fix(nextcloud): disable mail and fix HMAC session encryption

2 files changed, 10 insertions, 19 deletions

diff --git a/modules/nixos/server/nextcloud/default.nix b/modules/nixos/server/nextcloud/default.nix
index 1a87ef6..ccaad46 100644
--- a/modules/nixos/server/nextcloud/default.nix
+++ b/modules/nixos/server/nextcloud/default.nix
@@ -26,6 +26,9 @@ in
         adminuser = "schererleander";
         adminpassFile = config.sops.secrets."nextcloud-admin-pass".path;
       };
+      secrets = {
+        secret = config.sops.secrets."nextcloud-secret".path;
+      };
       settings = {
         maintenance_window_start = 2; # 02:00
         default_phone_region = "de";
@@ -33,25 +36,8 @@ in
         trusted_domains = [ "cloud.schererleander.de" ];
         logtimezone = config.time.timeZone;
         log_type = "file";
-        enabledPreviewProviders = [
-          # Default
-          "OC\\Preview\\BMP"
-          "OC\\Preview\\GIF"
-          "OC\\Preview\\JPEG"
-          "OC\\Preview\\Krita"
-          "OC\\Preview\\MarkDown"
-          "OC\\Preview\\OpenDocument"
-          "OC\\Preview\\PNG"
-          "OC\\Preview\\TXT"
-          "OC\\Preview\\XBitmap"
-          # Non default
-          #"OC\\Preview\\Font"
-          "OC\\Preview\\HEIC"
-          "OC\\Preview\\MP3"
-          "OC\\Preview\\Movie"
-          "OC\\Preview\\PDF"
-          #"OC\\Preview\\SVG"
-        ];
+        # Disable mail functionality for single-user instance
+        mail_smtpmode = "null";
       };
       phpOptions."opcache.interned_strings_buffer" = "64";
     };
diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix
index 682596b..966cdc8 100644
--- a/modules/secrets/default.nix
+++ b/modules/secrets/default.nix
@@ -9,6 +9,11 @@
         owner = "root";
         mode = "0600";
       };
+      "nextcloud-secret" = {
+        owner = "nextcloud";
+        group = "nextcloud";
+        mode = "0400";
+      };
       "nextcloud-admin-pass" = {
         owner = "root";
         mode = "0600";