init
This commit is contained in:
commit
b7c1f54fcb
6 changed files with 229 additions and 0 deletions
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
|
@ -0,0 +1,2 @@
|
|||
.env
|
||||
pds.env
|
79
Dockerfile
Normal file
79
Dockerfile
Normal file
|
@ -0,0 +1,79 @@
|
|||
################################################################################
|
||||
# adapted from https://github.com/bluesky-social/pds/blob/v0.4.74/Dockerfile
|
||||
################################################################################
|
||||
FROM node:20.11-bookworm-slim AS pds-build
|
||||
RUN npm install -g pnpm
|
||||
|
||||
RUN apt-get update
|
||||
RUN apt-get -y install unzip
|
||||
|
||||
# Download and extract the PDS archive
|
||||
WORKDIR /app
|
||||
ADD https://github.com/bluesky-social/pds/archive/refs/tags/v0.4.74.zip .
|
||||
RUN unzip v0.4.74.zip && \
|
||||
mv pds-0.4.74/service/** . && \
|
||||
mv pds-0.4.74/pdsadmin.sh .
|
||||
|
||||
RUN pnpm install --prod=true --frozen-lockfile
|
||||
|
||||
################################################################################
|
||||
# adapted from https://github.com/bluesky-social/pds/blob/v0.4.74/Dockerfile
|
||||
################################################################################
|
||||
FROM node:20.11-bookworm-slim AS pds-runtime
|
||||
|
||||
RUN apt-get update
|
||||
RUN apt-get install -y \
|
||||
dumb-init \
|
||||
ca-certificates \
|
||||
curl \
|
||||
gnupg \
|
||||
jq \
|
||||
lsb-release \
|
||||
openssl \
|
||||
sqlite3 \
|
||||
xxd
|
||||
|
||||
WORKDIR /app
|
||||
COPY --from=pds-build /app /app
|
||||
|
||||
EXPOSE 3000
|
||||
ENV PDS_PORT=3000
|
||||
ENV NODE_ENV=production
|
||||
# potential perf issues w/ io_uring on this version of node
|
||||
ENV UV_USE_IO_URING=0
|
||||
|
||||
LABEL org.opencontainers.image.source=https://github.com/bluesky-social/pds
|
||||
LABEL org.opencontainers.image.description="AT Protocol PDS"
|
||||
LABEL org.opencontainers.image.licenses=MIT
|
||||
|
||||
################################################################################
|
||||
# adapted from https://github.com/bluesky-social/pds/blob/v0.4.74/installer.sh
|
||||
################################################################################
|
||||
FROM pds-runtime
|
||||
|
||||
ENV LOG_ENABLED="true"
|
||||
ENV PDS_BLOB_UPLOAD_LIMIT="52428800"
|
||||
ENV PDS_DATADIR="/pds"
|
||||
ENV PDS_DATA_DIRECTORY="/pds"
|
||||
ENV PDS_BLOBSTORE_DISK_LOCATION="${PDS_DATADIR}/blocks"
|
||||
ENV PDS_DID_PLC_URL="https://plc.directory"
|
||||
ENV PDS_BSKY_APP_VIEW_URL="https://api.bsky.app"
|
||||
ENV PDS_BSKY_APP_VIEW_DID="did:web:api.bsky.app"
|
||||
ENV PDS_REPORT_SERVICE_URL="https://mod.bsky.app"
|
||||
ENV PDS_REPORT_SERVICE_DID="did:plc:ar7c4by46qjdydhdevvrndac"
|
||||
ENV PDS_CRAWLERS="https://bsky.network"
|
||||
|
||||
RUN mv pdsadmin.sh /usr/local/bin/pdsadmin && \
|
||||
chmod +x /usr/local/bin/pdsadmin && \
|
||||
mkdir --mode=700 --parent ${PDS_DATADIR}
|
||||
|
||||
RUN rm -rf pds-0.4.74 v0.4.74.zip && \
|
||||
apt-get clean && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
ENTRYPOINT ["dumb-init", "--"]
|
||||
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
RUN chmod +x /entrypoint.sh
|
||||
CMD ["/entrypoint.sh"]
|
||||
|
37
Makefile
Normal file
37
Makefile
Normal file
|
@ -0,0 +1,37 @@
|
|||
IMAGE_NAME=bluesky-pds
|
||||
IMAGE_TAG=0.4.74
|
||||
|
||||
export DOCKER_BUILDKIT=1
|
||||
# export BUILDKIT_PROGRESS=plain
|
||||
|
||||
.PHONY: build
|
||||
build:
|
||||
docker build --tag $(IMAGE_NAME):$(IMAGE_TAG) .
|
||||
|
||||
.PHONY: create-config
|
||||
create-config:
|
||||
@echo "PDS_JWT_SECRET=" >> pds.env
|
||||
@echo "PDS_ADMIN_PASSWORD=" >> pds.env
|
||||
@echo "PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=" >> pds.env
|
||||
@echo "PDS_HOSTNAME=" >> pds.env
|
||||
@echo "Done."
|
||||
@echo "run 'make generate' to generate secrets"
|
||||
|
||||
.PHONY: generate-secrets
|
||||
generate-secrets:
|
||||
@echo "Generating secrets..."
|
||||
$(eval GENERATE_SECURE_SECRET_CMD=openssl rand --hex 16)
|
||||
$(eval GENERATE_K256_PRIVATE_KEY_CMD=openssl ecparam --name secp256k1 --genkey --noout --outform DER | tail --bytes=+8 | head --bytes=32 | xxd --plain --cols 32)
|
||||
$(eval PDS_ADMIN_PASSWORD=$(shell ${GENERATE_SECURE_SECRET_CMD}))
|
||||
$(eval PDS_JWT_SECRET=$(shell ${GENERATE_SECURE_SECRET_CMD}))
|
||||
$(eval PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=$(shell ${GENERATE_K256_PRIVATE_KEY_CMD}))
|
||||
|
||||
@sed -i "s/^PDS_ADMIN_PASSWORD=.*/PDS_ADMIN_PASSWORD=${PDS_ADMIN_PASSWORD}/" pds.env || echo "PDS_ADMIN_PASSWORD=${PDS_ADMIN_PASSWORD}" >> pds.env
|
||||
@sed -i "s/^PDS_JWT_SECRET=.*/PDS_JWT_SECRET=${PDS_JWT_SECRET}/" pds.env || echo "PDS_JWT_SECRET=${PDS_JWT_SECRET}" >> pds.env
|
||||
@sed -i "s/^PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=.*/PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=${PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX}/" pds.env || echo "PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=${PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX}" >> pds.env
|
||||
|
||||
@echo "Done."
|
||||
|
||||
.PHONY: run
|
||||
run:
|
||||
docker compose up
|
43
README.md
Normal file
43
README.md
Normal file
|
@ -0,0 +1,43 @@
|
|||
http://localhost:3000
|
||||
|
||||
```
|
||||
This is an AT Protocol Personal Data Server (PDS): https://github.com/bluesky-social/atproto
|
||||
|
||||
Most API routes are under /xrpc/
|
||||
```
|
||||
|
||||
## Deployment
|
||||
|
||||
### Generate Config:
|
||||
|
||||
```bash
|
||||
git clone .....
|
||||
make create-config
|
||||
make generate-secrets
|
||||
# edit the pds.env file to set the FQDN
|
||||
```
|
||||
|
||||
### Deploy with Docker
|
||||
|
||||
```bash
|
||||
PDS_HOSTNAME="pds.sheltersky.org"
|
||||
docker run --rm --name bluesky-pds -p 3000:3000 -v ./pds.env:/pds/pds.env --hostname "${PDS_HOSTNAME}" --env-file ./pds.env bluesky-pds:0.4.74
|
||||
```
|
||||
|
||||
### Deploy with Docker Compose
|
||||
|
||||
```yaml
|
||||
services:
|
||||
bluesky-pds:
|
||||
hostname: ${PDS_HOSTNAME}
|
||||
image: bluesky-pds:0.4.74
|
||||
env_file: ./pds.env
|
||||
ports:
|
||||
- 3000:3000
|
||||
volumes:
|
||||
- ./pds.env:/pds/pds.env
|
||||
```
|
||||
|
||||
```bash
|
||||
docker-compose up -d
|
||||
```
|
10
docker-compose.yaml
Normal file
10
docker-compose.yaml
Normal file
|
@ -0,0 +1,10 @@
|
|||
services:
|
||||
bluesky-pds-dev:
|
||||
container_name: bluesky-pds-dev
|
||||
hostname: ${PDS_HOSTNAME}
|
||||
image: bluesky-pds:0.4.74
|
||||
env_file: .env
|
||||
ports:
|
||||
- 3000:3000
|
||||
volumes:
|
||||
- ./pds.env:/pds/pds.env
|
58
entrypoint.sh
Normal file
58
entrypoint.sh
Normal file
|
@ -0,0 +1,58 @@
|
|||
#!/bin/bash
|
||||
LOCAL_IP=$(hostname --all-ip-addresses | awk '{ print $1 }')
|
||||
PUBLIC_IP=$(curl https://ipinfo.io/ip --silent)
|
||||
HOSTNAME=$(hostname)
|
||||
|
||||
function main {
|
||||
|
||||
# pds hostname must be the same as the hostname of the container
|
||||
if [[ "${PDS_HOSTNAME}" != "${HOSTNAME}" ]]; then
|
||||
echo "PDS_HOSTNAME must be the same as the hostname of the container"
|
||||
echo "Set the hostname for the container before running."
|
||||
echo "Current hostname: ${HOSTNAME}"
|
||||
echo "PDS_HOSTNAME: ${PDS_HOSTNAME}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -z "${PDS_HOSTNAME}" ]]; then
|
||||
echo "No public DNS address specified"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -z "${PDS_JWT_SECRET}" ]]; then
|
||||
echo "PDS_JWT_SECRET not specified"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -z "${PDS_ADMIN_PASSWORD}" ]]; then
|
||||
echo "PDS_ADMIN_PASSWORD not specified"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -z "${PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX}" ]]; then
|
||||
echo "PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX not specified"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cat <<STARTED_MESSAGE
|
||||
========================================================================
|
||||
PDS Started
|
||||
------------------------------------------------------------------------
|
||||
|
||||
Hostname : ${PDS_HOSTNAME}
|
||||
: http://${PDS_HOSTNAME}:3000/xrpc/_health
|
||||
|
||||
Local IP : ${LOCAL_IP}
|
||||
: http://${LOCAL_IP}:3000/xrpc/_health
|
||||
|
||||
Public IP : ${PUBLIC_IP}
|
||||
: http://${PUBLIC_IP}:3000/xrpc/_health
|
||||
|
||||
========================================================================
|
||||
STARTED_MESSAGE
|
||||
|
||||
node --enable-source-maps index.js
|
||||
|
||||
}
|
||||
|
||||
main
|
Loading…
Reference in a new issue