This commit is contained in:
Nathan Price 2024-12-01 19:15:39 -05:00
commit b7c1f54fcb
Signed by: gravityfargo
SSH key fingerprint: SHA256:bjq+uA1U+9bFMd70q2wdNtwaYxGv84IBXalnYvZDKmg
6 changed files with 229 additions and 0 deletions

2
.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
.env
pds.env

79
Dockerfile Normal file
View file

@ -0,0 +1,79 @@
################################################################################
# adapted from https://github.com/bluesky-social/pds/blob/v0.4.74/Dockerfile
################################################################################
FROM node:20.11-bookworm-slim AS pds-build
RUN npm install -g pnpm
RUN apt-get update
RUN apt-get -y install unzip
# Download and extract the PDS archive
WORKDIR /app
ADD https://github.com/bluesky-social/pds/archive/refs/tags/v0.4.74.zip .
RUN unzip v0.4.74.zip && \
mv pds-0.4.74/service/** . && \
mv pds-0.4.74/pdsadmin.sh .
RUN pnpm install --prod=true --frozen-lockfile
################################################################################
# adapted from https://github.com/bluesky-social/pds/blob/v0.4.74/Dockerfile
################################################################################
FROM node:20.11-bookworm-slim AS pds-runtime
RUN apt-get update
RUN apt-get install -y \
dumb-init \
ca-certificates \
curl \
gnupg \
jq \
lsb-release \
openssl \
sqlite3 \
xxd
WORKDIR /app
COPY --from=pds-build /app /app
EXPOSE 3000
ENV PDS_PORT=3000
ENV NODE_ENV=production
# potential perf issues w/ io_uring on this version of node
ENV UV_USE_IO_URING=0
LABEL org.opencontainers.image.source=https://github.com/bluesky-social/pds
LABEL org.opencontainers.image.description="AT Protocol PDS"
LABEL org.opencontainers.image.licenses=MIT
################################################################################
# adapted from https://github.com/bluesky-social/pds/blob/v0.4.74/installer.sh
################################################################################
FROM pds-runtime
ENV LOG_ENABLED="true"
ENV PDS_BLOB_UPLOAD_LIMIT="52428800"
ENV PDS_DATADIR="/pds"
ENV PDS_DATA_DIRECTORY="/pds"
ENV PDS_BLOBSTORE_DISK_LOCATION="${PDS_DATADIR}/blocks"
ENV PDS_DID_PLC_URL="https://plc.directory"
ENV PDS_BSKY_APP_VIEW_URL="https://api.bsky.app"
ENV PDS_BSKY_APP_VIEW_DID="did:web:api.bsky.app"
ENV PDS_REPORT_SERVICE_URL="https://mod.bsky.app"
ENV PDS_REPORT_SERVICE_DID="did:plc:ar7c4by46qjdydhdevvrndac"
ENV PDS_CRAWLERS="https://bsky.network"
RUN mv pdsadmin.sh /usr/local/bin/pdsadmin && \
chmod +x /usr/local/bin/pdsadmin && \
mkdir --mode=700 --parent ${PDS_DATADIR}
RUN rm -rf pds-0.4.74 v0.4.74.zip && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
ENTRYPOINT ["dumb-init", "--"]
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
CMD ["/entrypoint.sh"]

37
Makefile Normal file
View file

@ -0,0 +1,37 @@
IMAGE_NAME=bluesky-pds
IMAGE_TAG=0.4.74
export DOCKER_BUILDKIT=1
# export BUILDKIT_PROGRESS=plain
.PHONY: build
build:
docker build --tag $(IMAGE_NAME):$(IMAGE_TAG) .
.PHONY: create-config
create-config:
@echo "PDS_JWT_SECRET=" >> pds.env
@echo "PDS_ADMIN_PASSWORD=" >> pds.env
@echo "PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=" >> pds.env
@echo "PDS_HOSTNAME=" >> pds.env
@echo "Done."
@echo "run 'make generate' to generate secrets"
.PHONY: generate-secrets
generate-secrets:
@echo "Generating secrets..."
$(eval GENERATE_SECURE_SECRET_CMD=openssl rand --hex 16)
$(eval GENERATE_K256_PRIVATE_KEY_CMD=openssl ecparam --name secp256k1 --genkey --noout --outform DER | tail --bytes=+8 | head --bytes=32 | xxd --plain --cols 32)
$(eval PDS_ADMIN_PASSWORD=$(shell ${GENERATE_SECURE_SECRET_CMD}))
$(eval PDS_JWT_SECRET=$(shell ${GENERATE_SECURE_SECRET_CMD}))
$(eval PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=$(shell ${GENERATE_K256_PRIVATE_KEY_CMD}))
@sed -i "s/^PDS_ADMIN_PASSWORD=.*/PDS_ADMIN_PASSWORD=${PDS_ADMIN_PASSWORD}/" pds.env || echo "PDS_ADMIN_PASSWORD=${PDS_ADMIN_PASSWORD}" >> pds.env
@sed -i "s/^PDS_JWT_SECRET=.*/PDS_JWT_SECRET=${PDS_JWT_SECRET}/" pds.env || echo "PDS_JWT_SECRET=${PDS_JWT_SECRET}" >> pds.env
@sed -i "s/^PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=.*/PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=${PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX}/" pds.env || echo "PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=${PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX}" >> pds.env
@echo "Done."
.PHONY: run
run:
docker compose up

43
README.md Normal file
View file

@ -0,0 +1,43 @@
http://localhost:3000
```
This is an AT Protocol Personal Data Server (PDS): https://github.com/bluesky-social/atproto
Most API routes are under /xrpc/
```
## Deployment
### Generate Config:
```bash
git clone .....
make create-config
make generate-secrets
# edit the pds.env file to set the FQDN
```
### Deploy with Docker
```bash
PDS_HOSTNAME="pds.sheltersky.org"
docker run --rm --name bluesky-pds -p 3000:3000 -v ./pds.env:/pds/pds.env --hostname "${PDS_HOSTNAME}" --env-file ./pds.env bluesky-pds:0.4.74
```
### Deploy with Docker Compose
```yaml
services:
bluesky-pds:
hostname: ${PDS_HOSTNAME}
image: bluesky-pds:0.4.74
env_file: ./pds.env
ports:
- 3000:3000
volumes:
- ./pds.env:/pds/pds.env
```
```bash
docker-compose up -d
```

10
docker-compose.yaml Normal file
View file

@ -0,0 +1,10 @@
services:
bluesky-pds-dev:
container_name: bluesky-pds-dev
hostname: ${PDS_HOSTNAME}
image: bluesky-pds:0.4.74
env_file: .env
ports:
- 3000:3000
volumes:
- ./pds.env:/pds/pds.env

58
entrypoint.sh Normal file
View file

@ -0,0 +1,58 @@
#!/bin/bash
LOCAL_IP=$(hostname --all-ip-addresses | awk '{ print $1 }')
PUBLIC_IP=$(curl https://ipinfo.io/ip --silent)
HOSTNAME=$(hostname)
function main {
# pds hostname must be the same as the hostname of the container
if [[ "${PDS_HOSTNAME}" != "${HOSTNAME}" ]]; then
echo "PDS_HOSTNAME must be the same as the hostname of the container"
echo "Set the hostname for the container before running."
echo "Current hostname: ${HOSTNAME}"
echo "PDS_HOSTNAME: ${PDS_HOSTNAME}"
exit 1
fi
if [[ -z "${PDS_HOSTNAME}" ]]; then
echo "No public DNS address specified"
exit 1
fi
if [[ -z "${PDS_JWT_SECRET}" ]]; then
echo "PDS_JWT_SECRET not specified"
exit 1
fi
if [[ -z "${PDS_ADMIN_PASSWORD}" ]]; then
echo "PDS_ADMIN_PASSWORD not specified"
exit 1
fi
if [[ -z "${PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX}" ]]; then
echo "PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX not specified"
exit 1
fi
cat <<STARTED_MESSAGE
========================================================================
PDS Started
------------------------------------------------------------------------
Hostname : ${PDS_HOSTNAME}
: http://${PDS_HOSTNAME}:3000/xrpc/_health
Local IP : ${LOCAL_IP}
: http://${LOCAL_IP}:3000/xrpc/_health
Public IP : ${PUBLIC_IP}
: http://${PUBLIC_IP}:3000/xrpc/_health
========================================================================
STARTED_MESSAGE
node --enable-source-maps index.js
}
main