fix: certbot nginx premission

system/dev/dn-pre7780/boot.nix

@@ -1,4 +1,9 @@
-{ pkgs, ... }:
+{
+  pkgs,
+  settings,
+  config,
+  ...
+}:
 
 {
   boot.kernelPackages = pkgs.linuxPackages_latest;
@@ -20,15 +25,34 @@
     ];
   };
 
+  users.groups.windows = {
+    gid = 1200;
+    members = [ settings.personal.username ];
+  };
+
   fileSystems."/mnt/windows" = {
+    enable = true;
     device = "/dev/disk/by-uuid/460237D00237C429";
     fsType = "ntfs-3g";
     options = [
       "nofail"
-      "uid=1000"
-      "gid=1000"
-      "dmask=077"
-      "fmask=077"
+      "users"
+      "uid=992"
+      "gid=${builtins.toString config.users.groups.windows.gid}"
+      "dmask=007"
+      "fmask=007"
+    ];
+  };
+
+  fileSystems."/mnt/nextcloud" = {
+    enable = true;
+    depends = [ "/mnt/windows" ];
+    device = "/mnt/windows/Linux/nextcloud";
+
+    fsType = "none";
+    options = [
+      "nofail"
+      "bind"
     ];
   };
 

system/dev/dn-pre7780/nextcloud.nix

@@ -44,18 +44,23 @@ in
       "nextcloud"
     ];
   };
+
   networking.firewall.allowedTCPPorts = [
     80
     443
   ];
 
+  users.groups.windows = {
+    members = [ "nextcloud" ];
+  };
+
   services.nextcloud = {
     enable = true;
-    datadir = "/mnt/windows/Linux/nextcloud";
+    datadir = "/mnt/nextcloud";
     package = pkgs.nextcloud31;
     configureRedis = true;
     hostName = "pre7780.net.dn";
-    https = false;
+    https = true;
 
     extraApps = {
       inherit (config.services.nextcloud.package.packages.apps)

system/modules/certbot.nix

@@ -23,7 +23,8 @@
       "REQUESTS_CA_BUNDLE" = ../extra/ca.crt;
     };
     serviceConfig = {
-      ExecStart = "${pkgs.certbot}/bin/certbot renew";
+      ExecStart = ''${pkgs.certbot}/bin/certbot renew'';
+      ExecStartPost = "${pkgs.busybox}/bin/chown nginx:nginx -R /etc/letsencrypt";
     };
   };
 }