felixalb/nixos-config
felixalb
/
nixos-config
mirror of https://git.feal.no/felixalb/nixos-config.git
2
2
Fork 0
Code Issues Activity

challenger/nextcloud: fix and document memories/recognize

This commit is contained in:
Felix Albrigtsen 2024-07-05 23:04:51 +02:00
parent 047d5b0d9d
commit a19ab9a661
1 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
hosts/challenger/services/nextcloud.nix
View File

@ -45,6 +45,17 @@ in {
}; };
oidc_login_filter_allowed_values = [ "nextcloud-user" ]; oidc_login_filter_allowed_values = [ "nextcloud-user" ];
oidc_login_disable_registration = false; oidc_login_disable_registration = false;
memories = {
# exiftool = "${lib.getExe pkgs.exiftool}"; # TODO - not working, use perl
# exiftool_no_local = false;
vod = {
disable = false;
ffmpeg = "${lib.getExe pkgs.ffmpeg-headless}";
ffprobe = "${pkgs.ffmpeg-headless}/bin/ffprobe";
};
};
preview_ffmpeg_path = "${pkgs.ffmpeg-headless}/bin/ffmpeg";
}; };
secretFile = config.sops.secrets."nextcloud/secretsjson".path; secretFile = config.sops.secrets."nextcloud/secretsjson".path;
@ -64,7 +75,10 @@ in {
}; };
}; };
environment.systemPackages = [ cfg.occ ]; environment.systemPackages = [
cfg.occ # "occ CMD" in the docs -> "sudo -u nextcloud nextcloud-occ CMD"
pkgs.nodejs_20 # For Recognize; Put /run/current-system/sw/bin/node in the "node_binary" field in the web UI -> Memories
];
sops.secrets."nextcloud/adminpass" = { sops.secrets."nextcloud/adminpass" = {
mode = "0440"; mode = "0440";
@ -87,6 +101,10 @@ in {
} ]; } ];
}; };
systemd.services.nextcloud-cron = {
path = [ pkgs.perl ]; # exiftool doesn't work, so make perl available instead
};
systemd.services."nextcloud-setup" = { systemd.services."nextcloud-setup" = {
requires = [ "postgresql.service" ]; requires = [ "postgresql.service" ];
after = [ "postgresql.service" ]; after = [ "postgresql.service" ];
@ -94,10 +112,12 @@ in {
systemd.services."phpfpm-nextcloud" = { systemd.services."phpfpm-nextcloud" = {
requires = [ "tank-nextcloud.mount" ]; requires = [ "tank-nextcloud.mount" ];
path = [ pkgs.perl ];
serviceConfig = { serviceConfig = {
PrivateDevices = lib.mkForce false;
WorkingDirectory = "/tank/nextcloud"; WorkingDirectory = "/tank/nextcloud";
NoNewPrivileges = true; NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true; PrivateMounts = true;
PrivateTmp = true; PrivateTmp = true;
ProtectClock = true; ProtectClock = true;
@ -118,4 +138,11 @@ in {
CapabilityBoundingSet = "~CAP_FSETID ~CAP_SETFCAP ~CAP_SETUID ~CAP_SETGID ~CAP_SETPCAP ~CAP_NET_ADMIN ~CAP_SYS_ADMIN ~CAP_SYS_PTRACE "; CapabilityBoundingSet = "~CAP_FSETID ~CAP_SETFCAP ~CAP_SETUID ~CAP_SETGID ~CAP_SETPCAP ~CAP_NET_ADMIN ~CAP_SYS_ADMIN ~CAP_SYS_PTRACE ";
}; };
}; };
# Notes:
# - Install Memories and Recognize from the app store
# - They might need to be forced on with "nextcloud-occ app:enable memories", etc.
# - Run "nextcloud-occ maintenance:repair" to fix broken paths
# - Download ai models and maps with the commands given in the ui
# - libtensorflow doesn't work properly through node, but recognize still works(?)
} }