upRootNutrition/dotfiles
upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-12-06 21:17:14 -06:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

feat: added fedifetcher

Browse source
This commit is contained in:
Nick 2025-11-21 04:11:42 -06:00
parent 81f72f5d9d
commit 8904a9cad4
2 changed files with 83 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

100
modules/nixos/guests/mastodon/default.nix
View file

@ -14,18 +14,48 @@ let
host = serviceCfg.domains.url0; host = serviceCfg.domains.url0;
dns0 = instances.web.dns.provider0; dns0 = instances.web.dns.provider0;
dns0Path = "dns/${dns0}"; dns0Path = "dns/${dns0}";
fedifetcherConfig = pkgs.writeText "fedifetcher-config.json" (
builtins.toJSON {
server = host;
home-timeline-length = 200;
max-followings = 80;
from-notifications = 1;
max-bookmarks = 80;
max-favourites = 40;
backfill-with-context = 1;
backfill-mentioned-users = 1;
remember-users-for-hours = 168;
remember-hosts-for-days = 30;
http-timeout = 5;
lock-hours = 24;
log-level = "INFO";
}
);
fedifetcherPython = pkgs.python3.withPackages (
ps: with ps; [
requests
pytz
beautifulsoup4
]
);
fedifetcherSrc = pkgs.fetchFromGitHub {
owner = "nanos";
repo = "FediFetcher";
rev = "main";
sha256 = "sha256-J7psV/mA7okuuO7/aXVVWS9p63eMncG2CEEGN38ip0=";
};
in in
{ {
# If you need to start fresh for some reason, run these to create the new Admin account: # If you need to start fresh for some reason, run these to create the new Admin account:
# sudo -u mastodon mastodon-tootctl accounts create nick --email=nick@localhost --confirmed --role=Owner # sudo -u mastodon mastodon-tootctl accounts create nick --email=nick@localhost --confirmed --role=Owner
# sudo -u mastodon mastodon-tootctl accounts approve nick # sudo -u mastodon mastodon-tootctl accounts approve nick
# If you fuck up and lose the password, use this: # If you fuck up and lose the password, use this:
# sudo mastodon-tootctl accounts modify --reset-password nick # sudo mastodon-tootctl accounts modify --reset-password nick
# If you really fuck up and name yourself wrong, use this shit # If you really fuck up and name yourself wrong, use this shit
# sudo mastodon-tootctl accounts modify username --remove-role # sudo mastodon-tootctl accounts modify username --remove-role
# nixpkgs.overlays = [ # nixpkgs.overlays = [
# ( # (
# final: prev: { # final: prev: {
@ -39,7 +69,6 @@ in
# } # }
# ) # )
# ]; # ];
microvm.vms = { microvm.vms = {
${serviceCfg.name} = { ${serviceCfg.name} = {
autostart = true; autostart = true;
@ -132,14 +161,12 @@ in
root /var/lib/mastodon/public-system root /var/lib/mastodon/public-system
} }
} }
handle /api/v1/streaming/* { handle /api/v1/streaming/* {
reverse_proxy unix//run/mastodon-streaming/streaming.socket { reverse_proxy unix//run/mastodon-streaming/streaming.socket {
header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto} header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
header_up X-Forwarded-Host {http.request.header.X-Forwarded-Host} header_up X-Forwarded-Host {http.request.header.X-Forwarded-Host}
} }
} }
route * { route * {
file_server * { file_server * {
root ${pkgs.mastodon}/public root ${pkgs.mastodon}/public
@ -150,19 +177,15 @@ in
header_up X-Forwarded-Host {http.request.header.X-Forwarded-Host} header_up X-Forwarded-Host {http.request.header.X-Forwarded-Host}
} }
} }
handle_errors { handle_errors {
root * ${pkgs.mastodon}/public root * ${pkgs.mastodon}/public
rewrite 500.html rewrite 500.html
file_server file_server
} }
encode gzip encode gzip
header /* { header /* {
Strict-Transport-Security "max-age=31536000;" Strict-Transport-Security "max-age=31536000;"
} }
header /emoji/* Cache-Control "public, max-age=31536000, immutable" header /emoji/* Cache-Control "public, max-age=31536000, immutable"
header /packs/* Cache-Control "public, max-age=31536000, immutable" header /packs/* Cache-Control "public, max-age=31536000, immutable"
header /system/accounts/avatars/* Cache-Control "public, max-age=31536000, immutable" header /system/accounts/avatars/* Cache-Control "public, max-age=31536000, immutable"
@ -171,11 +194,9 @@ in
}; };
}; };
}; };
postgresql = { postgresql = {
enable = true; enable = true;
}; };
openssh = { openssh = {
enable = true; enable = true;
settings = { settings = {
@ -184,14 +205,12 @@ in
}; };
}; };
}; };
users.users.${serviceCfg.name}.extraGroups = [ users.users.${serviceCfg.name}.extraGroups = [
"postgres" "postgres"
]; ];
users.users.caddy.extraGroups = [ users.users.caddy.extraGroups = [
serviceCfg.name serviceCfg.name
]; ];
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
22 # SSH 22 # SSH
80 # Caddy 80 # Caddy
@ -201,7 +220,6 @@ in
2525 # SMTP 2525 # SMTP
5432 # Postgres 5432 # Postgres
]; ];
systemd = { systemd = {
services = { services = {
mastodon-init-dirs = { mastodon-init-dirs = {
@ -234,23 +252,57 @@ in
description = "Copy secrets from virtiofs to local filesystem"; description = "Copy secrets from virtiofs to local filesystem";
before = [ "mastodon-init-dirs.service" ]; before = [ "mastodon-init-dirs.service" ];
requiredBy = [ "mastodon-init-dirs.service" ]; requiredBy = [ "mastodon-init-dirs.service" ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
}; };
script = '' script = ''
mkdir -p /etc/mastodon-secrets mkdir -p /etc/mastodon-secrets
cp /run/secrets/pass /etc/mastodon-secrets/pass cp /run/secrets/pass /etc/mastodon-secrets/pass
cp /run/secrets/database /etc/mastodon-secrets/database cp /run/secrets/database /etc/mastodon-secrets/database
cp /run/secrets/redis /etc/mastodon-secrets/redis cp /run/secrets/redis /etc/mastodon-secrets/redis
cp /run/secrets/smtp /etc/mastodon-secrets/smtp cp /run/secrets/smtp /etc/mastodon-secrets/smtp
cp /run/secrets/fedifetcher-token /etc/mastodon-secrets/fedifetcher-token
chmod 755 /etc/mastodon-secrets chmod 755 /etc/mastodon-secrets
chmod 644 /etc/mastodon-secrets/* chmod 644 /etc/mastodon-secrets/*
''; '';
}; };
fedifetcher = {
description = "FediFetcher Service";
after = [
"network.target"
"mastodon-web.service"
];
serviceConfig = {
Type = "oneshot";
User = serviceCfg.name;
WorkingDirectory = "/var/lib/fedifetcher";
ExecStart =
let
script = pkgs.writeShellScript "fedifetcher-run" ''
set -e
export ACCESS_TOKEN=$(cat /etc/mastodon-secrets/fedifetcher-token)
${fedifetcherPython}/bin/python ${fedifetcherSrc}/find_posts.py \
-c=${fedifetcherConfig} \
--access-token="$ACCESS_TOKEN"
'';
in
"${script}";
};
};
}; };
timers.fedifetcher = {
description = "FediFetcher Timer";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*:0/15"; # Run every 15 minutes
Persistent = true;
Unit = "fedifetcher.service";
};
};
network = { network = {
enable = true; enable = true;
networks."20-lan" = { networks."20-lan" = {
@ -268,6 +320,7 @@ in
]; ];
}; };
}; };
services = { services = {
mastodon-init-db = { mastodon-init-db = {
serviceConfig = { serviceConfig = {
@ -276,6 +329,7 @@ in
}; };
systemd-tmpfiles-setup.after = [ "var-lib-mastodon.mount" ]; systemd-tmpfiles-setup.after = [ "var-lib-mastodon.mount" ];
}; };
tmpfiles.rules = [ tmpfiles.rules = [
"d /var/lib/mastodon 0755 mastodon mastodon -" "d /var/lib/mastodon 0755 mastodon mastodon -"
"Z /var/lib/mastodon 0755 mastodon mastodon -" "Z /var/lib/mastodon 0755 mastodon mastodon -"
@ -286,6 +340,7 @@ in
"d /var/lib/mastodon/public-system/media_attachments 0755 mastodon mastodon -" "d /var/lib/mastodon/public-system/media_attachments 0755 mastodon mastodon -"
"d /var/lib/mastodon/public-system/media_attachments/files 0755 mastodon mastodon -" "d /var/lib/mastodon/public-system/media_attachments/files 0755 mastodon mastodon -"
"d /var/lib/mastodon/public-system/site_uploads 0755 mastodon mastodon -" "d /var/lib/mastodon/public-system/site_uploads 0755 mastodon mastodon -"
"d /var/lib/fedifetcher 0755 mastodon mastodon -"
]; ];
}; };
@ -337,12 +392,17 @@ in
source = "/run/secrets/${serviceCfg.name}"; source = "/run/secrets/${serviceCfg.name}";
tag = "host_secrets"; tag = "host_secrets";
} }
{
mountPoint = "/var/lib/fedifetcher";
proto = "virtiofs";
source = "${serviceCfg.mntPaths.path0}/fedifetcher";
tag = "fedifetcher_data";
}
]; ];
}; };
}; };
}; };
}; };
sops = { sops = {
secrets = builtins.listToAttrs ( secrets = builtins.listToAttrs (
map map
@ -359,6 +419,7 @@ in
"database" "database"
"redis" "redis"
"pass" "pass"
"fedifetcher-token"
] ]
); );
}; };
@ -367,6 +428,7 @@ in
"d ${serviceCfg.mntPaths.path0} 0751 microvm wheel - -" "d ${serviceCfg.mntPaths.path0} 0751 microvm wheel - -"
"d ${serviceCfg.mntPaths.path0}/data 0751 microvm wheel - -" "d ${serviceCfg.mntPaths.path0}/data 0751 microvm wheel - -"
"d ${serviceCfg.mntPaths.path0}/database 0751 microvm wheel - -" "d ${serviceCfg.mntPaths.path0}/database 0751 microvm wheel - -"
"d ${serviceCfg.mntPaths.path0}/fedifetcher 0751 microvm wheel - -"
]; ];
services.caddy.virtualHosts."${host}" = { services.caddy.virtualHosts."${host}" = {
@ -376,9 +438,7 @@ in
header_up X-Real-IP {remote_host} header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host} header_up X-Forwarded-For {remote_host}
} }
tls ${serviceCfg.ssl.cert} ${serviceCfg.ssl.key} tls ${serviceCfg.ssl.cert} ${serviceCfg.ssl.key}
encode zstd gzip encode zstd gzip
''; '';
}; };

5
secrets/secrets.yaml
View file

@ -11,6 +11,7 @@ mastodon:
database: ENC[AES256_GCM,data:dYdLk9s4xZjHaIZCiKvLf/7HbcHVdMOk69JzYmXkX4lf,iv:IJKSR47LR08OuzPJZmfQnVUyOSjtUEmv0c/sGT9eIws=,tag:KUtW8ZKoZHBKvixVLYkNrQ==,type:str] database: ENC[AES256_GCM,data:dYdLk9s4xZjHaIZCiKvLf/7HbcHVdMOk69JzYmXkX4lf,iv:IJKSR47LR08OuzPJZmfQnVUyOSjtUEmv0c/sGT9eIws=,tag:KUtW8ZKoZHBKvixVLYkNrQ==,type:str]
redis: ENC[AES256_GCM,data:lrbTQAuay170fXNUGooG7bJg5lROItwUrnlKYBalo7Zp,iv:osaPJhqOpT5fm4ZYP7rbn0y/jzCfOu8+iPwO8KhRkuM=,tag:ByQjwCT7MtJjgpGWNAoffA==,type:str] redis: ENC[AES256_GCM,data:lrbTQAuay170fXNUGooG7bJg5lROItwUrnlKYBalo7Zp,iv:osaPJhqOpT5fm4ZYP7rbn0y/jzCfOu8+iPwO8KhRkuM=,tag:ByQjwCT7MtJjgpGWNAoffA==,type:str]
pass: ENC[AES256_GCM,data:VlWIQQK89E4FaIUNXu1+sPuEbSQIVdYeGVWt8eztCMpikVsmeFd+G3XxS1Zm76m0tNFZjF7oHILpCudHU4M8k810ePwadcUOiglCP4P2Dkn1vrrB384T5Ed9gn8NHo3S1HlXczsNKmy6j8fP2CNKSb8Mar5VQBbajqryA73bB9pI,iv:EvlNrU4ImdYe5/HQytXCxqDui3Df3oIcC1vLkor7be4=,tag:lnkyjWHyEUTWPVqjwYx+cg==,type:str] pass: ENC[AES256_GCM,data:VlWIQQK89E4FaIUNXu1+sPuEbSQIVdYeGVWt8eztCMpikVsmeFd+G3XxS1Zm76m0tNFZjF7oHILpCudHU4M8k810ePwadcUOiglCP4P2Dkn1vrrB384T5Ed9gn8NHo3S1HlXczsNKmy6j8fP2CNKSb8Mar5VQBbajqryA73bB9pI,iv:EvlNrU4ImdYe5/HQytXCxqDui3Df3oIcC1vLkor7be4=,tag:lnkyjWHyEUTWPVqjwYx+cg==,type:str]
fedifetcher-token: ENC[AES256_GCM,data:1P4B5rs63eFFyTFdcwwQjedufURFPWy+EMFQ5TxFcXG/+FYODj9Gh6sZ2WI=,iv:Qd0abGcexrOqYGq4zOSiU9hMJAcoBWmiQEK5ujgls8s=,tag:8WfMSOqLLFO/RiXjyeaQYg==,type:str]
peertube-smtp: ENC[AES256_GCM,data:rYwL0RNVvC9DUsSRJ5WpLX3VqT4zHYarxSe/tdRBHqs=,iv:cQKRbxdMOF+g84djLZcOk3hMYifucO+r0JxV8EnRjro=,tag:ZnN/LmQ/A3FR4bdJ9DYoEw==,type:str] peertube-smtp: ENC[AES256_GCM,data:rYwL0RNVvC9DUsSRJ5WpLX3VqT4zHYarxSe/tdRBHqs=,iv:cQKRbxdMOF+g84djLZcOk3hMYifucO+r0JxV8EnRjro=,tag:ZnN/LmQ/A3FR4bdJ9DYoEw==,type:str]
peertube-database: ENC[AES256_GCM,data:nm0bHwTcT+ROZc2BC9jx+tXWjZ3689rdn4fdYW+7JTU=,iv:EeQVBAIXPut9gs+I9WpRf7L3f7ACTeTWycUFIKAneKk=,tag:QjGQmZ3zMAgB/WDbxTZVIQ==,type:str] peertube-database: ENC[AES256_GCM,data:nm0bHwTcT+ROZc2BC9jx+tXWjZ3689rdn4fdYW+7JTU=,iv:EeQVBAIXPut9gs+I9WpRf7L3f7ACTeTWycUFIKAneKk=,tag:QjGQmZ3zMAgB/WDbxTZVIQ==,type:str]
peertube-redis: ENC[AES256_GCM,data:SQoPzPjgf4YN9dhvO0wo2DEra7cTgfZBx4vCBpNVSXI=,iv:mcCwYtE9E/Mb4V0j9NnU9WhaUMeBpX7BOcc8HGDiEvI=,tag:CsSiS4peZhnZ22uNtUC44w==,type:str] peertube-redis: ENC[AES256_GCM,data:SQoPzPjgf4YN9dhvO0wo2DEra7cTgfZBx4vCBpNVSXI=,iv:mcCwYtE9E/Mb4V0j9NnU9WhaUMeBpX7BOcc8HGDiEvI=,tag:CsSiS4peZhnZ22uNtUC44w==,type:str]
@ -65,7 +66,7 @@ sops:
bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD
aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig== aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-18T04:44:47Z" lastmodified: "2025-11-21T10:02:04Z"
mac: ENC[AES256_GCM,data:B7g1vWlTq3SgmEr5ZMRXMJDmZa9G0OMaNqQLciNVTEwbR8h98K/5qdUl9XieA2Pr5114XwpV838iniCOeQfW3R7YTfhATw71flr1p6mXdHPIErVSFdeCT+xLhRk2uxCQLfQGiiZDcsuFt82byEYhgeXgrgp6ivo/sQOLaXAnbSY=,iv:eK9F3/tLxiEJnumuU6zVDh34fvXl3skCb0e4woZ59kI=,tag:hcaf72tZ4WuL3oAR/nuuEA==,type:str] mac: ENC[AES256_GCM,data:5Q2J9yqR37J4S/PoOSK1btvUEmZZKEiSguWO2X/agiA4Xqqy1n6HMpyTJ1p2LYMiTDP1aFa1VaxKUObKjEPYOUpdzbteqCNvDR6mQAqh0BlOq+iUDZZW8d+vunmSeKgbEY9JJiEdUBNTyf4pu+vGhj37qWueksELsjQMojBDAt0=,iv:zlnZmYR/5hVqDlVA8azdoC0iO2pV/R27W6ZAXl96iPw=,tag:PX9VaSNl/Irahe65Ek2WQg==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0