nextcloud: Trust headers from public rev proxy

If Nextcloud does not have the Internet-facing reverse proxy listed in
its "trusted proxies" setting, it will mark all traffic as being from
the proxy itself.  This breaks brute force detection, etc.

group_vars/nextcloud.yml

@@ -9,6 +9,7 @@ pg_hba_extra:
 nextcloud_trusted_proxies:
 - 127.0.0.1
 - ::1
+- '{{ lookup("dig", groups["public-web"][0]) }}'
 nextcloud_trusted_domains:
 - nextcloud.pyrocufflink.net
 - nextcloud.pyrocufflink.blue