commit 4259e931486c9d626d5ac83a2f5ce4ae46022d6c
author Skyler Grey <minion@clicks.codes> Sat Oct 21 21:37:03 2023 +0000
committer Skyler Grey <minion@clicks.codes> Sat Oct 21 21:41:54 2023 +0000
tree 06f46e36a002cddedca09d1aa924fd2ed1eea966
parent fe1740cc76af3fa3b69df4d588a3112384700003

Fix nextcloud and privatebin SSL config

Both of these were not properly configured for https+muitiple hosts. This commit
fixes that
- Enable SSL for privatebin
- Enable SSL for nextcloud
- Replace extra erroneous nextcloud.clicks.codes hostname with
  cloud.clicks.codes
- Repair missing SSL certificate generation options bug
  - This was impacting our ability to issue certifiates for our secondary
    hostnames

Change-Id: Ic9e7d4b0b5c83615f18c1e50579d9148ced71ba9

modules/nextcloud.nix

diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix
index 197ad89..d7d2490 100644
--- a/modules/nextcloud.nix
+++ b/modules/nextcloud.nix
@@ -14,9 +14,14 @@
   users.groups.nextcloud = { };
 
   services.nextcloud.enable = true;
+  services.nextcloud.https = true;
   services.nextcloud.config.adminpassFile =
     config.sops.secrets.nextcloud_admin_password.path;
   services.nextcloud.hostName = "nextcloud.clicks.codes";
+  services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
+    enableACME = true;
+    forceSSL = true;
+  };
   services.nextcloud.package = pkgs.nextcloud27;
   services.nextcloud.poolSettings = {
     pm = "dynamic";
@@ -35,7 +40,7 @@
     dbpassFile = config.sops.secrets.clicks_nextcloud_db_password.path;
     dbname = "nextcloud";
     dbhost = "localhost";
-    extraTrustedDomains = [ "nextcloud.clicks.codes" "docs.clicks.codes" ];
+    extraTrustedDomains = [ "cloud.clicks.codes" "docs.clicks.codes" ];
   };
 
   services.nextcloud.extraOptions = { social_login_auto_redirect = true; };