From 18b18929d7537d8acdab7bbd960221b3bc160c6d Mon Sep 17 00:00:00 2001
From: Robbert Gurdeep Singh <git@beardhatcode.be>
Date: Sat, 25 Sep 2021 22:19:14 +0200
Subject: [PATCH] nixos/nextcloud: add settings to manage nextcloud apps

Note the appstoreEnable which will prevent nextcloud form updating
nix-managed apps. This is needed because nextcloud will store an other
version of the app in /var/lib/nextcloud/store-apps and it will
no longer be manageable.
---
 nixos/modules/services/web-apps/nextcloud.nix | 60 ++++++++++++++++++-
 nixos/modules/services/web-apps/nextcloud.xml |  6 ++
 .../fetchnextcloudapp/default.nix             | 38 ++++++++++++
 pkgs/top-level/all-packages.nix               |  2 +
 4 files changed, 105 insertions(+), 1 deletion(-)
 create mode 100644 pkgs/build-support/fetchnextcloudapp/default.nix

diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix
index 5f6faeb170a6..452927e96abe 100644
--- a/nixos/modules/services/web-apps/nextcloud.nix
+++ b/nixos/modules/services/web-apps/nextcloud.nix
@@ -95,6 +95,50 @@ in {
       '';
       example = "/mnt/nextcloud-file";
     };
+    extraApps = mkOption {
+      type = types.attrsOf types.package;
+      default = { };
+      description = ''
+        Extra apps to install. Should be an attrSet of appid to packages generated by fetchNextcloudApp.
+        The appid must be identical to the "id" value in the apps appinfo/info.xml.
+        Using this will disable the appstore to prevent Nextcloud from updating these apps (see <xref linkend="opt-services.nextcloud.appstoreEnable" />).
+      '';
+      example = literalExample ''
+        {
+          maps = pkgs.fetchNextcloudApp {
+            name = "maps";
+            sha256 = "007y80idqg6b6zk6kjxg4vgw0z8fsxs9lajnv49vv1zjy6jx2i1i+useTheLatestVersion";
+            url = "https://github.com/nextcloud/maps/releases/download/v0.1.9/maps-0.1.9.tar.gz";
+            version = "0.1.9";
+          };
+          phonetrack = pkgs.fetchNextcloudApp {
+            name = "phonetrack";
+            sha256 = "0qf366vbahyl27p9mshfma1as4nvql6w75zy2zk5xwwbp343vsbc+breakSha";
+            url = "https://gitlab.com/eneiluj/phonetrack-oc/-/wikis/uploads/931aaaf8dca24bf31a7e169a83c17235/phonetrack-0.6.9.tar.gz";
+            version = "0.6.9";
+          };
+        }
+        '';
+    };
+    extraAppsEnable = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        Automatically enable the apps in <xref linkend="opt-services.nextcloud.extraApps" /> every time nextcloud starts.
+        If set to false, apps need to be enabled in the Nextcloud user interface or with nextcloud-occ app:enable.
+      '';
+    };
+    appstoreEnable = mkOption {
+      type = types.nullOr types.bool;
+      default = null;
+      example = true;
+      description = ''
+        Allow the installation of apps and app updates from the store.
+        Enabled by default unless there are packages in <xref linkend="opt-services.nextcloud.extraApps" />.
+        Set to true to force enable the store even if <xref linkend="opt-services.nextcloud.extraApps" /> is used.
+        Set to false to disable the installation of apps from the global appstore. App management is always enabled regardless of this setting.
+      '';
+    };
     logLevel = mkOption {
       type = types.ints.between 0 4;
       default = 2;
@@ -591,9 +635,15 @@ in {
             ''}
             $CONFIG = [
               'apps_paths' => [
+                ${optionalString (cfg.extraApps != { }) "[ 'path' => '${cfg.home}/nix-apps', 'url' => '/nix-apps', 'writable' => false ],"}
                 [ 'path' => '${cfg.home}/apps', 'url' => '/apps', 'writable' => false ],
                 [ 'path' => '${cfg.home}/store-apps', 'url' => '/store-apps', 'writable' => true ],
               ],
+              ${if (cfg.appstoreEnable != null)
+                then '''appstoreenabled' => ${lib.boolToString cfg.appstoreEnable},''
+                else (if (cfg.extraApps != { })
+                      then '''appstoreenabled' => false,''
+                      else "")}
               'datadirectory' => '${datadir}/data',
               'skeletondirectory' => '${cfg.skeletonDirectory}',
               ${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"}
@@ -679,10 +729,14 @@ in {
             fi
 
             ln -sf ${cfg.package}/apps ${cfg.home}/
+            rm -rf ${cfg.home}/nix-apps
+
+            #Install extra apps
+            ln -sfT ${pkgs.linkFarm "nix-apps" (lib.mapAttrsToList (name: target: {name=name; path=target;}) cfg.extraApps)} ${cfg.home}/nix-apps
 
             # create nextcloud directories.
             # if the directories exist already with wrong permissions, we fix that
-            for dir in ${datadir}/config ${datadir}/data ${cfg.home}/store-apps; do
+            for dir in ${datadir}/config ${datadir}/data ${cfg.home}/store-apps ${cfg.home}/nix-apps; do
               if [ ! -e $dir ]; then
                 install -o nextcloud -g nextcloud -d $dir
               elif [ $(stat -c "%G" $dir) != "nextcloud" ]; then
@@ -781,6 +835,10 @@ in {
             priority = 201;
             extraConfig = "root ${cfg.home};";
           };
+          "~ ^/nix-apps" = {
+            priority = 201;
+            extraConfig = "root ${cfg.home};";
+          };
           "^~ /.well-known" = {
             priority = 210;
             extraConfig = ''
diff --git a/nixos/modules/services/web-apps/nextcloud.xml b/nixos/modules/services/web-apps/nextcloud.xml
index ed84487d233a..f51d1304c1b6 100644
--- a/nixos/modules/services/web-apps/nextcloud.xml
+++ b/nixos/modules/services/web-apps/nextcloud.xml
@@ -237,6 +237,12 @@
    Some apps may require extra PHP extensions to be installed.
    This can be configured with the <xref linkend="opt-services.nextcloud.phpExtraExtensions" /> setting.
   </para>
+
+  <para>
+   Alternatively, extra apps can also be declared in with the <xref linkend="opt-services.nextcloud.extraApps" /> setting.
+   When using this setting, apps can no longer be managed statefully because this can lead to Nextcloud updating apps
+   that are managed by Nix. If you want automatic updates it is recommended that you use web interface to install apps.
+  </para>
  </section>
 
  <section xml:id="module-services-nextcloud-maintainer-info">
diff --git a/pkgs/build-support/fetchnextcloudapp/default.nix b/pkgs/build-support/fetchnextcloudapp/default.nix
new file mode 100644
index 000000000000..a7cb5209a7ae
--- /dev/null
+++ b/pkgs/build-support/fetchnextcloudapp/default.nix
@@ -0,0 +1,38 @@
+{ stdenv, gnutar, findutils, fetchurl, ... }:
+{ name
+, url
+, version
+, sha256
+, patches ? [ ]
+}:
+stdenv.mkDerivation {
+  name = "nc-app-${name}";
+  inherit version patches;
+
+  src = fetchurl {
+    url = url;
+    sha256 = sha256;
+  };
+
+  nativeBuildInputs = [
+    gnutar
+    findutils
+  ];
+
+  unpackPhase = ''
+    tar -xzpf $src
+  '';
+
+  installPhase = ''
+    approot="$(dirname $(dirname $(find -path '*/appinfo/info.xml' | head -n 1)))"
+
+    if [ -d "$approot" ];
+    then
+      mv "$approot/" $out
+      chmod -R a-w $out
+    else
+      echo "Could not find appinfo/info.xml"
+      exit 1;
+    fi
+  '';
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 18c5484a9b18..14fed07d3aa3 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -520,6 +520,8 @@ with pkgs;
       tests = callPackages ../build-support/fetchfirefoxaddon/tests.nix { };
     };
 
+  fetchNextcloudApp = callPackage ../build-support/fetchnextcloudapp {};
+
   # `fetchurl' downloads a file from the network.
   fetchurl = if stdenv.buildPlatform != stdenv.hostPlatform
     then buildPackages.fetchurl # No need to do special overrides twice,