cloud broken

2026-04-11 04:48:25 -07:00 · 2025-06-05 07:02:33 -07:00 · 2025-06-05 07:02:33 -07:00 · 641cc9e0bb
commit 641cc9e0bb
parent 09d50dd2c0
1 changed files with 18 additions and 38 deletions
--- a/modules/nextcloud-setup.nix
+++ b/modules/nextcloud-setup.nix
@ -34,11 +34,8 @@ in
    enable = true;
    package = pkgs.nextcloud31; # Verify this version
    
-    # For the path through NPM, hostName should match the external domain.
-    # For direct Tailscale access, users will use the Tailscale IP/MagicDNS name.
    hostName = nextcloudExternalDomain; 
-    
-    https = false; # NPM handles HTTPS. Nextcloud serves HTTP internally.
+    https = false; 
    datadir = nextcloudDataPath;
    maxUploadSize = "2G";

@ -49,34 +46,16 @@ in
    };

    settings = {
-      # --- Trusted Domains: CRITICAL ---
-      # Add all ways Nextcloud will be accessed.
      trusted_domains = [
-        nextcloudExternalDomain        # For access via NPM
-        homelabTailscaleIP             # For direct access via Tailscale IP
-        homelabMagicDNSName             # For direct access via Tailscale MagicDNS name
-        # "localhost"                   # If you run occ commands directly on homelab
+        nextcloudExternalDomain
+        homelabTailscaleIP
+        homelabMagicDNSName
      ];
-      
-      # --- Trusted Proxies: For NPM path ---
      trusted_proxies = [ nginxProxyManagerTailscaleIP ]; 
-
-      # --- Overwrite Parameters: Primarily for the NPM path ---
-      # These tell Nextcloud how it looks when accessed via NPM (HTTPS, external domain).
-      # When accessed directly via Tailscale IP/MagicDNS name over HTTP, these *might*
-      # cause Nextcloud to generate HTTPS links, which could be an issue if you haven't
-      # set up HTTPS directly on the homelab Tailscale interface.
      overwriteprotocol = "https"; 
      overwritehost = nextcloudExternalDomain;
-      "overwrite.cli.url" = "https://${nextcloudExternalDomain}"; # For occ commands
-
-      # If direct HTTP access over Tailscale leads to mixed content or redirect loops
-      # due to the above overwrite settings, you might need `overwritecondaddr`.
+      "overwrite.cli.url" = "https://${nextcloudExternalDomain}";
      overwritecondaddr = "^${nginxProxyManagerTailscaleIP}$";
-      # This would apply the overwriteprotocol/host only if request comes from NPM.
-      # For simplicity, try without it first.
-
-      # Redis and other settings
      "memcache.local" = "\\OC\\Memcache\\APCu";
      "memcache.distributed" = "\\OC\\Memcache\\Redis";
      "memcache.locking" = "\\OC\\Memcache\\Redis";
@ -88,26 +67,27 @@ in
    phpOptions = lib.mkForce { "memory_limit" = "2G"; };
  };

-  # --- Attempt to neutralize setup/update services ---
-  # This tells systemd that these services should not be started as dependencies by anything.
-  # And if they are somehow started, they will just run `/bin/true` which does nothing and exits successfully.
+  # --- MODIFICATION: Attempt to "disable" setup/update services from auto-starting ---
+  # This removes their default "WantedBy" directives, which is how services are
+  # typically enabled to start at boot or with general system targets.
  systemd.services."nextcloud-setup.service" = {
-    wantedBy = lib.mkForce [ ]; # Prevent auto-start
-    serviceConfig.ExecStart = lib.mkForce "${pkgs.coreutils}/bin/true"; # Do nothing successfully
+    # This service unit is generated by the services.nextcloud module.
+    # We are overriding its 'wantedBy' to an empty list.
+    # This should prevent it from being linked into targets like multi-user.target.
+    wantedBy = lib.mkForce [ ];
+    # We are NOT changing what command it runs (ExecStart).
  };

  systemd.services."nextcloud-update-db.service" = {
-    wantedBy = lib.mkForce [ ]; # Prevent auto-start
-    serviceConfig.ExecStart = lib.mkForce "${pkgs.coreutils}/bin/true"; # Do nothing successfully
+    # Similar to above, for the database update service.
+    wantedBy = lib.mkForce [ ];
+    # We are NOT changing what command it runs (ExecStart).
  };
+  # --- END MODIFICATION ---

  users.users.nextcloud = { isSystemUser = true; group = "nextcloud"; };
  users.groups.nextcloud = {}; 

-  # Firewall on homelab:
-  # Allows NPM (and direct Tailscale clients) to connect to Nextcloud's internal HTTP port.
-  # If `networking.firewall.trustedInterfaces = [ "tailscale0" ];` is in homelab.nix,
-  # this is mainly for Tailscale access.
-  networking.firewall.allowedTCPPorts = [ internalNextcloudHttpPort ]; # Port 80
+  networking.firewall.allowedTCPPorts = [ internalNextcloudHttpPort ];
 }