From 1a677f273b5f137688bc553cc36ce7f39b670917 Mon Sep 17 00:00:00 2001
From: Alexander Tomokhov <alexoundos@selfprivacy.org>
Date: Wed, 10 Jan 2024 01:49:51 +0400
Subject: [PATCH] fix nextcloud auth page redirection

---
 sp-modules/nextcloud/common.nix |  1 -
 sp-modules/nextcloud/module.nix | 23 ++++-------------------
 2 files changed, 4 insertions(+), 20 deletions(-)

diff --git a/sp-modules/nextcloud/common.nix b/sp-modules/nextcloud/common.nix
index 99a3d8e..30f47e6 100644
--- a/sp-modules/nextcloud/common.nix
+++ b/sp-modules/nextcloud/common.nix
@@ -3,5 +3,4 @@ config: rec {
   secrets-filepath = "/etc/selfprivacy/secrets.json";
   db-pass-filepath = "/var/lib/nextcloud/db-pass";
   admin-pass-filepath = "/var/lib/nextcloud/admin-pass";
-  hostName = "cloud.${sp.domain}";
 }
diff --git a/sp-modules/nextcloud/module.nix b/sp-modules/nextcloud/module.nix
index 8fbedb3..db8105e 100644
--- a/sp-modules/nextcloud/module.nix
+++ b/sp-modules/nextcloud/module.nix
@@ -13,7 +13,8 @@
   config =
     let
       inherit (import ./common.nix config)
-        sp secrets-filepath db-pass-filepath admin-pass-filepath hostName;
+        sp secrets-filepath db-pass-filepath admin-pass-filepath;
+      hostName = "cloud.${sp.domain}";
     in
     lib.mkIf sp.modules.nextcloud.enable {
       fileSystems = lib.mkIf sp.useBinds {
@@ -52,7 +53,7 @@
         inherit hostName;
 
         # Use HTTPS for links
-        https = false;
+        https = true;
 
         # auto-update Nextcloud Apps
         autoUpdateApps.enable = true;
@@ -65,7 +66,6 @@
 
           dbtype = "sqlite";
           dbuser = "nextcloud";
-          dbhost = "/run/postgresql"; # nextcloud adds .s.PGSQL.5432 by itself
           dbname = "nextcloud";
           dbpassFile = db-pass-filepath;
           adminpassFile = admin-pass-filepath;
@@ -73,23 +73,8 @@
         };
       };
       services.nginx.virtualHosts.${hostName} = {
-      useACMEHost = config.selfprivacy.domain;
+        useACMEHost = sp.domain;
         forceSSL = true;
-        extraConfig = ''
-          add_header Strict-Transport-Security $hsts_header;
-          #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
-          add_header 'Referrer-Policy' 'origin-when-cross-origin';
-          add_header X-Frame-Options DENY;
-          add_header X-Content-Type-Options nosniff;
-          add_header X-XSS-Protection "1; mode=block";
-          proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
-          expires 10m;
-        '';
-        locations = {
-          "/" = {
-            proxyPass = "http://127.0.0.1:80/";
-          };
-        };
       };
     };
 }