<matthewcroughan_>
danielrf[m]: Is it trivial to add FDroid apps as part of the build process?
<matthewcroughan_>
As part of what you were calling the android build pipeline?
<danielrf[m]>
matthewcroughan_: if you have an APK it's easy to add with the `apps.prebuilt` option
<danielrf[m]>
If you want to build from source then it's a bit more involved, but possible
<danielrf[m]>
My recommendation though is only to include apks in android builds for a few reasons:
<danielrf[m]>
1) They require privileged permissions
<danielrf[m]>
2) You need to patch/customize the application
<danielrf[m]>
3) You can't/don't want to rely on apks built by others
<samueldr>
even with (2), I'd probably prefer producing an f-droid repo from a standard nix build
<danielrf[m]>
Otherwise, the overhead of having to rebuild your entire OS every time you change an app seems like too much
<danielrf[m]>
samueldr: True, that would be better. I do still want to be able to generate f-droid repos from a collection of nix-built apks
<samueldr>
it'd allow out-of-sync updates to happen as they are needed
<danielrf[m]>
Last time I looked into it, the issue was singing the f-droid repo and apks
<danielrf[m]>
While robotnix can sign things with a sandbox exception for your keys, it's possible to use the `releaseScript` to do that entirely outside of nix
<danielrf[m]>
and I'd want something similar for f-droid--not having to only rely on using a sandbox exception for keys
<danielrf[m]>
s/singing/signing/
<jack[m]1>
I've been looking around for a way to include stuff like a declaritively managed and configured imap/matrix client into OTA builds. Having custom OTA builds per device, and encryption of credentials (with device certs exchanged at deployment time) seems simpler, but would require some work in the updater or patching of the apps. The MDM solutions seem ... like a lot of software.
<danielrf[m]>
Yes, customizing the build per device does seem easier--with a different OTA url for each device.
<danielrf[m]>
Some kind of declarative MDM solution would seem to be more the "right way" to do it, but likely more effort
<danielrf[m]>
I coudln't find any simple open source MDM software when I looked briefly last time
<danielrf[m]>
A nix-integrated MDM would be nice.
<danielrf[m]>
The analogy would be nixos : home-manager :: robotnix : robotnix-mdm
<danielrf[m]>
jack: The fact that you found that means you likely already know more about it than I do
<danielrf[m]>
From briefly looking, it does look like a decent place to start
<danielrf[m]>
I suppose your app would need to have "app restrictions" included that give you the settings you want to adjust
<jack[m]1>
I'm quite enamoured with being able to deploy both an IMAP server configuration and the client configuration from the same source expressions.
<jack[m]1>
Anyhow. I'll put together a markdown rfc and invite comments.
<danielrf[m]>
Yes, nix-level integration of some of the server/client configuration would be very nice. We can do a little bit of that already with the OTA server
<danielrf[m]>
Cool, I'll look forward to reading that!
<jack[m]1>
I remember something about the riot/element app having something similar. This reminds me of [Why I use Suckless Tools](https://christine.website/blog/why-i-use-suckless-tools-2020-06-05) by Christine Dodrill -- if you compile all of the serverUrl / usename stuff *into the binary*, then you don't need a `settings` UI. :)