Broken Nextcloud container after upgrade to 25.05

Hey folks, having a strange problem that I don’t quite know how to debug. I just upgraded a server from 24.11 to 25.05. I run a few services I’m likely to want more instances of or which need more host access (Forgejo, Nextcloud, Adguard Home) in containers. After an upgrade to 25.05, my Nextcloud container seems to have broken networking. The interface is up and has what appears to be the correct address, but it’s unable to ping any outside IPs, and so because Nextcloud doesn’t appear to set up, the container shuts down. I’m able to nixos-container root-login nextcloud while the setup is failing and poke around very briefly before systemd shuts down the container. I’ll include my Nextcloud config in a bit, but my entire config can be found here. A few questions first:

  1. Is this a known issue? I’ve tried searching but didn’t find anything definitive.
  2. Can I somehow keep the container from restarting when setup fails? It’s very hard to debug this when the system I’m debugging crashes, and not because it has to crash but because it times out.

Here’s my Nextcloud container config. I tried commenting out some Docker bits as well as other things I put in place to try getting xapps running, but that didn’t make a difference:

{
  services.postgresql = {
    ensureDatabases = [ "nextcloud" ];
    ensureUsers = [
      {
        name = "nextcloud";
        ensureDBOwnership = true;
      }
    ];
  };

  containers.nextcloud = {
    autoStart = true;
    privateNetwork = true;
    hostAddress = "192.168.0.1";
    localAddress = "192.168.0.3";
    config =
      {
        config,
        pkgs,
        lib,
        ...
      }:
      {
        environment.etc."nextcloud-admin-pass".text = "admin";
        nixpkgs.config.allowUnfree = true;
        services = {
          nextcloud = {
            enable = true;
            hostName = "nextcloud.thewordnerd.info";
            package = pkgs.nextcloud30;
            configureRedis = true;
            maxUploadSize = "16G";
            # autoUpdateApps.enable = true;
            notify_push = {
              enable = true;
              bendDomainToLocalhost = true;
            };
            webfinger = true;
            settings = {
              overwriteprotocol = "https";
              trusted_proxies = [
                "192.168.0.1"
              ];
              default_phone_region = "US";
              # loglevel = 0;
            };
            config = {
              dbtype = "pgsql";
              dbhost = "/run/postgresql";
              adminpassFile = "/etc/nextcloud-admin-pass";
            };
            phpOptions."opcache.interned_strings_buffer" = "23";
          };
          resolved.enable = true;
        };
        programs.nix-ld.enable = true;
        networking = {
          firewall.allowedTCPPorts = [ 80 ];
          useHostResolvConf = lib.mkForce false;
        };
        # virtualisation.docker.enable = true;
        # users.users.nextcloud.extraGroups = [ "docker" ];
        environment.systemPackages = with pkgs; [
          poppler_utils
          # (pkgs.writeScriptBin "occ" ''
          #   #!${pkgs.bash}/bin/bash
          #   exec nextcloud-occ "$@"
          # '')
        ];
        programs.java.binfmt = true;
        system.stateVersion = "24.11";
      };
    # https://discourse.nixos.org/t/podman-docker-in-nixos-container-ideally-in-unprivileged-one/22909/12
    # additionalCapabilities = [
    # ''all" --system-call-filter="add_key keyctl bpf" --capability="all''
    # ];
    bindMounts = {
      "/run/postgresql" = {
        hostPath = "/run/postgresql";
      };
    };
  };

  services.caddy.virtualHosts."nextcloud.thewordnerd.info".extraConfig = ''
    reverse_proxy nextcloud
    header Strict-Transport-Security max-age=31536000;
  '';

  services.caddy.virtualHosts."collabora.thewordnerd.info".extraConfig = ''
    reverse_proxy nextcloud:9980
  '';
}

Thanks.