{config, ...}: {
  services.phpfpm.pools.nextcloud.settings = {
    "listen.owner" = config.services.caddy.user;
    "listen.group" = config.services.caddy.group;
  };

  users.users.caddy.extraGroups = ["nextcloud"];

  services.caddy = {
    enable = true;

    # Setup Nextcloud virtual host to listen on ports
    virtualHosts = {
      "${config.services.nextcloud.hostName}" = {
        useACMEHost = "${config.services.nextcloud.hostName}";
        extraConfig = ''
           redir /.well-known/carddav /remote.php/dav 301
           redir /.well-known/caldav /remote.php/dav 301
           redir /.well-known/webfinger /index.php/.well-known/webfinger 301
           redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301

           encode gzip
           reverse_proxy localhost:9000
           header Strict-Transport-Security max-age=31536000;
           @forbidden {
            path /.htaccess
            path /data/*
            path /config/*
            path /db_structure
            path /.xml
            path /README
            path /3rdparty/*
            path /lib/*
            path /templates/*
            path /occ
            path /console.php
          }
          handle @forbidden {
            respond 404
          }

          handle {
          	root * /var/www/html
          	php_fastcgi 127.0.0.1:9000 {
          		# Tells nextcloud to remove /index.php from URLs in links
          		env front_controller_active true
          	}
          	file_server
          }
        '';
      };
      "onlyoffice.gladtherescake.eu" = {
      };
    };
  };
}