Why not this way?
vi /etc/logrotate.d/nextcloud
/mnt/ncdata/nextcloud.log {
daily
rotate 7
compress
delaycompress
missingok
# If fail2ban runs as non-root it still needs to have write access
# to logfiles.
# create 640 fail2ban adm
create 644 www-data www-data
}
You can test by running: logrotate -f /etc/logrotate.conf
The first run will create a nextcloud.log.1, the secong run will create a nextcloud.log.1.gz and so on …