{ config, ... }:

let
  vars = import ../vars.nix;
  nextcloud_path = vars.primary_nextcloud;
  redis_path = vars.primary_redis;

  # nextcloud-image = import ./nextcloud-image { inherit pkgs; };
  nextcloud-base = {
    # image comes from running docker compose build in nextcloud-docker/.examples/full/apache
    image = "nextcloud-nextcloud";
    pull = "always";
    hostname = "nextcloud";
    volumes = [
      "${nextcloud_path}/nc_data:/var/www/html:z"
      "${nextcloud_path}/nc_php:/usr/local/etc/php"
      "${nextcloud_path}/nc_prehooks:/docker-entrypoint-hooks.d/before-starting"
      #"${nextcloud_path}/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro"
    ];
    extraOptions = [
      "--network=haproxy-net"
      "--network=postgres-net"
      "--network=nextcloud_default"
    ];
    dependsOn = [ "redis" ];
    environmentFiles = [ config.sops.secrets."docker/nextcloud".path ];
  };
in
{
  virtualisation.oci-containers.containers = {
    nextcloud = nextcloud-base // {
      ports = [ "9999:80" ];
    };
    redis = {
      image = "redis:latest";
      pull = "newer";
      user = "600:600";
      volumes = [
        "${config.sops.secrets."docker/redis".path}:/usr/local/etc/redis/redis.conf"
        "${redis_path}:/data"
      ];
      extraOptions = [
        "--network=nextcloud_default"
      ];
      cmd = [
        "redis-server"
        "/usr/local/etc/redis/redis.conf"
      ];
    };
    go-vod = {
      image = "radialapps/go-vod:latest";
      pull = "always";
      dependsOn = [ "nextcloud" ];
      environment = {
        NEXTCLOUD_HOST = "https://nextcloud.alicehuston.xyz";
      };
      volumes = [ "${nextcloud_path}/nc_data:/var/www/html:ro" ];
      extraOptions = [
        "--device=/dev/dri:/dev/dri"
      ];
    };
    collabora-code = {
      image = "collabora/code:latest";
      pull = "always";
      dependsOn = [ "nextcloud" ];
      environment = {
        aliasgroup1 = "https://collabora.nayenoie.com:443";
        aliasgroup2 = "https://nextcloud.alicehuston.xyz:443";
        aliasgroup3 = "https://.*:443";
        extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
      };
      environmentFiles = [
        config.sops.secrets."docker/collabora".path
      ];
      extraOptions = [
        "--network=haproxy-net"
        "--privileged"
      ];
      ports = [ "9980:9980" ];
    };
  };

  users.users.www-data = {
    uid = 33;
    isSystemUser = true;
    group = "www-data";
  };

  users.groups.www-data = {
    gid = 33;
    members = [ "www-data" ];
  };

  sops = {
    defaultSopsFile = ../secrets.yaml;
    secrets = {
      "docker/redis" = {
        owner = "docker-service";
        restartUnits = [ "docker-redis.service" ];
      };
      "docker/nextcloud" = {
        owner = "www-data";
        restartUnits = [ "docker-nextcloud.service" ];
      };
      "docker/collabora" = {
        owner = "www-data";
        restartUnits = [ "docker-collabora-code.service" ];
      };
    };
  };
}