From a62560c2b7cff9e7f82b1453f8af036bb70d98be Mon Sep 17 00:00:00 2001
From: stubbfel <user@stubbfel>
Date: Sun, 26 Nov 2017 18:45:31 +0100
Subject: [PATCH 1/2] edet ssl cipher

---
 services/nextcloud.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/services/nextcloud.nix b/services/nextcloud.nix
index 78eff2e..72f5faa 100644
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@@ -9,6 +9,8 @@
         forceSSL = true;
         serverName = "cloud.stubbe.rocks";
         root = "/var/www/nextcloud/";
+        sslCiphers ="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!AES128";
+
         extraConfig = ''
           client_max_body_size 1024M;
           gzip off;

From 5f7acd102b79f7c454d0472d0bb2edfaf140640f Mon Sep 17 00:00:00 2001
From: stubbfel <user@stubbfel>
Date: Sun, 26 Nov 2017 18:48:04 +0100
Subject: [PATCH 2/2] mv option

---
 services/nextcloud.nix | 2 --
 services/nginx.nix     | 2 ++
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/services/nextcloud.nix b/services/nextcloud.nix
index 72f5faa..78eff2e 100644
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@@ -9,8 +9,6 @@
         forceSSL = true;
         serverName = "cloud.stubbe.rocks";
         root = "/var/www/nextcloud/";
-        sslCiphers ="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!AES128";
-
         extraConfig = ''
           client_max_body_size 1024M;
           gzip off;
diff --git a/services/nginx.nix b/services/nginx.nix
index fa348d7..037ea67 100644
--- a/services/nginx.nix
+++ b/services/nginx.nix
@@ -11,5 +11,7 @@ services.nginx = {
         recommendedOptimisation = true;
         recommendedProxySettings = true;
         recommendedTlsSettings = true;
+        sslCiphers ="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!AES128";
+
     };
 }