From d77d77404189f260d9e88440ae3d303bb01d523f Mon Sep 17 00:00:00 2001 From: Ahwx Date: Thu, 26 Sep 2024 13:18:22 +0200 Subject: [PATCH] fix: nextcloud works now :) --- modules/services/nextcloud.nix | 50 ++-------------------------------- 1 file changed, 2 insertions(+), 48 deletions(-) diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix index bcd1e49..959f9ad 100644 --- a/modules/services/nextcloud.nix +++ b/modules/services/nextcloud.nix @@ -1,11 +1,9 @@ -{ config, ... }: +{ lib, config, ... }: { security.acme = { acceptTerms = true; preliminarySelfsigned = false; - defaults = { - email = "ahwx@ahwx.org"; - }; + # defaults.email = config.security.acme.defaults.email; }; services.nextcloud = { @@ -40,48 +38,4 @@ ]; }; }; - - services.nginx = { - enable = true; - recommendedGzipSettings = false; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - # Hardened TLS and HSTS preloading - appendHttpConfig = '' - # Add HSTS header with preloading to HTTPS requests. - # Do not add HSTS header to HTTP requests. - map $scheme $hsts_header { - https "max-age=31536000; includeSubdomains; preload"; - } - add_header Strict-Transport-Security $hsts_header; - - # Enable CSP for your services. - #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; - - # Minimize information leaked to other domains - add_header 'Referrer-Policy' 'origin-when-cross-origin'; - - # Disable embedding as a frame - add_header X-Frame-Options DENY; - - # Prevent injection of code in other mime types (XSS Attacks) - add_header X-Content-Type-Options nosniff; - - # This might create errors - # proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; - ''; - - virtualHosts = { - "${config.services.nextcloud.hostName}" = { - enableACME = true; - forceSSL = true; - locations = { - "/".proxyPass = "http://localhost:8080"; - "/".proxyWebsockets = true; - }; - }; - }; - }; }