{pkgs, ...}: let
  nextcloud-pkg = pkgs.nextcloud30;
  host = "127.0.0.1";
  port = 8008;
in {
  services.nextcloud = {
    enable = true;
    package = nextcloud-pkg;
    hostName = "localhost";
    config.adminpassFile = "/var/lib/db/nextcloud/admin-password";
    config.dbtype = "sqlite";
  };

  # Place nextcloud behind a reverse proxy
  services.nginx.virtualHosts."localhost".listen = [
    {
      addr = host;
      port = port;
    }
  ];
  services.nginx.virtualHosts."nextcloud.spoodythe.one" = {
    addSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://${host}:${toString port}";
    };
  };

  # Open port 80 and 443 for reverse proxy
  networking.firewall.allowedTCPPorts = [80 443];
  networking.firewall.allowedUDPPorts = [80 443];
}