challenger/nextcloud: fix and document memories/recognize

2024-07-05 23:04:51 +02:00 · 2024-07-05 23:04:51 +02:00 · a19ab9a661
commit a19ab9a661
parent 047d5b0d9d
1 changed files with 29 additions and 2 deletions
--- a/hosts/challenger/services/nextcloud.nix
+++ b/hosts/challenger/services/nextcloud.nix
@ -45,6 +45,17 @@ in {
      };
      oidc_login_filter_allowed_values = [ "nextcloud-user" ];
      oidc_login_disable_registration = false;
+
+      memories = {
+        # exiftool = "${lib.getExe pkgs.exiftool}"; # TODO - not working, use perl
+        # exiftool_no_local = false;
+        vod = {
+          disable = false;
+          ffmpeg = "${lib.getExe pkgs.ffmpeg-headless}";
+          ffprobe = "${pkgs.ffmpeg-headless}/bin/ffprobe";
+        };
+      };
+      preview_ffmpeg_path = "${pkgs.ffmpeg-headless}/bin/ffmpeg";
    };

    secretFile = config.sops.secrets."nextcloud/secretsjson".path;
@ -64,7 +75,10 @@ in {
    };
  };

-  environment.systemPackages = [ cfg.occ ];
+  environment.systemPackages = [
+    cfg.occ # "occ CMD" in the docs -> "sudo -u nextcloud nextcloud-occ CMD"
+    pkgs.nodejs_20 # For Recognize; Put /run/current-system/sw/bin/node in the "node_binary" field in the web UI -> Memories
+  ];

  sops.secrets."nextcloud/adminpass" = {
    mode = "0440";
@ -87,6 +101,10 @@ in {
    } ];
  };

+  systemd.services.nextcloud-cron = {
+    path = [ pkgs.perl ]; # exiftool doesn't work, so make perl available instead
+  };
+
  systemd.services."nextcloud-setup" = {
    requires = [ "postgresql.service" ];
    after = [ "postgresql.service" ];
@ -94,10 +112,12 @@ in {

  systemd.services."phpfpm-nextcloud" = {
    requires = [ "tank-nextcloud.mount" ];
+    path = [ pkgs.perl ];
    serviceConfig = {
+      PrivateDevices = lib.mkForce false;
      WorkingDirectory = "/tank/nextcloud";
+
      NoNewPrivileges = true;
-      PrivateDevices = true;
      PrivateMounts = true;
      PrivateTmp = true;
      ProtectClock = true;
@ -118,4 +138,11 @@ in {
      CapabilityBoundingSet = "~CAP_FSETID ~CAP_SETFCAP ~CAP_SETUID ~CAP_SETGID ~CAP_SETPCAP ~CAP_NET_ADMIN ~CAP_SYS_ADMIN ~CAP_SYS_PTRACE ";
    };
  };
+
+  # Notes:
+  # - Install Memories and Recognize from the app store
+  #  - They might need to be forced on with "nextcloud-occ app:enable memories", etc.
+  # - Run "nextcloud-occ maintenance:repair" to fix broken paths
+  # - Download ai models and maps with the commands given in the ui
+  # - libtensorflow doesn't work properly through node, but recognize still works(?)
 }