From 03650c11c034109873ca2d5d46f329215d7d840b Mon Sep 17 00:00:00 2001
From: Amanda Graven <amanda@graven.dev>
Date: Sun, 22 Jan 2023 19:29:10 +0100
Subject: [PATCH] Nextcloud: Disable at rest encryption for better SSL

---
 config/hosts/rudiger/services/nextcloud.nix | 40 +++++++++++----------
 1 file changed, 21 insertions(+), 19 deletions(-)

diff --git a/config/hosts/rudiger/services/nextcloud.nix b/config/hosts/rudiger/services/nextcloud.nix
index 07a1b93..f8e7e92 100644
--- a/config/hosts/rudiger/services/nextcloud.nix
+++ b/config/hosts/rudiger/services/nextcloud.nix
@@ -1,22 +1,24 @@
 { config, pkgs, ... }:
 {
-  services.nextcloud = {
-    enable = true;
-    hostName = "cloud.graven.dev";
-    https = true;
-    package = pkgs.nextcloud25;
-    autoUpdateApps.enable = true;
-    maxUploadSize = "10G";
-    webfinger = true;
-    caching.redis = true;
-    config = {
-      dbtype = "pgsql";
-      dbuser = "nextcloud";
-      dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
-      dbname = "nextcloud";
-      defaultPhoneRegion = "DK";
-      adminpassFile = builtins.toString config.secrets.files.nc_admin_pass.file;
-      adminuser = "root";
-    };
-  };
+	services.nextcloud = {
+		enable = true;
+# Disables server-side file encryption for stronger SSL
+		enableBrokenCiphersForSSE = false;
+		hostName = "cloud.graven.dev";
+		https = true;
+		package = pkgs.nextcloud25;
+		autoUpdateApps.enable = true;
+		maxUploadSize = "10G";
+		webfinger = true;
+		caching.redis = true;
+		config = {
+			dbtype = "pgsql";
+			dbuser = "nextcloud";
+			dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
+				dbname = "nextcloud";
+			defaultPhoneRegion = "DK";
+			adminpassFile = builtins.toString config.secrets.files.nc_admin_pass.file;
+			adminuser = "root";
+		};
+	};
 }