Minimal nextcloud/tailscale

Hello,

Starting with https://github.com/JupiterBroadcasting/nixconfigs/blob/ee69f11bc9afe94373660a0919e077e12d807dff/nextcloud.nix, I’m trying to get a nextcloud instance running accessible only through tailscale or on my lan but not publicly, so I removed the letsencrypt stuff. My repo is at GitHub - montyz/nixes and nextcloud.nix specifically is what I’m having trouble with. It seems like I can get a response through tailscale but nextcloud error message is about trusted domains not being set. If I uncomment the line about that, though, then I get connection refused:

        # enabling the following line changes the response from an error about trusted domains to connection_refused
        #extraTrustedDomains = [ "nix0" "100.116.112.27" ];

It’s inconsistent somehow, too. It was working, I uncommented that line and it gave the connection refused, I recommented that line and ran the sudo nixos-rebuild switch --flake .#nix0 command and it still had connection refused. I’m confused but wondering if I have anything obviously wrong in my config. Ideally I can get this working with the tailscale https functionality so it can handle the cert. I have that configured on the tailscale side and got the cert, still struggling with nextcloud itself.

I know this reply is over a month late, but I was able to successfully configure Nextcloud plus Tailscale with custom DNS.

The key is to use Caddy as a reverse proxy, and Caddy has a plugin aka module that works with Cloudflare DNS.

You can see a working config here, look at the host named sovserv: GitHub - jordan-bravo/.nix: My Nix Configs

I think OP asked about certificates for Tailscale tailnet domains and your solution uses Cloudflare. What is exactly your Cloudflare DNS setup? Does use public DNS or private DNS like Tailscale MagicDNS does?