From e61c815c7c4f3bda63035591c62e2772e3d57a3f Mon Sep 17 00:00:00 2001
From: s-prechtl <stefan@tague.at>
Date: Sat, 21 Jun 2025 23:03:36 +0200
Subject: [PATCH] feat: nextcloud subdirectory

---
 hosts/hitsugibune/nextcloud.nix | 63 ++++++++++++++++++++++++++++++---
 1 file changed, 59 insertions(+), 4 deletions(-)

diff --git a/hosts/hitsugibune/nextcloud.nix b/hosts/hitsugibune/nextcloud.nix
index b185b84..81eea05 100644
--- a/hosts/hitsugibune/nextcloud.nix
+++ b/hosts/hitsugibune/nextcloud.nix
@@ -1,4 +1,8 @@
-{config, pkgs, ...}: {
+{
+  config,
+  pkgs,
+  ...
+}: {
   # This is only a temporary password and will be changed
   environment.etc."nextcloud-admin-pass".text = "samcsamc11";
   services.nextcloud = {
@@ -6,15 +10,66 @@
     hostName = "sprechtl.ddns.net";
     https = true;
     package = pkgs.nextcloud31;
+    settings = let
+      prot = "http"; # or https
+      host = "127.0.0.1";
+      dir = "/nextcloud";
+    in {
+      overwriteprotocol = prot;
+      overwritehost = host;
+      overwritewebroot = dir;
+      overwrite.cli.url = "${prot}://${host}${dir}/";
+      htaccess.RewriteBase = dir;
+    };
     config = {
       adminpassFile = "/etc/nextcloud-admin-pass";
       dbtype = "sqlite";
     };
   };
 
-  services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
-    forceSSL = true;
-    enableACME = true;
+  services.nginx = {
+    virtualHosts.${config.services.nextcloud.hostName} = {
+      forceSSL = true;
+      enableACME = true;
+      listen = [
+        {
+          addr = "127.0.0.1";
+          port = 8080; # NOT an exposed port
+        }
+      ];
+    };
+
+    virtualHosts."localhost" = {
+      "/nextcloud/" = {
+        priority = 9999;
+        extraConfig = ''
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-NginX-Proxy true;
+          proxy_set_header X-Forwarded-Proto http;
+          proxy_pass http://127.0.0.1:8080/; # tailing / is important!
+          proxy_set_header Host $host;
+          proxy_cache_bypass $http_upgrade;
+          proxy_redirect off;
+        '';
+      };
+      "^~ /.well-known" = {
+        priority = 9000;
+        extraConfig = ''
+          absolute_redirect off;
+          location ~ ^/\\.well-known/(?:carddav|caldav)$ {
+            return 301 /nextcloud/remote.php/dav;
+          }
+          location ~ ^/\\.well-known/host-meta(?:\\.json)?$ {
+            return 301 /nextcloud/public.php?service=host-meta-json;
+          }
+          location ~ ^/\\.well-known/(?!acme-challenge|pki-validation) {
+            return 301 /nextcloud/index.php$request_uri;
+          }
+          try_files $uri $uri/ =404;
+        '';
+      };
+    };
   };
 
   security.acme = {