{pkgs, ...}: {
  project.name = "nextcloud";

  networks.dmz = {
    name = "dmz";
    external = true;
  };

  networks.transport = {};

  services = {
    nextcloud.service = {
      image = "nextcloud:latest";
      container_name = "nextcloud";
      useHostStore = true;
      labels = {
        "traefik.enable" = "true";
        "traefik.http.routers.nextcloud.entrypoints" = "websecure";
        "traefik.http.routers.nextcloud.rule" = "Host(`nextcloud.ghoscht.com`)";
        "traefik.docker.network" = "dmz";
        "traefik.http.routers.nextcloud.tls" = "true";
        "traefik.http.routers.nextcloud.tls.certresolver" = "letsencrypt";
      };
      volumes = [
        "/home/ghoscht/.docker/nextcloud/nextcloud_data:/var/www/html"
      ];
      environment = {MYSQL_HOST = "nextcloud-db";};
      env_file = [
        "/home/ghoscht/.docker/nextcloud/nextcloud.env"
      ];
      restart = "unless-stopped";
      networks = [
        "dmz"
        "transport"
      ];
    };
    db.service = {
      image = "mariadb:10.5";
      env_file = [
        "/home/ghoscht/.docker/nextcloud/nextcloud.env"
      ];
      volumes = ["/home/ghoscht/.docker/nextcloud/nextcloud_db:/var/lib/mysql"];
      restart = "unless-stopped";
      command = "--transaction-isolation=READ-COMMITTED --binlog-format=ROW";
      networks = [
        "transport"
      ];
    };
  };
}