diff --git a/modules/nixos/guests/defenseio/default.nix b/modules/nixos/guests/defenseio/default.nix index e6f7f67..e56ae26 100755 --- a/modules/nixos/guests/defenseio/default.nix +++ b/modules/nixos/guests/defenseio/default.nix @@ -75,12 +75,12 @@ in ]; mem = let - num = 1024; - ceresRam = num * 50; - erisRam = num * 7; - marsRam = num * 22; - deimosRam = num * 7; - phobosRam = num * 7; + num = num: (num * 1024); + ceresRam = num 50; + erisRam = num 7; + marsRam = num 22; + deimosRam = num 7; + phobosRam = num 7; in deviceLogic ceresRam erisRam marsRam deimosRam phobosRam; shares = [ diff --git a/modules/nixos/guests/mastodon/config/chars.patch b/modules/nixos/guests/mastodon/config/chars.patch index e48a993..80b2c00 100755 --- a/modules/nixos/guests/mastodon/config/chars.patch +++ b/modules/nixos/guests/mastodon/config/chars.patch @@ -1,34 +1,20 @@ -diff --git a/app/javascript/mastodon/features/compose/components/compose_form.jsx b/app/javascript/mastodon/features/compose/components/compose_form.jsx -index 9222b2dc8..962310a28 100644 ---- a/app/javascript/mastodon/features/compose/components/compose_form.jsx -+++ b/app/javascript/mastodon/features/compose/components/compose_form.jsx -@@ -100,7 +100,7 @@ class ComposeForm extends ImmutablePureComponent { - const fulltext = this.getFulltextForCharacterCounting(); - const isOnlyWhitespace = fulltext.length !== 0 && fulltext.trim().length === 0; +diff --git a/app/javascript/mastodon/features/compose/containers/compose_form_container.js b/app/javascript/mastodon/features/compose/containers/compose_form_container.js +--- a/app/javascript/mastodon/features/compose/containers/compose_form_container.js ++++ b/app/javascript/mastodon/features/compose/containers/compose_form_container.js +@@ -32,5 +32,5 @@ + isInReply: state.getIn(['compose', 'in_reply_to']) !== null, + lang: state.getIn(['compose', 'language']), +- maxChars: state.getIn(['server', 'server', 'configuration', 'statuses', 'max_characters'], 500), ++ maxChars: state.getIn(['server', 'server', 'configuration', 'statuses', 'max_characters'], 5000), + }); -- return !(isSubmitting || isUploading || isChangingUpload || length(fulltext) > 500 || (isOnlyWhitespace && !anyMedia)); -+ return !(isSubmitting || isUploading || isChangingUpload || length(fulltext) > 5000 || (isOnlyWhitespace && !anyMedia)); - }; - - handleSubmit = (e) => { -@@ -297,7 +297,7 @@ class ComposeForm extends ImmutablePureComponent { - - -
-- -+ -
- - diff --git a/app/validators/status_length_validator.rb b/app/validators/status_length_validator.rb -index dc841ded3..9cb1ec94b 100644 --- a/app/validators/status_length_validator.rb +++ b/app/validators/status_length_validator.rb -@@ -1,7 +1,7 @@ - # frozen_string_literal: true +@@ -2,6 +2,6 @@ class StatusLengthValidator < ActiveModel::Validator - MAX_CHARS = 500 + MAX_CHARS = 5000 URL_PLACEHOLDER_CHARS = 23 - URL_PLACEHOLDER = 'x' * 23 \ No newline at end of file + URL_PLACEHOLDER = 'x' * 23 diff --git a/modules/nixos/guests/mastodon/default.nix b/modules/nixos/guests/mastodon/default.nix index 5158ac3..f0a3f76 100755 --- a/modules/nixos/guests/mastodon/default.nix +++ b/modules/nixos/guests/mastodon/default.nix @@ -14,31 +14,58 @@ let host = serviceCfg.domains.url0; dns0 = instances.web.dns.provider0; dns0Path = "dns/${dns0}"; + + fedifetcherConfig = pkgs.writeText "fedifetcher-config.json" ( + builtins.toJSON { + server = "https://${host}"; + home-timeline-length = 200; + max-followings = 80; + from-notifications = 1; + max-bookmarks = 80; + max-favourites = 40; + backfill-with-context = 1; + backfill-mentioned-users = 1; + remember-users-for-hours = 168; + remember-hosts-for-days = 30; + http-timeout = 5; + lock-hours = 24; + log-level = "INFO"; + } + ); + + fedifetcherPython = pkgs.python3.withPackages ( + ps: with ps; [ + requests + pytz + beautifulsoup4 + ] + ); + + fedifetcherSrc = pkgs.fetchFromGitHub { + owner = "nanos"; + repo = "FediFetcher"; + rev = "main"; + hash = "sha256-/J7psV/mA7okuuO7/aXVVWS9p63eMncG2CEEGN38ip0="; + }; in { # If you need to start fresh for some reason, run these to create the new Admin account: # sudo -u mastodon mastodon-tootctl accounts create nick --email=nick@localhost --confirmed --role=Owner # sudo -u mastodon mastodon-tootctl accounts approve nick - # If you fuck up and lose the password, use this: # sudo mastodon-tootctl accounts modify --reset-password nick - # If you really fuck up and name yourself wrong, use this shit # sudo mastodon-tootctl accounts modify username --remove-role - # nixpkgs.overlays = [ - # ( - # final: prev: { - # mastodon = prev.mastodon.overrideAttrs (oldAttrs: { - # postPatch = - # (oldAttrs.postPatch or "") - # + '' - # patch -p1 < ${./chars.patch} - # ''; - # }); - # } - # ) - # ]; + nixpkgs.overlays = [ + (final: prev: { + mastodon = prev.mastodon.overrideAttrs (oldAttrs: { + patches = (oldAttrs.patches or [ ]) ++ [ + ./config/chars.patch + ]; + }); + }) + ]; microvm.vms = { ${serviceCfg.name} = { @@ -48,6 +75,7 @@ in system.stateVersion = "24.05"; time.timeZone = "America/Winnipeg"; users.users.root.openssh.authorizedKeys.keys = flake.config.people.users.${user0}.sshKeys; + services = { ${serviceCfg.name} = { enable = true; @@ -64,12 +92,21 @@ in passwordFile = "/etc/mastodon-secrets/database"; }; extraConfig = { - SINGLE_USER_MODE = "true"; + SINGLE_USER_MODE = "false"; SMTP_AUTH_METHOD = "plain"; SMTP_DELIVERY_METHOD = "smtp"; SMTP_ENABLE_STARTTLS_AUTO = "true"; SMTP_SSL = "false"; }; + + # if you're starting from scratch, you gotta cd into /var/lib/mastodon and run: + # sudo -u mastodon mastodon-tootctl search deploy + + elasticsearch = { + preset = "single_node_cluster"; + host = hostCfg.localhost.address0; + port = 9200; + }; mediaAutoRemove = { enable = true; olderThanDays = 14; @@ -81,20 +118,15 @@ in sidekiqThreads = 25; sidekiqProcesses = { all = { - jobClasses = [ - ]; + jobClasses = [ ]; threads = null; }; default = { - jobClasses = [ - "default" - ]; + jobClasses = [ "default" ]; threads = 5; }; ingress = { - jobClasses = [ - "ingress" - ]; + jobClasses = [ "ingress" ]; threads = 5; }; push-pull = { @@ -105,9 +137,7 @@ in threads = 5; }; mailers = { - jobClasses = [ - "mailers" - ]; + jobClasses = [ "mailers" ]; threads = 5; }; }; @@ -121,12 +151,12 @@ in user = smtpCfg.email.address1; }; }; + opensearch.enable = true; caddy = { enable = true; virtualHosts = { ":80" = { extraConfig = '' - # Remove the outer http:// block wrapper handle_path /system/* { file_server * { root /var/lib/mastodon/public-system @@ -185,12 +215,18 @@ in }; }; - users.users.${serviceCfg.name}.extraGroups = [ - "postgres" - ]; - users.users.caddy.extraGroups = [ - serviceCfg.name - ]; + users.users = { + ${serviceCfg.name}.extraGroups = [ "postgres" ]; + caddy.extraGroups = [ serviceCfg.name ]; + fedifetcher = { + isSystemUser = true; + group = "fedifetcher"; + home = "/var/lib/fedifetcher"; + createHome = true; + }; + }; + + users.groups.fedifetcher = { }; networking.firewall.allowedTCPPorts = [ 22 # SSH @@ -204,21 +240,9 @@ in systemd = { services = { - mastodon-init-dirs = { - serviceConfig = { - PrivateMounts = lib.mkForce false; - }; - }; - mastodon-web = { - serviceConfig = { - PrivateMounts = lib.mkForce false; - }; - }; - mastodon-streaming-1 = { - serviceConfig = { - PrivateMounts = lib.mkForce false; - }; - }; + mastodon-init-dirs.serviceConfig.PrivateMounts = lib.mkForce false; + mastodon-web.serviceConfig.PrivateMounts = lib.mkForce false; + mastodon-streaming-1.serviceConfig.PrivateMounts = lib.mkForce false; mastodon-streaming-2.serviceConfig.PrivateMounts = lib.mkForce false; mastodon-streaming-3.serviceConfig.PrivateMounts = lib.mkForce false; mastodon-streaming-4.serviceConfig.PrivateMounts = lib.mkForce false; @@ -230,6 +254,7 @@ in mastodon-sidekiq-ingress.serviceConfig.PrivateMounts = lib.mkForce false; mastodon-sidekiq-mailers.serviceConfig.PrivateMounts = lib.mkForce false; mastodon-sidekiq-push-pull.serviceConfig.PrivateMounts = lib.mkForce false; + mastodon-copy-secrets = { description = "Copy secrets from virtiofs to local filesystem"; before = [ "mastodon-init-dirs.service" ]; @@ -246,11 +271,73 @@ in cp /run/secrets/database /etc/mastodon-secrets/database cp /run/secrets/redis /etc/mastodon-secrets/redis cp /run/secrets/smtp /etc/mastodon-secrets/smtp + cp /run/secrets/fedifetcher-token /etc/mastodon-secrets/fedifetcher-token chmod 755 /etc/mastodon-secrets chmod 644 /etc/mastodon-secrets/* ''; }; + + fedifetcher = { + description = "FediFetcher - Fetch missing posts for Mastodon"; + after = [ + "network-online.target" + "mastodon-web.service" + ]; + wants = [ "network-online.target" ]; + + serviceConfig = { + Type = "oneshot"; + User = "fedifetcher"; + Group = "fedifetcher"; + WorkingDirectory = "/var/lib/fedifetcher"; + TimeoutStartSec = "300"; + PrivateTmp = true; + NoNewPrivileges = true; + ProtectSystem = "strict"; + ProtectHome = true; + ReadWritePaths = "/var/lib/fedifetcher"; + ExecStart = + let + script = pkgs.writeShellScript "fedifetcher-run" '' + set -e + + # Wait for Mastodon to be fully ready + for i in {1..30}; do + if ${pkgs.curl}/bin/curl -sf http://localhost:80/health >/dev/null 2>&1; then + echo "Mastodon is ready" + break + fi + echo "Waiting for Mastodon to be ready... ($i/30)" + sleep 2 + done + + export ACCESS_TOKEN=$(cat /etc/mastodon-secrets/fedifetcher-token) + ${fedifetcherPython}/bin/python ${fedifetcherSrc}/find_posts.py \ + -c=${fedifetcherConfig} \ + --access-token="$ACCESS_TOKEN" + ''; + in + "${script}"; + }; + }; + + mastodon-init-db.serviceConfig.EnvironmentFile = "/var/lib/mastodon/.secrets_env"; + systemd-tmpfiles-setup.after = [ "var-lib-mastodon.mount" ]; }; + + timers.fedifetcher = { + description = "Timer for FediFetcher"; + wantedBy = [ "timers.target" ]; + + timerConfig = { + OnBootSec = "10min"; + OnUnitActiveSec = "15min"; + Unit = "fedifetcher.service"; + Persistent = true; + AccuracySec = "1min"; + }; + }; + network = { enable = true; networks."20-lan" = { @@ -268,14 +355,7 @@ in ]; }; }; - services = { - mastodon-init-db = { - serviceConfig = { - EnvironmentFile = "/var/lib/mastodon/.secrets_env"; - }; - }; - systemd-tmpfiles-setup.after = [ "var-lib-mastodon.mount" ]; - }; + tmpfiles.rules = [ "d /var/lib/mastodon 0755 mastodon mastodon -" "Z /var/lib/mastodon 0755 mastodon mastodon -" @@ -286,12 +366,15 @@ in "d /var/lib/mastodon/public-system/media_attachments 0755 mastodon mastodon -" "d /var/lib/mastodon/public-system/media_attachments/files 0755 mastodon mastodon -" "d /var/lib/mastodon/public-system/site_uploads 0755 mastodon mastodon -" + "d /var/lib/fedifetcher 0755 fedifetcher fedifetcher -" ]; }; + environment.systemPackages = [ fedifetcherPython ]; + microvm = { - vcpu = 2; - mem = 1024 * 3; + vcpu = 4; + mem = 1024 * 8; hypervisor = "qemu"; interfaces = [ { @@ -359,6 +442,7 @@ in "database" "redis" "pass" + "fedifetcher-token" ] ); };