From ec6d7add83d2d318e611f95fbc0009ee592dc57f Mon Sep 17 00:00:00 2001
From: death916 <tavn1992@gmail.com>
Date: Mon, 12 May 2025 12:30:34 +0000
Subject: [PATCH] proxy

---
 modules/nextcloud-setup.nix | 82 +++++++++++++++++--------------------
 1 file changed, 38 insertions(+), 44 deletions(-)

diff --git a/modules/nextcloud-setup.nix b/modules/nextcloud-setup.nix
index 0538a42..6489304 100644
--- a/modules/nextcloud-setup.nix
+++ b/modules/nextcloud-setup.nix
@@ -1,75 +1,69 @@
-# ~/nixconfig/nextcloud-local-setup.nix
+# ~/nixconfig/modules/nextcloud-setup.nix
 { config, pkgs, lib, ... }:
 
 let
-  nextcloudInternalHostName = "homelab";
-  # Define the paths to your externally managed password files
+  nextcloudExternalDomain = "cloud.death916.xyz";
   adminPassFilePath = "/etc/nixos/secrets/nextcloud_admin_password";
   dbPassFilePath = "/etc/nixos/secrets/nextcloud_db_password";
   nextcloudDataPath = "/storage/nextcloud-data";
+
+  #If services.nginx is not set, Nextcloud defaults to 80 (or you specify listen port)
+  internalNextcloudHttpPort = 80;
+  nginxProxyManagerTailscaleIP = "100.117.212.36";
 in
 {
-  # --- PostgreSQL Database for Nextcloud ---
+  # --- PostgreSQL Database ---
   services.postgresql = {
-    enable = true;
-    package = pkgs.postgresql_14;
-    ensureDatabases = [ "nextcloud" ];
+    enable = true; package = pkgs.postgresql_14; ensureDatabases = [ "nextcloud" ];
     ensureUsers = [ { name = "nextcloud"; } ];
   };
 
-  # --- Redis for Nextcloud Caching and Locking ---
+  # --- Redis for Caching and Locking ---
   services.redis.servers.nextcloud = {
-    enable = true;
-    user = "nextcloud";
+    enable = true; 
+    user = "nextcloud"; 
     unixSocket = "/run/redis-nextcloud/redis.sock";
     port = 0;
   };
-  systemd.tmpfiles.rules = [
-    "d /run/redis-nextcloud 0750 nextcloud nextcloud - -"
-  ];
+  systemd.tmpfiles.rules = [ "d /run/redis-nextcloud 0750 nextcloud nextcloud - -" ];
 
   # --- Nextcloud Service Configuration ---
   services.nextcloud = {
     enable = true;
-    package = pkgs.nextcloud28; # Ensure this matches your desired Nextcloud version
-    hostName = "cloud.death916.xyz"; # Use the domain handled by the reverse proxy
-    https = false; # Disable HTTPS since the reverse proxy will handle it
+    package = pkgs.nextcloud28; # Or your preferred Nextcloud version
+    hostName = nextcloudExternalDomain;
+    https = false; # Let NPM Handle TLS
+
     datadir = nextcloudDataPath;
+    maxUploadSize = "2G";  # Example - can be adjusted
 
-    config = {
-      dbtype = "pgsql";
-      dbuser = "nextcloud";
-      dbhost = "/run/postgresql";
-      dbname = "nextcloud";
-      dbpassFile = dbPassFilePath;
-      adminuser = "death916";
-      adminpassFile = adminPassFilePath;
+    config = { # settings for config.php
+      dbtype = "pgsql"; dbuser = "nextcloud"; dbhost = "/run/postgresql";
+      dbname = "nextcloud"; dbpassFile = dbPassFilePath;
+      adminuser = "death916"; adminpassFile = adminPassFilePath;
+     
+       
     };
+      settings = {
+       trusted_domains = [ nextcloudExternalDomain ]; 
+        overwriteprotocol = "https"; # from Browser all traffic to Nextcloud will be HTTPS since Nginx terminates SSL
 
-    extraConfig = {
-      "overwriteprotocol" = "https"; # Force HTTPS in Nextcloud
-      "overwritehost" = "cloud.death916.xyz"; # Set the reverse proxy hostname
-      "trusted_proxies" = [ "100.117.212.36" ]; # Replace with your reverse proxy's IP
-      "overwrite.cli.url" = "https://cloud.death916.xyz"; # Set the base URL
-    };
+        overwritehost = nextcloudExternalDomain; # Tell Nextcloud what your domain is
 
-    settings = {
-      trusted_domains = [
-        "cloud.death916.xyz"
-      ];
-      memcache.distributed = "\\OC\\Memcache\\Redis";
-      memcache.locking = "\\OC\\Memcache\\Redis";
-      filelocking.enabled = true;
-      redis = { host = "/run/redis-nextcloud/redis.sock"; port = 0; };
-    };
+        overwrite.cli.url = "https://${nextcloudExternalDomain}";
 
-    caching.redis = true; # This helps set up some Redis defaults
-    phpOptions = lib.mkForce { "memory_limit" = "2G"; };
+        trusted_proxies = [ nginxProxyManagerTailscaleIP ]; # list of IP addresses of reverse proxies that are allowed to connect to Nextcloud
+        "memcache.local" = "\\OC\\Memcache\\APCu"; # See NC recommended settings
+        "memcache.distributed" = "\\OC\\Memcache\\Redis"; # Distributed caching, as we also used redis
+        "memcache.locking" = "\\OC\\Memcache\\Redis"; # File locking using Redis, for performance
+        filelocking.enabled = true; # Finally enable file locking
+
+      };
+    phpOptions = lib.mkForce { "memory_limit" = "2G"; }; 
+
+    
   };
-
   users.users.nextcloud = { isSystemUser = true; group = "nextcloud"; };
   users.groups.nextcloud = {};
-
-  networking.firewall.allowedTCPPorts = [ 8080 ];
 }