nixos-conf/nextcloud.nix

# Nextcloud instance
{ config, pkgs, ... }:
{
	networking.firewall.allowedTCPPorts = [ 80 443 ];
	networking.firewall.allowedUDPPorts = [ 443 ];

	services.nextcloud = {
		package = pkgs.nextcloud29;
		enable = true;
		hostName = "nextcloud.vsinerva.fi";
		autoUpdateApps.enable = true;
		https = true;
		maxUploadSize = "10G";
		config = {
			adminpassFile = "/var/lib/nextcloud/adminpass";
		};
		settings = {
			overwriteprotocol = "https";
		};
	};

	services.nginx.virtualHosts =
	{
		${config.services.nextcloud.hostName} = {
			forceSSL = true;
			kTLS = true;
			sslCertificate = "/var/lib/nextcloud/nextcloud_fullchain.pem";
			sslCertificateKey = "/var/lib/nextcloud/nextcloud_privkey.pem";
			locations = { 
				"/".proxyWebsockets = true;
				"~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/)" = {};
			};
		};
	};
}