From 4fbdfd976185c4b53d394d91ba96d1d9209f00e2 Mon Sep 17 00:00:00 2001
From: Filippo Berto <berto.f@protonmail.com>
Date: Mon, 10 Jul 2023 12:09:49 +0100
Subject: [PATCH] Nextcloud: enable deployment

---
 baldur/configuration.nix    | 13 +++++++------
 flake.nix                   |  2 +-
 nixos_modules/nextcloud.nix | 13 ++++++++-----
 3 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/baldur/configuration.nix b/baldur/configuration.nix
index a0bb6b2..082ddc7 100644
--- a/baldur/configuration.nix
+++ b/baldur/configuration.nix
@@ -83,7 +83,8 @@
             enableACME = true;
             forceSSL = true;
           };
-          loki = "172.23.254.55";
+          loki_ipv4 = "172.23.254.55";
+          freya_ipv4 = "172.23.18.147";
         in
         {
           "unimi.bertof.net" = ssl // {
@@ -92,7 +93,7 @@
           };
           "home-assistant.bertof.net" = ssl // {
             locations."/" = {
-              proxyPass = "http://${loki}:8123/";
+              proxyPass = "http://${loki_ipv4}:8123/";
               proxyWebsockets = true;
             };
             extraConfig = ''
@@ -102,25 +103,25 @@
           };
           "radarr.bertof.net" = ssl // {
             locations."/" = {
-              proxyPass = "http://${loki}:7878/";
+              proxyPass = "http://${loki_ipv4}:7878/";
               proxyWebsockets = true;
             };
           };
           "sonarr.bertof.net" = ssl // {
             locations."/" = {
-              proxyPass = "http://${loki}:8989/";
+              proxyPass = "http://${loki_ipv4}:8989/";
               proxyWebsockets = true;
             };
           };
           "jellyfin.bertof.net" = ssl // {
             locations."/" = {
-              proxyPass = "http://${loki}:8096/";
+              proxyPass = "http://${loki_ipv4}:8096/";
               proxyWebsockets = true;
             };
           };
           "my-nextcloud.bertof.net" = ssl // {
             locations."/" = {
-              proxyPass = "http://freya.local:80/";
+              proxyPass = "http://${freya_ipv4}:80/";
               proxyWebsockets = true;
             };
           };
diff --git a/flake.nix b/flake.nix
index 7a35246..304db30 100644
--- a/flake.nix
+++ b/flake.nix
@@ -209,7 +209,7 @@
               ./freya/configuration.nix
 
               ./nixos_modules/garage.nix
-              # ./nixos_modules/nextcloud.nix
+              ./nixos_modules/nextcloud.nix
             ] ++ homeManagerModules ++ [
               { home-manager.users.bertof = import ./freya/hm.nix; }
             ];
diff --git a/nixos_modules/nextcloud.nix b/nixos_modules/nextcloud.nix
index 1d42505..6a705bb 100644
--- a/nixos_modules/nextcloud.nix
+++ b/nixos_modules/nextcloud.nix
@@ -1,4 +1,4 @@
-{ config, ... }: {
+{ pkgs, config, ... }: {
 
   age.secrets = {
     nextcloud_admin_secret = { file = ../secrets/nextcloud_admin_secret.age; owner = "nextcloud"; };
@@ -12,16 +12,17 @@
 
   services.nextcloud = {
     enable = true;
-    # package = pkgs.unstable_pkgs.nextcloud26;
+    package = pkgs.nextcloud26;
 
     hostName = "my-nextcloud.bertof.net";
-    maxUploadSize = "32G";
-    config.trustedProxies = [ "172.23.4.159" ];
+    maxUploadSize = "24G";
+    config.trustedProxies = [ "172.23.4.159" "fd80:56c2:e21c:f9c7:5399:93be:21a9:9fa0" "fe80::3079:d8ff:feb5:7d62" ];
     config.extraTrustedDomains = [ config.services.nextcloud.hostName "freya.local" ];
     config.adminpassFile = config.age.secrets.nextcloud_admin_secret.path;
+    config.overwriteProtocol = "https";
     config.objectstore.s3 = {
       enable = true;
-      bucket = "nextcloud";
+      bucket = "nextcloud-storage";
       autocreate = false;
       key = "GK622e38479552cbbbba48fd04";
       secretFile = config.age.secrets.nextcloud_bucket_secret.path;
@@ -32,4 +33,6 @@
       usePathStyle = true;
     };
   };
+
+  networking.firewall.allowedTCPPorts = [ 80 ];
 }