feat: nextcloud subdirectory

2025-06-21 23:03:36 +02:00 · 2025-06-21 23:03:36 +02:00 · e61c815c7c
commit e61c815c7c
parent d9e3a1aeb1
1 changed files with 59 additions and 4 deletions
--- a/hosts/hitsugibune/nextcloud.nix
+++ b/hosts/hitsugibune/nextcloud.nix
@ -1,4 +1,8 @@
-{config, pkgs, ...}: {
+{
+  config,
+  pkgs,
+  ...
+}: {
  # This is only a temporary password and will be changed
  environment.etc."nextcloud-admin-pass".text = "samcsamc11";
  services.nextcloud = {
@ -6,15 +10,66 @@
    hostName = "sprechtl.ddns.net";
    https = true;
    package = pkgs.nextcloud31;
+    settings = let
+      prot = "http"; # or https
+      host = "127.0.0.1";
+      dir = "/nextcloud";
+    in {
+      overwriteprotocol = prot;
+      overwritehost = host;
+      overwritewebroot = dir;
+      overwrite.cli.url = "${prot}://${host}${dir}/";
+      htaccess.RewriteBase = dir;
+    };
    config = {
      adminpassFile = "/etc/nextcloud-admin-pass";
      dbtype = "sqlite";
    };
  };

-  services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
+  services.nginx = {
+    virtualHosts.${config.services.nextcloud.hostName} = {
      forceSSL = true;
      enableACME = true;
+      listen = [
+        {
+          addr = "127.0.0.1";
+          port = 8080; # NOT an exposed port
+        }
+      ];
+    };
+
+    virtualHosts."localhost" = {
+      "/nextcloud/" = {
+        priority = 9999;
+        extraConfig = ''
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-NginX-Proxy true;
+          proxy_set_header X-Forwarded-Proto http;
+          proxy_pass http://127.0.0.1:8080/; # tailing / is important!
+          proxy_set_header Host $host;
+          proxy_cache_bypass $http_upgrade;
+          proxy_redirect off;
+        '';
+      };
+      "^~ /.well-known" = {
+        priority = 9000;
+        extraConfig = ''
+          absolute_redirect off;
+          location ~ ^/\\.well-known/(?:carddav|caldav)$ {
+            return 301 /nextcloud/remote.php/dav;
+          }
+          location ~ ^/\\.well-known/host-meta(?:\\.json)?$ {
+            return 301 /nextcloud/public.php?service=host-meta-json;
+          }
+          location ~ ^/\\.well-known/(?!acme-challenge|pki-validation) {
+            return 301 /nextcloud/index.php$request_uri;
+          }
+          try_files $uri $uri/ =404;
+        '';
+      };
+    };
  };

  security.acme = {