{ pkgs, lib, config, ... }:
let
  cfg = config.lab.thecloud;
  nfsShares = [
    "/ancient"
  ];
  nfsExports = lib.strings.concatLines (
    builtins.map
      (share:
        "${cfg.nfsRoot}${share} 192.168.30.0/24(rw,sync,no_subtree_check,no_root_squash)"
      )
      nfsShares
  );
in
{
  options.lab.thecloud = {
    enable = lib.mkOption {
      default = false;
      type = lib.types.bool;
      description = ''
        Experimental: migrate thecloud.dmz to hypervisor.
      '';
    };

    nfsRoot = lib.mkOption {
      default = "/mnt/data";
      type = lib.types.str;
      description = ''
        Root directory of NFS data.
      '';
    };

    postgresDir = lib.mkOption {
      default = "/mnt/data/postgresql/${config.services.postgresql.package.psqlSchema}";
      type = lib.types.str;
      description = ''
        Postgresql data directory.
      '';
    };
  };

  config = lib.mkIf cfg.enable {
    networking.firewall.allowedTCPPorts = [ 2049 5432 ];

    services = {
      nfs.server = {
        enable = true;
        exports = nfsExports;
      };

      postgresql = {
        enable = true;
        package = pkgs.postgresql_15;
        enableTCPIP = true;

        dataDir = cfg.postgresDir;

        authentication = ''
          host	nextcloud	nextcloud	all	md5
          host	hedgedoc	hedgedoc	all	md5
        '';
      };
    };
  };
}