{ config, lib, pkgs, inputs, ... }:

{
	# setup collabora config declaratively
	systemd.services.nextcloud-config-collabora = let
		inherit (config.services.nextcloud) occ;

		wopi_url = "http://[::1]:${toString config.services.collabora-online.port}";
		public_wopi_url = "https://cool.hahn1.one";
		wopi_allowlist = lib.concatStringsSep "," [
			"127.0.0.1"
			"::1"
		];
	in {
		wantedBy = ["multi-user.target"];
		after = ["nextcloud-setup.service" "coolwsd.service"];
		requires = ["coolwsd.service"];
		script = ''
			${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
			${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
			${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
			${occ}/bin/nextcloud-occ richdocuments:setup
			'';
		serviceConfig = {
			Type = "oneshot";
			User = "nextcloud";
		};
	};

	# setup the collabora server
	services.collabora-online = {
		enable = true;
		port = 9980; # default
		settings = {
			# Rely on reverse proxy for SSL
			ssl = {
				enable = false;
				termination = true;

				# this is for dev purposes
				# can be enabled in production when there is a real certificate
				ssl_verification = true;
			};

			# Listen on loopback interface only, and accept requests from ::1
			net = {
				listen = "loopback";
				post_allow.host = ["::1"];
			};

			# Set FQDN of server
			server_name = "cool.hahn1.one";
		};
	};
}