From 1a677f273b5f137688bc553cc36ce7f39b670917 Mon Sep 17 00:00:00 2001 From: Alexander Tomokhov Date: Wed, 10 Jan 2024 01:49:51 +0400 Subject: [PATCH] fix nextcloud auth page redirection --- sp-modules/nextcloud/common.nix | 1 - sp-modules/nextcloud/module.nix | 23 ++++------------------- 2 files changed, 4 insertions(+), 20 deletions(-) diff --git a/sp-modules/nextcloud/common.nix b/sp-modules/nextcloud/common.nix index 99a3d8e..30f47e6 100644 --- a/sp-modules/nextcloud/common.nix +++ b/sp-modules/nextcloud/common.nix @@ -3,5 +3,4 @@ config: rec { secrets-filepath = "/etc/selfprivacy/secrets.json"; db-pass-filepath = "/var/lib/nextcloud/db-pass"; admin-pass-filepath = "/var/lib/nextcloud/admin-pass"; - hostName = "cloud.${sp.domain}"; } diff --git a/sp-modules/nextcloud/module.nix b/sp-modules/nextcloud/module.nix index 8fbedb3..db8105e 100644 --- a/sp-modules/nextcloud/module.nix +++ b/sp-modules/nextcloud/module.nix @@ -13,7 +13,8 @@ config = let inherit (import ./common.nix config) - sp secrets-filepath db-pass-filepath admin-pass-filepath hostName; + sp secrets-filepath db-pass-filepath admin-pass-filepath; + hostName = "cloud.${sp.domain}"; in lib.mkIf sp.modules.nextcloud.enable { fileSystems = lib.mkIf sp.useBinds { @@ -52,7 +53,7 @@ inherit hostName; # Use HTTPS for links - https = false; + https = true; # auto-update Nextcloud Apps autoUpdateApps.enable = true; @@ -65,7 +66,6 @@ dbtype = "sqlite"; dbuser = "nextcloud"; - dbhost = "/run/postgresql"; # nextcloud adds .s.PGSQL.5432 by itself dbname = "nextcloud"; dbpassFile = db-pass-filepath; adminpassFile = admin-pass-filepath; @@ -73,23 +73,8 @@ }; }; services.nginx.virtualHosts.${hostName} = { - useACMEHost = config.selfprivacy.domain; + useACMEHost = sp.domain; forceSSL = true; - extraConfig = '' - add_header Strict-Transport-Security $hsts_header; - #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; - add_header 'Referrer-Policy' 'origin-when-cross-origin'; - add_header X-Frame-Options DENY; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; - expires 10m; - ''; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:80/"; - }; - }; }; }; }