{ config, lib, ... }:

let
  cfg = config.control.nextcloud;
in
{
  assertions = [
    {
      assertion = (!cfg.enable) || (cfg.adminPassFile != null);
      message = "control.nextcloud.adminPassFile must be set when Nextcloud is enabled.";
    }
  ];

  config = lib.mkIf cfg.enable {
    services.nextcloud = {
      enable = true;
      hostName = cfg.hostName;
      https = false;
      config = {
        dbtype = "sqlite";
        adminuser = "admin";
        adminpassFile = cfg.adminPassFile;
      };
      settings = {
        trusted_domains = [ cfg.hostName ];
      };
    };

    networking.firewall.allowedTCPPorts = lib.optionals cfg.openFirewall [ 80 443 ];
  };
}