+3

.gitignore

reviewed

··· 33 33 34 34 # 3. Explicitly block sensitive patterns everywhere just in case 35 35 *.txt 36 36 + # Nextcloud meta files are plain text with no secrets — safe to track 37 37 + !/modules/server/nextcloud-meta/privacy.txt 38 38 + !/modules/server/nextcloud-meta/legal.txt 36 39 *.key 37 40 *.pem 38 41 *_rsa

+54

modules/server/nextcloud-meta/legal.txt

reviewed

··· 1 1 + LEGAL NOTICE 2 2 + ============ 3 3 + 4 4 + Last updated: March 2025 5 5 + 6 6 + Who runs this 7 7 + ------------- 8 8 + This Nextcloud instance is operated by Ewan Croft, based in the United Kingdom. 9 9 + If you need to get in touch for any reason: contact@ewancroft.uk 10 10 + 11 11 + What this is 12 12 + ------------ 13 13 + This is a private, non-commercial file storage service. It exists primarily 14 14 + for my own personal use, with occasional access extended to close family. It 15 15 + isn't open to the public and isn't trying to be. Access is restricted to a 16 16 + private Tailscale network (tailnet) and is not reachable from the public 17 17 + internet. 18 18 + 19 19 + Governing law 20 20 + ------------- 21 21 + This service is governed by the laws of England and Wales. Any disputes arising 22 22 + from its use fall under the exclusive jurisdiction of the courts of England and 23 23 + Wales. 24 24 + 25 25 + Data protection matters are governed by the retained Regulation (EU) 2016/679 26 26 + (UK GDPR), as incorporated into domestic law by the European Union (Withdrawal) 27 27 + Act 2018, and the Data Protection Act 2018 (c.12). The supervisory authority 28 28 + for data protection in the United Kingdom is the Information Commissioner's 29 29 + Office (ICO): https://ico.org.uk 30 30 + 31 31 + No warranties 32 32 + ------------- 33 33 + This service is provided as-is. I make no promises about uptime, data 34 34 + durability, or fitness for any particular purpose. Use it at your own risk. 35 35 + 36 36 + Limitation of liability 37 37 + ----------------------- 38 38 + To the fullest extent permitted by applicable law, I am not liable for any loss 39 39 + or damage — including loss of data — arising from use of or inability to use 40 40 + this service. 41 41 + 42 42 + Acceptable use 43 43 + -------------- 44 44 + Anyone with access is responsible for ensuring that anything they store here 45 45 + complies with applicable law. Don't upload or share anything unlawful. 46 46 + 47 47 + Your content is yours 48 48 + --------------------- 49 49 + Anyone with access retains full ownership of everything they upload. I claim 50 50 + no intellectual property rights over that content. 51 51 + 52 52 + Contact 53 53 + ------- 54 54 + For legal enquiries: contact@ewancroft.uk

+81

modules/server/nextcloud-meta/privacy.txt

reviewed

··· 1 1 + PRIVACY NOTICE 2 2 + ============== 3 3 + 4 4 + Last updated: March 2025 5 5 + 6 6 + Who runs this 7 7 + ------------- 8 8 + This Nextcloud instance is operated by Ewan Croft, based in the United Kingdom. 9 9 + Contact: contact@ewancroft.uk 10 10 + 11 11 + What this is 12 12 + ------------ 13 13 + This is a private, non-commercial Nextcloud instance, used primarily by me 14 14 + and occasionally by close family. Access is restricted to a private Tailscale 15 15 + network (tailnet). It is not accessible from the public internet. 16 16 + 17 17 + What data is collected 18 18 + ---------------------- 19 19 + Only what is put there: files, calendars, contacts, and anything else 20 20 + explicitly uploaded or created. No analytics, no telemetry, no third-party 21 21 + tracking. 22 22 + 23 23 + How that data is used 24 24 + --------------------- 25 25 + Solely for the personal purposes of whoever stored it. It is not processed 26 26 + for advertising, profiling, or anything commercial. 27 27 + 28 28 + To be direct about it: I have no interest in what anyone else stores here. 29 29 + Other users' files are their business. Privacy between users is the default 30 30 + behaviour, not a feature I had to consciously implement. The only circumstance 31 31 + in which I would access another user's data is for maintenance or migration 32 32 + purposes — and even then, only as much as the task actually requires. 33 33 + 34 34 + With that said: I'd recommend keeping original copies of anything important 35 35 + elsewhere. To quote myself: "it's running on a fucking laptop over wifi." I do 36 36 + my best to keep it reliable, but it shouldn't be anyone's only copy of 37 37 + something they care about. iCloud is a reasonable secondary option if you're 38 38 + already in the Apple ecosystem. 39 39 + 40 40 + Sharing 41 41 + ------- 42 42 + Nothing stored here is sold, licensed, or disclosed to any third party. Data 43 43 + isn't shared with external services unless explicitly configured by the person 44 44 + who owns that data (e.g. an external calendar sync). 45 45 + 46 46 + Where data is stored 47 47 + -------------------- 48 48 + On self-hosted hardware located in the United Kingdom. Nothing goes to 49 49 + third-party cloud storage. 50 50 + 51 51 + How long data is kept 52 52 + --------------------- 53 53 + For as long as the instance is running, or until it is deleted. Files and data 54 54 + can be removed at any time through the Nextcloud interface. 55 55 + 56 56 + Legal basis 57 57 + ----------- 58 58 + This instance is operated exclusively for personal and household purposes by a 59 59 + private individual. As such, it falls under the household exemption in Article 60 60 + 2(2)(c) of the retained Regulation (EU) 2016/679 (UK GDPR, as incorporated 61 61 + into domestic law by the European Union (Withdrawal) Act 2018), which excludes 62 62 + from the regulation any processing carried out by a natural person in the course 63 63 + of a purely personal or household activity. In plain terms: this is a family 64 64 + file server, not a data controller. 65 65 + 66 66 + The Data Protection Act 2018 (c.12) applies insofar as it governs processing 67 67 + outside that exemption. 68 68 + 69 69 + That said, I voluntarily apply the principles of lawfulness, fairness, 70 70 + transparency, and data minimisation set out in Article 5 of the UK GDPR — not 71 71 + because I'm required to, but because it's the right approach. 72 72 + 73 73 + Your rights 74 74 + ----------- 75 75 + Anyone whose personal data is held here has the right to access, correct, or 76 76 + erase it. To exercise any of these rights, contact me at contact@ewancroft.uk. 77 77 + 78 78 + Changes 79 79 + ------- 80 80 + This notice may be updated from time to time. The current version is always 81 81 + available at https://cloud.ewancroft.uk/.meta/privacy.txt

+16

modules/server/nextcloud.nix

reviewed

··· 30 30 { 31 31 config, 32 32 lib, 33 33 + pkgs, 33 34 ... 34 35 }: 35 36 let ··· 37 38 nc = cfg.nextcloud; 38 39 ncPort = toString nc.port; 39 40 caddyPort = toString nc.caddyPort; 41 41 + metaFiles = pkgs.linkFarm "nextcloud-meta" [ 42 42 + { 43 43 + name = "privacy.txt"; 44 44 + path = ./nextcloud-meta/privacy.txt; 45 45 + } 46 46 + { 47 47 + name = "legal.txt"; 48 48 + path = ./nextcloud-meta/legal.txt; 49 49 + } 50 50 + ]; 40 51 in 41 52 lib.mkIf cfg.services.nextcloud.enable { 42 53 ··· 183 194 extraConfig = '' 184 195 bind ${cfg.server.tailscaleIP} 185 196 tls ${cfg.server.acmeCertDir}/fullchain.pem ${cfg.server.acmeCertDir}/key.pem 197 197 + handle /.meta/* { 198 198 + uri strip_prefix /.meta 199 199 + root * ${metaFiles} 200 200 + file_server 201 201 + } 186 202 handle { 187 203 reverse_proxy http://127.0.0.1:${ncPort} { 188 204 transport http {