Nextcloud: Disable at rest encryption for better SSL

2023-01-22 19:29:10 +01:00 · 2023-01-22 19:29:10 +01:00 · 03650c11c0
parent 708014dbdc
commit 03650c11c0
1 changed files with 21 additions and 19 deletions
--- a/config/hosts/rudiger/services/nextcloud.nix
+++ b/config/hosts/rudiger/services/nextcloud.nix
@ -1,22 +1,24 @@
 { config, pkgs, ... }:
 {
-  services.nextcloud = {
+	services.nextcloud = {
-    enable = true;
+		enable = true;
-    hostName = "cloud.graven.dev";
+# Disables server-side file encryption for stronger SSL
-    https = true;
+		enableBrokenCiphersForSSE = false;
-    package = pkgs.nextcloud25;
+		hostName = "cloud.graven.dev";
-    autoUpdateApps.enable = true;
+		https = true;
-    maxUploadSize = "10G";
+		package = pkgs.nextcloud25;
-    webfinger = true;
+		autoUpdateApps.enable = true;
-    caching.redis = true;
+		maxUploadSize = "10G";
-    config = {
+		webfinger = true;
-      dbtype = "pgsql";
+		caching.redis = true;
-      dbuser = "nextcloud";
+		config = {
-      dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
+			dbtype = "pgsql";
-      dbname = "nextcloud";
+			dbuser = "nextcloud";
-      defaultPhoneRegion = "DK";
+			dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
-      adminpassFile = builtins.toString config.secrets.files.nc_admin_pass.file;
+				dbname = "nextcloud";
-      adminuser = "root";
+			defaultPhoneRegion = "DK";
-    };
+			adminpassFile = builtins.toString config.secrets.files.nc_admin_pass.file;
-  };
+			adminuser = "root";
 		};
 	};
 }