upRootNutrition/dotfiles
upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-12-06 21:17:14 -06:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

feat: added fedifetcher

Browse source
This commit is contained in:
Nick 2025-11-21 04:11:42 -06:00
parent 81f72f5d9d
commit 8904a9cad4
2 changed files with 83 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

100
modules/nixos/guests/mastodon/default.nix
View file

@ -14,18 +14,48 @@ let
host = serviceCfg.domains.url0;
dns0 = instances.web.dns.provider0;
dns0Path = "dns/${dns0}";
fedifetcherConfig = pkgs.writeText "fedifetcher-config.json" (
builtins.toJSON {
server = host;
home-timeline-length = 200;
max-followings = 80;
from-notifications = 1;
max-bookmarks = 80;
max-favourites = 40;
backfill-with-context = 1;
backfill-mentioned-users = 1;
remember-users-for-hours = 168;
remember-hosts-for-days = 30;
http-timeout = 5;
lock-hours = 24;
log-level = "INFO";
}
);
fedifetcherPython = pkgs.python3.withPackages (
ps: with ps; [
requests
pytz
beautifulsoup4
]
);
fedifetcherSrc = pkgs.fetchFromGitHub {
owner = "nanos";
repo = "FediFetcher";
rev = "main";
sha256 = "sha256-J7psV/mA7okuuO7/aXVVWS9p63eMncG2CEEGN38ip0=";
};
in
{
# If you need to start fresh for some reason, run these to create the new Admin account:
# sudo -u mastodon mastodon-tootctl accounts create nick --email=nick@localhost --confirmed --role=Owner
# sudo -u mastodon mastodon-tootctl accounts approve nick
# If you fuck up and lose the password, use this:
# sudo mastodon-tootctl accounts modify --reset-password nick
# If you really fuck up and name yourself wrong, use this shit
# sudo mastodon-tootctl accounts modify username --remove-role
# nixpkgs.overlays = [
# (
# final: prev: {
@ -39,7 +69,6 @@ in
# }
# )
# ];
microvm.vms = {
${serviceCfg.name} = {
autostart = true;
@ -132,14 +161,12 @@ in
root /var/lib/mastodon/public-system
}
}
handle /api/v1/streaming/* {
reverse_proxy unix//run/mastodon-streaming/streaming.socket {
header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
header_up X-Forwarded-Host {http.request.header.X-Forwarded-Host}
}
}
route * {
file_server * {
root ${pkgs.mastodon}/public
@ -150,19 +177,15 @@ in
header_up X-Forwarded-Host {http.request.header.X-Forwarded-Host}
}
}
handle_errors {
root * ${pkgs.mastodon}/public
rewrite 500.html
file_server
}
encode gzip
header /* {
Strict-Transport-Security "max-age=31536000;"
}
header /emoji/* Cache-Control "public, max-age=31536000, immutable"
header /packs/* Cache-Control "public, max-age=31536000, immutable"
header /system/accounts/avatars/* Cache-Control "public, max-age=31536000, immutable"
@ -171,11 +194,9 @@ in
};
};
};
postgresql = {
enable = true;
};
openssh = {
enable = true;
settings = {
@ -184,14 +205,12 @@ in
};
};
};
users.users.${serviceCfg.name}.extraGroups = [
"postgres"
];
users.users.caddy.extraGroups = [
serviceCfg.name
];
networking.firewall.allowedTCPPorts = [
22 # SSH
80 # Caddy
@ -201,7 +220,6 @@ in
2525 # SMTP
5432 # Postgres
];
systemd = {
services = {
mastodon-init-dirs = {
@ -234,23 +252,57 @@ in
description = "Copy secrets from virtiofs to local filesystem";
before = [ "mastodon-init-dirs.service" ];
requiredBy = [ "mastodon-init-dirs.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
mkdir -p /etc/mastodon-secrets
cp /run/secrets/pass /etc/mastodon-secrets/pass
cp /run/secrets/database /etc/mastodon-secrets/database
cp /run/secrets/redis /etc/mastodon-secrets/redis
cp /run/secrets/smtp /etc/mastodon-secrets/smtp
cp /run/secrets/fedifetcher-token /etc/mastodon-secrets/fedifetcher-token
chmod 755 /etc/mastodon-secrets
chmod 644 /etc/mastodon-secrets/*
'';
};
fedifetcher = {
description = "FediFetcher Service";
after = [
"network.target"
"mastodon-web.service"
];
serviceConfig = {
Type = "oneshot";
User = serviceCfg.name;
WorkingDirectory = "/var/lib/fedifetcher";
ExecStart =
let
script = pkgs.writeShellScript "fedifetcher-run" ''
set -e
export ACCESS_TOKEN=$(cat /etc/mastodon-secrets/fedifetcher-token)
${fedifetcherPython}/bin/python ${fedifetcherSrc}/find_posts.py \
-c=${fedifetcherConfig} \
--access-token="$ACCESS_TOKEN"
'';
in
"${script}";
};
};
};
timers.fedifetcher = {
description = "FediFetcher Timer";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*:0/15"; # Run every 15 minutes
Persistent = true;
Unit = "fedifetcher.service";
};
};
network = {
enable = true;
networks."20-lan" = {
@ -268,6 +320,7 @@ in
];
};
};
services = {
mastodon-init-db = {
serviceConfig = {
@ -276,6 +329,7 @@ in
};
systemd-tmpfiles-setup.after = [ "var-lib-mastodon.mount" ];
};
tmpfiles.rules = [
"d /var/lib/mastodon 0755 mastodon mastodon -"
"Z /var/lib/mastodon 0755 mastodon mastodon -"
@ -286,6 +340,7 @@ in
"d /var/lib/mastodon/public-system/media_attachments 0755 mastodon mastodon -"
"d /var/lib/mastodon/public-system/media_attachments/files 0755 mastodon mastodon -"
"d /var/lib/mastodon/public-system/site_uploads 0755 mastodon mastodon -"
"d /var/lib/fedifetcher 0755 mastodon mastodon -"
];
};
@ -337,12 +392,17 @@ in
source = "/run/secrets/${serviceCfg.name}";
tag = "host_secrets";
}
{
mountPoint = "/var/lib/fedifetcher";
proto = "virtiofs";
source = "${serviceCfg.mntPaths.path0}/fedifetcher";
tag = "fedifetcher_data";
}
];
};
};
};
};
sops = {
secrets = builtins.listToAttrs (
map
@ -359,6 +419,7 @@ in
"database"
"redis"
"pass"
"fedifetcher-token"
]
);
};
@ -367,6 +428,7 @@ in
"d ${serviceCfg.mntPaths.path0} 0751 microvm wheel - -"
"d ${serviceCfg.mntPaths.path0}/data 0751 microvm wheel - -"
"d ${serviceCfg.mntPaths.path0}/database 0751 microvm wheel - -"
"d ${serviceCfg.mntPaths.path0}/fedifetcher 0751 microvm wheel - -"
];
services.caddy.virtualHosts."${host}" = {
@ -376,9 +438,7 @@ in
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
}
tls ${serviceCfg.ssl.cert} ${serviceCfg.ssl.key}
encode zstd gzip
'';
};