#------------------------------------------------------------
# nextcloud 
#------------------------------------------------------------

{
  return "# nextcloud is disabled\n" unless ($nextcloud{'status'} eq 'enabled');
  my $access = $nextcloud{'access'} || 'private';
  my $allow = ($access eq 'public')?'all granted':"ip $localAccess $externalSSLAccess";
  my $authtype = $nextcloud{'Authentication'} || 'none';

  my $maxupload = $nextcloud{'MaxUploadSize'} || '1024';
  my $maxpost = $maxupload+1;
  $maxupload .= 'M';
  $maxpost .= 'M';

  my $auth = '    # using internal nextcloud auth';
  if ($authtype eq 'http'){
    $auth =<<'EOF';
    <FilesMatch "^(admin|rest)\.php">
        SSLRequireSSL on
        AuthName "nextcloud"
        AuthType Basic
        AuthBasicProvider external
        AuthExternal pwauth
        Require valid-user
    </FilesMatch>
EOF
  }
  my $phpversion="83";
  my $version="30";
  my $search=qr/\s*'version'\s*=>\s*'([0-9]{2})\.[0-9]{1,2}.*/;
  if ( open NC, "</usr/share/nextcloud/config/config.php") {
     map {$version = $1 if /$search/ } <NC>;
     close NC;
  }
  $phpversion="81" if $version < 30;

  $OUT =<<_EOF;
<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=15552000"
</IfModule>
<Directory "/usr/share/nextcloud">
    Options +FollowSymLinks
    AllowOverride All
    <FilesMatch \\.(phar|php)\$>
        SetHandler "proxy:unix:/var/run/php-fpm/php${phpversion}-nextcloud.sock|fcgi://localhost"
    </FilesMatch>
    # access $access
    Require $allow
$auth
    <IfModule mod_dav.c>
        Dav off
    </IfModule>
    SetEnv HOME /usr/share/nextcloud
    SetEnv HTTP_HOME /usr/share/nextcloud
    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=\$1
</Directory>

<Directory "/home/e-smith/files/nextcloud/data/">
    # just in case if .htaccess gets disabled
    Require all denied
</Directory>
_EOF
}

