{ config, pkgs, ... }:
let
  updateLdapSettings = pkgs.writeText "nextcloud-update-ldap-settings.sql" (builtins.readFile ./update-ldap-settings.sql);
in {

  sops.secrets.nextcloud-ldap-password.owner = "nextcloud";

  systemd.services."nextcloud-update-ldap-settings" = {
    enable = true;
    description = "My custom service";
    after = [ "nextcloud-setup.service" ];
    script = let
      updateLdapSettings = pkgs.writeText "nextcloud-update-ldap-settings.sql" (builtins.readFile ./update-ldap-settings.sql);
    in ''
      ldappass=$(base64 -w 0 ${config.sops.secrets.nextcloud-ldap-password.path})
      ${pkgs.mysql}/bin/mysql -u nextcloud -e "INSERT INTO oc_appconfig (appid, configkey, configvalue, type, lazy) VALUES ('user_ldap', 's01ldap_agent_password', '$ldappass', 2, 0) ON DUPLICATE KEY UPDATE configvalue = '$ldappass';" nextcloud
      ${pkgs.mysql}/bin/mysql -u nextcloud nextcloud < ${updateLdapSettings}
    '';
    serviceConfig = {
      Type = "exec";
      User = "nextcloud";
    };
  };
}