postgresql}/bin/pg_dump "nextcloud" | ${openssh}/bin/ssh -i /etc/nixos/.secrets/tulpan Glenn@nas "cat - > back/nextcloud/sqldump/$date.sql"
    '';
    serviceConfig = {
      Type = "oneshot";
      User = "postgres";
    };
  };

  services = {
    restic.backups = {
      "nextcloud" = {
        passwordFile = "/etc/nixos/.secrets/restic_pw";
        repository = "sftp:Glenn@nas:/home/back/nextcloud/restic-repo";
        paths = [
          "/pool/var/lib/nextcloud"
        ];
        user = "sondell";
        timerConfig.OnCalendar = "02:05";
        pruneOpts = [
          "--keep-daily 10"
          "--keep-weekly 5"
          "--keep-monthly 12"
          "--keep-yearly 75"
        ];
      };
    };

    nginx.virtualHosts = {
      ${domain} = {
        forceSSL = true;
        enableACME = true;
        # Use DNS Challenege.
        # acmeRoot = null;
      };
    };
    postgresql.enable = true;
    #
    nextcloud = {
      enable = true;
      hostName = domain;
      # Need to manually increment with every major upgrade.
      package = nextcloud;
      # Let NixOS install and configure the database automatically.
      database.createLocally = true;
      # Increase the maximum file upload size.
      datadir = "/pool/var/lib/nextcloud";

      maxUploadSize = "16G";
      https = true;
      autoUpdateApps.enable = true;
      extraAppsEnable = true;
      # Let NixOS install and configure Redis caching automatically.
      configureRedis = true;
      settings = {
        maintenance_window_start = 1;
      };
      extraOptions = {
        "memories.exiftool" = "${lib.getExe pkgs.exiftool}";
        "memories.vod.ffmpeg" = "${lib.getExe pkgs.ffmpeg-headless}";
        "memories.vod.ffprobe" = "${pkgs.ffmpeg-headless}/bin/ffprobe";
        preview_ffmpeg_path = "${pkgs.ffmpeg-headless}/bin/ffmpeg";

        #  redis = {
        #     # host = "/run/redis/redis.sock";
        #     port = 0;
        #     dbindex = 0;
        #     password = "secret";
        #     timeout = 1.5;
        # };
      };
      extraApps = with config.services.nextcloud.package.packages.apps; {
        # List of apps we want to install and are already packaged in
        # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
        inherit mail calendar contacts notes onlyoffice cookbook spreed memories previewgenerator;
      };
      config = {
        overwriteProtocol = "https";
        defaultPhoneRegion = "SE";
        dbtype = "pgsql";
        adminuser = "admin";
        adminpassFile = "/etc/nixos/.secrets/nextadminpw";
      };
      # Suggested by Nextcloud's health check.
      phpOptions."opcache.interned_strings_buffer" = "16";
    };
    # Nightly database backups.
    # postgresqlBackup = {
    #   enable = true;
    #   startAt = "*-*-* 01:15:00";
    # };
  };
  services.onlyoffice = {
    enable = true;
    port = 8123;
    hostname = "office.sondell.org";
    jwtSecretFile = "/etc/nixos/.secrets/onlyoffice.jwt";
  };
  services.nginx.virtualHosts."office.sondell.org" = {
    forceSSL = true;
    enableACME = true;
    #   locations."/".proxyPass = "http://12:8123";
  };
}