Configure fedifetcher for mastodon

config/hosts/mastodon/containers/fedifetcher/default.nix

@@ -0,0 +1,23 @@
+{ nixpkgs-unstable, ... }:
+{
+  containers.fedifetcher = {
+    nixpkgs = nixpkgs-unstable;
+    autoStart = true;
+
+    bindMounts = {
+      "/secrets" = {
+        hostPath = "/secrets-fedifetcher";
+        isReadOnly = true;
+      };
+    };
+
+    config = { ... }: {
+      imports = [
+        ./fedifetcher.nix
+      ];
+
+      networking.useHostResolvConf = true;
+      system.stateVersion = "24.05";
+    };
+  };
+}

config/hosts/mastodon/containers/fedifetcher/fedifetcher.nix

@@ -0,0 +1,42 @@
+{ pkgs, lib, ... }:
+{
+  # config copied from https://github.com/arachnist/nibylandia/blob/main/nixos/zorigami/default.nix
+  systemd.services.fedifetcher = {
+    path = [ pkgs.fedifetcher ];
+    description = "fetch fedi posts";
+    script = ''
+      fedifetcher
+    '';
+    environment = lib.mapAttrs' (n: v:
+      (lib.nameValuePair ("ff_" + builtins.replaceStrings [ "-" ] [ "_" ] n)
+        (builtins.toString v))) {
+          server = "social.nekover.se";
+          state-dir = "/var/lib/fedifetcher";
+          lock-file = "/run/fedifetcher/fedifetcher.lock";
+          from-lists = 1;
+          from-notifications = 1;
+          max-bookmarks = 80;
+          max-favourites = 40;
+          max-follow-requests = 80;
+          max-followers = 80;
+          max-followings = 80;
+          remember-hosts-for-days = 30;
+          remember-users-for-hours = 168;
+          reply-interval-in-hours = 2;
+        };
+    serviceConfig = {
+      DynamicUser = true;
+      User = "fedifetcher";
+      RuntimeDirectory = "fedifetcher";
+      RuntimeDirectoryPreserve = true;
+      StateDirectory = "fedifetcher";
+      UMask = "0077";
+      EnvironmentFile = [ "/secrets/mastodon-fedifetcher-access-token.secret" ];
+    };
+  };
+
+  systemd.timers.fedifetcher = {
+    wantedBy = [ "multi-user.target" ];
+    timerConfig = { OnCalendar = "*:0/5"; };
+  };
+}

config/hosts/mastodon/default.nix

@@ -5,5 +5,6 @@
     ./mastodon.nix
     ./opensearch.nix
     ./nginx.nix
+    ./containers/fedifetcher
   ];
 }

config/hosts/mastodon/secrets.nix

@@ -65,5 +65,13 @@
       permissions = "0640";
       uploadAt = "pre-activation";
     };
+    "mastodon-fedifetcher-access-token.secret" = {
+      keyCommand = keyCommandEnv ++ [ "pass" "mastodon/fedifetcher-access-token" ];
+      destDir = "/secrets-fedifetcher";
+      user = "root";
+      group = "root";
+      permissions = "0640";
+      uploadAt = "pre-activation";
+    };
   };
 }