jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nextcloud nginx split

Browse Source
This commit is contained in:
Danilo Reyes
2026-02-05 10:58:35 -06:00
parent cb1776d670
commit 6603fac1c4
1 changed files with 138 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
modules/servers/nextcloud.nix
View File

@@ -52,8 +52,9 @@ in
"nodejs-14.21.3" "nodejs-14.21.3"
"openssl-1.1.1v" "openssl-1.1.1v"
]; ];
users.groups.nextcloud = { inherit gid; }; users = {
users.users.nextcloud = { groups.nextcloud = { inherit gid; };
users.nextcloud = {
inherit uid; inherit uid;
isSystemUser = true; isSystemUser = true;
group = "nextcloud"; group = "nextcloud";
@@ -68,7 +69,9 @@ in
; ;
}; };
}; };
services.nextcloud = { };
services = {
nextcloud = {
enable = true; enable = true;
https = false; # vps https = false; # vps
package = pkgs.nextcloud32; package = pkgs.nextcloud32;
@@ -161,7 +164,26 @@ in
all.pdlib all.pdlib
all.bz2 all.bz2
]; ];
};
nginx.virtualHosts.${cfg.host} = {
forceSSL = false;
enableACME = false;
http2 = false;
serverAliases = [
"cloud.servidos.lat"
"cloud.rotehaare.art"
];
listen = [
{
addr = config.my.ips.wg-server;
port = 8081;
}
{
addr = config.my.localhost;
port = 8081;
}
];
};
}; };
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
go-vod = lib.mkIf config.my.servers.go-vod.enable { go-vod = lib.mkIf config.my.servers.go-vod.enable {
@@ -234,14 +256,14 @@ in
}; };
}; };
}) })
(lib.mkIf (cfg.enableProxy && config.my.enableProxy) { (lib.mkIf (cfg.enableProxy && config.my.enableProxy && config.networking.hostName == "vps") {
my.servers.nextcloud.useDefaultProxy = false; my.servers.nextcloud.useDefaultProxy = false;
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"${cfg.host}" = { "${cfg.host}" = {
forceSSL = false; forceSSL = true;
enableACME = false; enableACME = true;
http2 = false; http2 = true;
default = false; default = true;
serverAliases = [ "cloud.rotehaare.art" ]; serverAliases = [ "cloud.rotehaare.art" ];
extraConfig = '' extraConfig = ''
add_header X-XSS-Protection "1; mode=block" always; add_header X-XSS-Protection "1; mode=block" always;
@@ -250,22 +272,17 @@ in
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always; add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies "none" always;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
''; '';
locations = { locations = {
"/".proxyWebsockets = true; "/" = {
"~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+|.+/richdocumentscode/proxy).php(?:$|/)" = proxyPass = cfg.local;
{ }; proxyWebsockets = true;
};
}; };
listen = [
{
addr = config.my.ips.wg-server;
port = 8081;
}
{
addr = config.my.localhost;
port = 8081;
}
];
}; };
"${cfgC.host}" = lib.mkIf cfgC.enableProxy { "${cfgC.host}" = lib.mkIf cfgC.enableProxy {
forceSSL = true; forceSSL = true;