From 720bde377b5287ff08355d7a71ccdca83caacabb Mon Sep 17 00:00:00 2001
From: provokateurin <kate@provokateurin.de>
Date: Sat, 10 May 2025 13:49:52 +0200
Subject: [PATCH] nixos/nextcloud: automatically import system certificates

By default Nextcloud manages its own certificates and ignores the system certificates.
Usually this is fine, but users will get confused why the additional certificates from `security.pki.certificateFiles` are not trusted by Nextcloud.
Calling the import command multiple times will just update the existing bundle file, so any certificates removed from the system certificates will also be removed from Nextcloud.
---
 nixos/modules/services/web-apps/nextcloud.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix
index 65845156fc498..8bf100f306ef2 100644
--- a/nixos/modules/services/web-apps/nextcloud.nix
+++ b/nixos/modules/services/web-apps/nextcloud.nix
@@ -1205,6 +1205,8 @@ in
 
               ${lib.getExe occ} upgrade
 
+              ${lib.getExe occ} security:certificates:import /etc/ssl/certs/ca-certificates.crt
+
               ${lib.getExe occ} config:system:delete trusted_domains
 
               ${optionalString (cfg.extraAppsEnable && cfg.extraApps != { }) ''