{
  config,
  lib,
  pkgs,
  ...
}: let
  cfg = config.services.nextcloud-instance;
in {
  options.services.nextcloud-instance = {
    enable = lib.mkEnableOption "Enable the Nextcloud instance";

    instanceFQDN = lib.mkOption {
      type = lib.types.str;
      example = "nextcloud.example.com";
      description = "Fully qualified domain name of the Nextcloud instance";
    };
  };

  config = lib.mkIf cfg.enable {
    environment.etc."nc-admin-pass.txt".text = "replace-me-with-a-sops-secret";

    services.nextcloud = {
      enable = true;
      hostName = cfg.instanceFQDN;
      https = false;
      config.dbtype = "mysql";
      config.adminpassFile = "/etc/nc-admin-pass.txt"; # FIXME: sops
    };

    services.nginx.virtualHosts.${cfg.instanceFQDN}.listen = [
      {
        port = 8080;
        addr = "0.0.0.0";
      }
    ];

    services.mysql = {
      enable = true;
      package = pkgs.mariadb;
    };
  };
}