proxy

2026-04-11 04:48:25 -07:00 · 2025-05-12 12:30:34 +00:00 · 2025-05-12 12:30:34 +00:00 · ec6d7add83
commit ec6d7add83
parent 83ebcdc488
1 changed files with 38 additions and 44 deletions
--- a/modules/nextcloud-setup.nix
+++ b/modules/nextcloud-setup.nix
@ -1,75 +1,69 @@
-# ~/nixconfig/nextcloud-local-setup.nix
+# ~/nixconfig/modules/nextcloud-setup.nix
 { config, pkgs, lib, ... }:

 let
-  nextcloudInternalHostName = "homelab";
-  # Define the paths to your externally managed password files
+  nextcloudExternalDomain = "cloud.death916.xyz";
  adminPassFilePath = "/etc/nixos/secrets/nextcloud_admin_password";
  dbPassFilePath = "/etc/nixos/secrets/nextcloud_db_password";
  nextcloudDataPath = "/storage/nextcloud-data";
+
+  #If services.nginx is not set, Nextcloud defaults to 80 (or you specify listen port)
+  internalNextcloudHttpPort = 80;
+  nginxProxyManagerTailscaleIP = "100.117.212.36";
 in
 {
-  # --- PostgreSQL Database for Nextcloud ---
+  # --- PostgreSQL Database ---
  services.postgresql = {
-    enable = true;
-    package = pkgs.postgresql_14;
-    ensureDatabases = [ "nextcloud" ];
+    enable = true; package = pkgs.postgresql_14; ensureDatabases = [ "nextcloud" ];
    ensureUsers = [ { name = "nextcloud"; } ];
  };

-  # --- Redis for Nextcloud Caching and Locking ---
+  # --- Redis for Caching and Locking ---
  services.redis.servers.nextcloud = {
-    enable = true;
-    user = "nextcloud";
+    enable = true; 
+    user = "nextcloud"; 
    unixSocket = "/run/redis-nextcloud/redis.sock";
    port = 0;
  };
-  systemd.tmpfiles.rules = [
-    "d /run/redis-nextcloud 0750 nextcloud nextcloud - -"
-  ];
+  systemd.tmpfiles.rules = [ "d /run/redis-nextcloud 0750 nextcloud nextcloud - -" ];

  # --- Nextcloud Service Configuration ---
  services.nextcloud = {
    enable = true;
-    package = pkgs.nextcloud28; # Ensure this matches your desired Nextcloud version
-    hostName = "cloud.death916.xyz"; # Use the domain handled by the reverse proxy
-    https = false; # Disable HTTPS since the reverse proxy will handle it
+    package = pkgs.nextcloud28; # Or your preferred Nextcloud version
+    hostName = nextcloudExternalDomain;
+    https = false; # Let NPM Handle TLS
+
    datadir = nextcloudDataPath;
+    maxUploadSize = "2G";  # Example - can be adjusted

-    config = {
-      dbtype = "pgsql";
-      dbuser = "nextcloud";
-      dbhost = "/run/postgresql";
-      dbname = "nextcloud";
-      dbpassFile = dbPassFilePath;
-      adminuser = "death916";
-      adminpassFile = adminPassFilePath;
+    config = { # settings for config.php
+      dbtype = "pgsql"; dbuser = "nextcloud"; dbhost = "/run/postgresql";
+      dbname = "nextcloud"; dbpassFile = dbPassFilePath;
+      adminuser = "death916"; adminpassFile = adminPassFilePath;
+     
+       
    };
+      settings = {
+       trusted_domains = [ nextcloudExternalDomain ]; 
+        overwriteprotocol = "https"; # from Browser all traffic to Nextcloud will be HTTPS since Nginx terminates SSL

-    extraConfig = {
-      "overwriteprotocol" = "https"; # Force HTTPS in Nextcloud
-      "overwritehost" = "cloud.death916.xyz"; # Set the reverse proxy hostname
-      "trusted_proxies" = [ "100.117.212.36" ]; # Replace with your reverse proxy's IP
-      "overwrite.cli.url" = "https://cloud.death916.xyz"; # Set the base URL
-    };
+        overwritehost = nextcloudExternalDomain; # Tell Nextcloud what your domain is

-    settings = {
-      trusted_domains = [
-        "cloud.death916.xyz"
-      ];
-      memcache.distributed = "\\OC\\Memcache\\Redis";
-      memcache.locking = "\\OC\\Memcache\\Redis";
-      filelocking.enabled = true;
-      redis = { host = "/run/redis-nextcloud/redis.sock"; port = 0; };
-    };
+        overwrite.cli.url = "https://${nextcloudExternalDomain}";

-    caching.redis = true; # This helps set up some Redis defaults
-    phpOptions = lib.mkForce { "memory_limit" = "2G"; };
+        trusted_proxies = [ nginxProxyManagerTailscaleIP ]; # list of IP addresses of reverse proxies that are allowed to connect to Nextcloud
+        "memcache.local" = "\\OC\\Memcache\\APCu"; # See NC recommended settings
+        "memcache.distributed" = "\\OC\\Memcache\\Redis"; # Distributed caching, as we also used redis
+        "memcache.locking" = "\\OC\\Memcache\\Redis"; # File locking using Redis, for performance
+        filelocking.enabled = true; # Finally enable file locking
+
+      };
+    phpOptions = lib.mkForce { "memory_limit" = "2G"; }; 
+
+    
  };
-
  users.users.nextcloud = { isSystemUser = true; group = "nextcloud"; };
  users.groups.nextcloud = {};
-
-  networking.firewall.allowedTCPPorts = [ 8080 ];
 }