nextcloud nginx split

2026-02-05 10:58:35 -06:00
parent cb1776d670
commit 6603fac1c4
1 changed files with 138 additions and 121 deletions
--- a/modules/servers/nextcloud.nix
+++ b/modules/servers/nextcloud.nix
@@ -52,8 +52,9 @@ in
        "nodejs-14.21.3"
        "openssl-1.1.1v"
      ];
-      users.groups.nextcloud = { inherit gid; };
-      users.users.nextcloud = {
+      users = {
+        groups.nextcloud = { inherit gid; };
+        users.nextcloud = {
          inherit uid;
          isSystemUser = true;
          group = "nextcloud";
@@ -68,7 +69,9 @@ in
              ;
          };
        };
-      services.nextcloud = {
+      };
+      services = {
+        nextcloud = {
          enable = true;
          https = false; # vps
          package = pkgs.nextcloud32;
@@ -161,7 +164,26 @@ in
            all.pdlib
            all.bz2
          ];
-
+        };
+        nginx.virtualHosts.${cfg.host} = {
+          forceSSL = false;
+          enableACME = false;
+          http2 = false;
+          serverAliases = [
+            "cloud.servidos.lat"
+            "cloud.rotehaare.art"
+          ];
+          listen = [
+            {
+              addr = config.my.ips.wg-server;
+              port = 8081;
+            }
+            {
+              addr = config.my.localhost;
+              port = 8081;
+            }
+          ];
+        };
      };
      virtualisation.oci-containers.containers = {
        go-vod = lib.mkIf config.my.servers.go-vod.enable {
@@ -234,14 +256,14 @@ in
        };
      };
    })
-    (lib.mkIf (cfg.enableProxy && config.my.enableProxy) {
+    (lib.mkIf (cfg.enableProxy && config.my.enableProxy && config.networking.hostName == "vps") {
      my.servers.nextcloud.useDefaultProxy = false;
      services.nginx.virtualHosts = {
        "${cfg.host}" = {
-          forceSSL = false;
-          enableACME = false;
-          http2 = false;
-          default = false;
+          forceSSL = true;
+          enableACME = true;
+          http2 = true;
+          default = true;
          serverAliases = [ "cloud.rotehaare.art" ];
          extraConfig = ''
            add_header X-XSS-Protection "1; mode=block" always;
@@ -250,22 +272,17 @@ in
            add_header X-Frame-Options "SAMEORIGIN" always;
            add_header Referrer-Policy "no-referrer-when-downgrade" always;
            add_header X-Permitted-Cross-Domain-Policies "none" always;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-Host $host;
          '';
          locations = {
-            "/".proxyWebsockets = true;
-            "~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+|.+/richdocumentscode/proxy).php(?:$|/)" =
-              { };
+            "/" = {
+              proxyPass = cfg.local;
+              proxyWebsockets = true;
+            };
          };
-          listen = [
-            {
-              addr = config.my.ips.wg-server;
-              port = 8081;
-            }
-            {
-              addr = config.my.localhost;
-              port = 8081;
-            }
-          ];
        };
        "${cfgC.host}" = lib.mkIf cfgC.enableProxy {
          forceSSL = true;