From a19ab9a661f6718510c14980ee6921b79e7c81a5 Mon Sep 17 00:00:00 2001
From: Felix Albrigtsen <felix@albrigtsen.it>
Date: Fri, 5 Jul 2024 23:04:51 +0200
Subject: [PATCH] challenger/nextcloud: fix and document memories/recognize

---
 hosts/challenger/services/nextcloud.nix | 31 +++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/hosts/challenger/services/nextcloud.nix b/hosts/challenger/services/nextcloud.nix
index 04d8997..a7bc0dd 100644
--- a/hosts/challenger/services/nextcloud.nix
+++ b/hosts/challenger/services/nextcloud.nix
@@ -45,6 +45,17 @@ in {
       };
       oidc_login_filter_allowed_values = [ "nextcloud-user" ];
       oidc_login_disable_registration = false;
+
+      memories = {
+        # exiftool = "${lib.getExe pkgs.exiftool}"; # TODO - not working, use perl
+        # exiftool_no_local = false;
+        vod = {
+          disable = false;
+          ffmpeg = "${lib.getExe pkgs.ffmpeg-headless}";
+          ffprobe = "${pkgs.ffmpeg-headless}/bin/ffprobe";
+        };
+      };
+      preview_ffmpeg_path = "${pkgs.ffmpeg-headless}/bin/ffmpeg";
     };
 
     secretFile = config.sops.secrets."nextcloud/secretsjson".path;
@@ -64,7 +75,10 @@ in {
     };
   };
 
-  environment.systemPackages = [ cfg.occ ];
+  environment.systemPackages = [
+    cfg.occ # "occ CMD" in the docs -> "sudo -u nextcloud nextcloud-occ CMD"
+    pkgs.nodejs_20 # For Recognize; Put /run/current-system/sw/bin/node in the "node_binary" field in the web UI -> Memories
+  ];
 
   sops.secrets."nextcloud/adminpass" = {
     mode = "0440";
@@ -87,6 +101,10 @@ in {
     } ];
   };
 
+  systemd.services.nextcloud-cron = {
+    path = [ pkgs.perl ]; # exiftool doesn't work, so make perl available instead
+  };
+
   systemd.services."nextcloud-setup" = {
     requires = [ "postgresql.service" ];
     after = [ "postgresql.service" ];
@@ -94,10 +112,12 @@ in {
 
   systemd.services."phpfpm-nextcloud" = {
     requires = [ "tank-nextcloud.mount" ];
+    path = [ pkgs.perl ];
     serviceConfig = {
+      PrivateDevices = lib.mkForce false;
       WorkingDirectory = "/tank/nextcloud";
+
       NoNewPrivileges = true;
-      PrivateDevices = true;
       PrivateMounts = true;
       PrivateTmp = true;
       ProtectClock = true;
@@ -118,4 +138,11 @@ in {
       CapabilityBoundingSet = "~CAP_FSETID ~CAP_SETFCAP ~CAP_SETUID ~CAP_SETGID ~CAP_SETPCAP ~CAP_NET_ADMIN ~CAP_SYS_ADMIN ~CAP_SYS_PTRACE ";
     };
   };
+
+  # Notes:
+  # - Install Memories and Recognize from the app store
+  #  - They might need to be forced on with "nextcloud-occ app:enable memories", etc.
+  # - Run "nextcloud-occ maintenance:repair" to fix broken paths
+  # - Download ai models and maps with the commands given in the ui
+  # - libtensorflow doesn't work properly through node, but recognize still works(?)
 }