From c52c4e9705290f1fcd967b2ad40bb15bc13d2963 Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 4 Sep 2019 16:02:07 -0400
Subject: [PATCH] Generalize+explain LAN-side 172.18.96.1/255.255.224.0

---
 roles/nextcloud/templates/nextcloud.conf.j2 | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/roles/nextcloud/templates/nextcloud.conf.j2 b/roles/nextcloud/templates/nextcloud.conf.j2
index f3f717a63..ef80b4b59 100644
--- a/roles/nextcloud/templates/nextcloud.conf.j2
+++ b/roles/nextcloud/templates/nextcloud.conf.j2
@@ -12,14 +12,15 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud
     # PERMIT ACCESS FROM ALL IPv4 ADDRESSES:
     Require all granted
     # PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY:
-    #Require ip 127.0.0.1 172.18.96.1/255.255.224.0 192.168 10
+    #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} 192.168 10
 {% else %}
     # PERMIT ACCESS FROM ALL IPv4 ADDRESSES:
     #Require all granted
     # PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY:
-    Require ip 127.0.0.1 172.18.96.1/255.255.224.0 192.168 10
+    Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} 192.168 10
 {% endif %}
-    # AVOID THIS LINE WHICH CAUSES PROBLEMS IN SCHOOLS WITH 192.168.1.x etc:
+{# Reminder that {{ lan_ip }}/{{ lan_netmask }} is 172.18.96.1/255.255.224.0 #}
+    # AVOID THIS LINE AS IT OVERLY RESTRICTS SCHOOLS W/ 192.168.1.x, 10.x.y.z:
     #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0
     </IfModule>
     <IfModule !mod_authz_core.c>