From 45495b114fb239b589bab66ab75061f031cf3f24 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Numbus?= <admin@numbus.eu>
Date: Sun, 1 Mar 2026 13:46:18 +0100
Subject: [PATCH] Fix nextcloud-quirk systemD service failures.

---
 modules/services/nextcloud.nix | 48 ++++++++++++++++++++--------------
 1 file changed, 29 insertions(+), 19 deletions(-)

diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
index 5384a42..fe683e3 100644
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -219,7 +219,7 @@ helper.mkPodmanService {
       onFailure = [ "service-failure-notify@%n.service" ];
       startLimitBurst = 5;
       startLimitIntervalSec = 600;
-      path = [ pkgs.coreutils pkgs.sudo pkgs.podman pkgs.systemd ];
+      path = [ pkgs.coreutils pkgs.sudo pkgs.podman pkgs.systemd pkgs.jq ];
       serviceConfig = {
         Type = "oneshot";
         RemainAfterExit = true;
@@ -242,25 +242,35 @@ helper.mkPodmanService {
 
         INSTALL_APPS_LIST=( "calendar" "contacts" "mail" "notes" "onlyoffice" "cookbook" "whiteboard" )
         REMOVE_APPS_LIST=( "activity" "federation" "webhook_listeners" "photos" "recommendations" "sharebymail" "teams" "support" "richdocumentscode" )
-        CURRENT_APPS_SIGNATURE="$(echo "''${INSTALL_APPS_LIST[@]}" "''${REMOVE_APPS_LIST[@]}")"
-        APPS_SIGNATURE_FILE="/var/lib/numbus-server/${name}/installed_apps.signature"
 
-        if [[ ! -f "$APPS_SIGNATURE_FILE" ]] || [[ "$(cat "$APPS_SIGNATURE_FILE")" != "$CURRENT_APPS_SIGNATURE" ]]; then
-          for app in ''${INSTALL_APPS_LIST[@]}; do
-            sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ --no-warnings app:install "$app"
-            sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ --no-warnings app:enable "$app"
-          done
-          for app in ''${REMOVE_APPS_LIST[@]}; do
-            sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ --no-warnings app:disable "$app"
-            sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ --no-warnings app:remove "$app"
-          done
-          sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ --no-warnings config:system:set onlyoffice DocumentServerInternalUrl --value="https://onlyoffice.${config.numbus.services.domain}/"
-          sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ --no-warnings config:system:set onlyoffice DocumentServerUrl --value="https://onlyoffice.${config.numbus.services.domain}/"
-          sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ --no-warnings config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_PASSWORD"
-          sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ --no-warnings config:app:set whiteboard collabBackendUrl --value="https://whiteboard.${config.numbus.services.domain}"
-          sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ --no-warnings config:app:set whiteboard jwt_secret_key --value="$WHITEBOARD_PASSWORD"
-          echo "$CURRENT_APPS_SIGNATURE" > "$APPS_SIGNATURE_FILE"
-        fi
+        OCC="sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ"
+        APPS_STATE=$($OCC app:list --output=json)
+
+        for app in ''${INSTALL_APPS_LIST[@]}; do
+          if ! echo "$APPS_STATE" | jq -e ".enabled[\"$app\"] or .disabled[\"$app\"]" > /dev/null; then
+            $OCC --no-warnings app:install "$app"
+            APPS_STATE=$($OCC app:list --output=json)
+          fi
+          if ! echo "$APPS_STATE" | jq -e ".enabled[\"$app\"]" > /dev/null; then
+            $OCC --no-warnings app:enable "$app"
+            APPS_STATE=$($OCC app:list --output=json)
+          fi
+        done
+        for app in ''${REMOVE_APPS_LIST[@]}; do
+          if echo "$APPS_STATE" | jq -e ".enabled[\"$app\"]" > /dev/null; then
+            $OCC --no-warnings app:disable "$app"
+            APPS_STATE=$($OCC app:list --output=json)
+          fi
+          if echo "$APPS_STATE" | jq -e ".enabled[\"$app\"] or .disabled[\"$app\"]" > /dev/null; then
+            $OCC --no-warnings app:remove "$app"
+            APPS_STATE=$($OCC app:list --output=json)
+          fi
+        done
+        sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ --no-warnings config:system:set onlyoffice DocumentServerInternalUrl --value="https://onlyoffice.${config.numbus.services.domain}/"
+        sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ --no-warnings config:system:set onlyoffice DocumentServerUrl --value="https://onlyoffice.${config.numbus.services.domain}/"
+        sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ --no-warnings config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_PASSWORD"
+        sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ --no-warnings config:app:set whiteboard collabBackendUrl --value="https://whiteboard.${config.numbus.services.domain}"
+        sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ --no-warnings config:app:set whiteboard jwt_secret_key --value="$WHITEBOARD_PASSWORD"
 
         if [[ ! -f /var/lib/numbus-server/${name}/croned.true ]]; then
           sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ background:cron