From 5125731b93edac24006101731d0a8682ac41de65 Mon Sep 17 00:00:00 2001
From: SebastianStork <sebastian.stork@pm.me>
Date: Tue, 27 Aug 2024 15:58:32 +0200
Subject: [PATCH] Force nextcloud to use https (jankily)

---
 modules/system/nextcloud/default.nix | 36 +++++++++++++++++++++-------
 1 file changed, 28 insertions(+), 8 deletions(-)

diff --git a/modules/system/nextcloud/default.nix b/modules/system/nextcloud/default.nix
index 90b172a..4002f51 100644
--- a/modules/system/nextcloud/default.nix
+++ b/modules/system/nextcloud/default.nix
@@ -19,14 +19,6 @@
       home = "/data/nextcloud";
       hostName = config.networking.fqdn;
 
-      autoUpdateApps = {
-        enable = true;
-        startAt = "04:00:00";
-      };
-      extraApps = {
-        inherit (config.services.nextcloud.package.packages.apps) contacts calendar;
-      };
-
       database.createLocally = true;
       config = {
         dbtype = "pgsql";
@@ -34,11 +26,39 @@
         adminpassFile = config.sops.secrets."nextcloud/admin-pass".path;
       };
 
+      https = true;
       settings = {
+        overwriteProtocol = "https";
         log_type = "file";
         default_phone_region = "DE";
         maintenance_window_start = "2"; # UTC
       };
+
+      autoUpdateApps = {
+        enable = true;
+        startAt = "04:00:00";
+      };
+      extraApps = {
+        inherit (config.services.nextcloud.package.packages.apps) contacts calendar;
+      };
+    };
+
+    services.nginx = {
+      enable = true;
+      virtualHosts.${config.services.nextcloud.hostName}.listen = [
+        {
+          addr = "0.0.0.0";
+          port = 8080;
+        }
+      ];
+    };
+
+    services.tailscale.permitCertUid = "caddy";
+    services.caddy = {
+      enable = true;
+      virtualHosts.${config.services.nextcloud.hostName}.extraConfig = ''
+        reverse_proxy localhost:8080
+      '';
     };
   };
 }