{config, pkgs, ...}:

{
  services.onlyoffice = {
    enable = true;
    port = 7001;

    hostname = "only.office";
    
    postgresHost = "/run/postgresql";
    postgresName = "onlyoffice";
    postgresUser = "onlyoffice";
  };

  services.nginx.virtualHosts."${config.services.onlyoffice.hostname}".listen = [ { addr = "127.0.0.1"; port = 7002; } ];

  services.unbound.settings.server = let
    RECORD = ".office. IN A 192.168.1.20";
  in {
    local-zone = [
      "office. transparent"
    ];
    local-data = [
      "'only${RECORD}'"
    ];
  };

  services.caddy.virtualHosts = {
    "https://only.office" = {
	    extraConfig = ''
        tls internal
        reverse_proxy 127.0.0.1:7001
      '';           
    };
  };
  
  services.postgresql = {
    enable = true;
    port = 5432;
    ensureDatabases = [
      "onlyoffice"
    ];
    ensureUsers = [{
      name = "onlyoffice";
      ensureDBOwnership = true;
    }];
  };
}