clean

modules/nextcloud-setup.nix

@@ -13,15 +13,11 @@ let
   nextcloudDataPath = "/storage/nextcloud-data";
   nginxProxyManagerTailscaleIP = "100.117.212.36"; # IP of your NPM
 
-  # Port Nextcloud's internal webserver listens on (default 80 for HTTP).
-  # NPM forwards to <homelab_tailscale_ip>:<internalNextcloudHttpPort>
-  # Direct Tailscale clients will connect to <homelab_tailscale_ip_or_magicdns>:<internalNextcloudHttpPort>
   internalNextcloudHttpPort = 80;
 
   # --- For Direct Tailscale Access to homelab's Nextcloud ---
-  homelabTailscaleIP = "100.65.36.116"; # REPLACE with homelab's actual Tailscale IP
-  homelabMagicDNSName = "homelab"; # Or homelab.your-tailnet-name.ts.net if you use the full name
-in
+  homelabTailscaleIP = "100.65.36.116"; 
+  homelabMagicDNSName = "homelab"; 
 {
   # --- PostgreSQL & Redis setup ... (as before) ---
   services.postgresql = {
@@ -43,8 +39,6 @@ in
     enable = true;
     package = pkgs.nextcloud31; # Verify this version
 
-    # For the path through NPM, hostName should match the external domain.
-    # For direct Tailscale access, users will use the Tailscale IP/MagicDNS name.
     hostName = nextcloudExternalDomain;
 
     https = false; # NPM handles HTTPS. Nextcloud serves HTTP internally.
@@ -66,8 +60,6 @@ in
     };
 
     settings = {
-      # --- Trusted Domains: CRITICAL ---
-      # Add all ways Nextcloud will be accessed.
       trusted_domains = [
         nextcloudExternalDomain # For access via NPM
         homelabTailscaleIP # For direct access via Tailscale IP
@@ -78,22 +70,11 @@ in
       # --- Trusted Proxies: For NPM path ---
       trusted_proxies = [ nginxProxyManagerTailscaleIP ];
 
-      # --- Overwrite Parameters: Primarily for the NPM path ---
-      # These tell Nextcloud how it looks when accessed via NPM (HTTPS, external domain).
-      # When accessed directly via Tailscale IP/MagicDNS name over HTTP, these *might*
-      # cause Nextcloud to generate HTTPS links, which could be an issue if you haven't
-      # set up HTTPS directly on the homelab Tailscale interface.
       overwriteprotocol = "https";
       overwritehost = nextcloudExternalDomain;
       "overwrite.cli.url" = "https://${nextcloudExternalDomain}"; # For occ commands
 
-      # If direct HTTP access over Tailscale leads to mixed content or redirect loops
-      # due to the above overwrite settings, you might need `overwritecondaddr`.
       overwritecondaddr = "^${nginxProxyManagerTailscaleIP}$";
-      # This would apply the overwriteprotocol/host only if request comes from NPM.
-      # For simplicity, try without it first.
-
-      # Redis and other settings
       "memcache.local" = "\\OC\\Memcache\\APCu";
       "memcache.distributed" = "\\OC\\Memcache\\Redis";
       "memcache.locking" = "\\OC\\Memcache\\Redis";
@@ -103,7 +84,6 @@ in
         port = 0;
       };
     };
-
     caching.redis = true;
     phpOptions = lib.mkForce { "memory_limit" = "4G"; };
   };
@@ -114,9 +94,5 @@ in
   };
   users.groups.nextcloud = { };
 
-  # Firewall on homelab:
-  # Allows NPM (and direct Tailscale clients) to connect to Nextcloud's internal HTTP port.
-  # If `networking.firewall.trustedInterfaces = [ "tailscale0" ];` is in homelab.nix,
-  # this is mainly for Tailscale access.
   networking.firewall.allowedTCPPorts = [ internalNextcloudHttpPort ]; # Port 80
 }