commit b7c1f54fcb058061a8bdf358c15aa5c2ad54493e Author: Nathan Price Date: Sun Dec 1 19:15:39 2024 -0500 init diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..aa285ee --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.env +pds.env diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..434a27c --- /dev/null +++ b/Dockerfile @@ -0,0 +1,79 @@ +################################################################################ +# adapted from https://github.com/bluesky-social/pds/blob/v0.4.74/Dockerfile +################################################################################ +FROM node:20.11-bookworm-slim AS pds-build +RUN npm install -g pnpm + +RUN apt-get update +RUN apt-get -y install unzip + +# Download and extract the PDS archive +WORKDIR /app +ADD https://github.com/bluesky-social/pds/archive/refs/tags/v0.4.74.zip . +RUN unzip v0.4.74.zip && \ + mv pds-0.4.74/service/** . && \ + mv pds-0.4.74/pdsadmin.sh . + +RUN pnpm install --prod=true --frozen-lockfile + +################################################################################ +# adapted from https://github.com/bluesky-social/pds/blob/v0.4.74/Dockerfile +################################################################################ +FROM node:20.11-bookworm-slim AS pds-runtime + +RUN apt-get update +RUN apt-get install -y \ + dumb-init \ + ca-certificates \ + curl \ + gnupg \ + jq \ + lsb-release \ + openssl \ + sqlite3 \ + xxd + +WORKDIR /app +COPY --from=pds-build /app /app + +EXPOSE 3000 +ENV PDS_PORT=3000 +ENV NODE_ENV=production +# potential perf issues w/ io_uring on this version of node +ENV UV_USE_IO_URING=0 + +LABEL org.opencontainers.image.source=https://github.com/bluesky-social/pds +LABEL org.opencontainers.image.description="AT Protocol PDS" +LABEL org.opencontainers.image.licenses=MIT + +################################################################################ +# adapted from https://github.com/bluesky-social/pds/blob/v0.4.74/installer.sh +################################################################################ +FROM pds-runtime + +ENV LOG_ENABLED="true" +ENV PDS_BLOB_UPLOAD_LIMIT="52428800" +ENV PDS_DATADIR="/pds" +ENV PDS_DATA_DIRECTORY="/pds" +ENV PDS_BLOBSTORE_DISK_LOCATION="${PDS_DATADIR}/blocks" +ENV PDS_DID_PLC_URL="https://plc.directory" +ENV PDS_BSKY_APP_VIEW_URL="https://api.bsky.app" +ENV PDS_BSKY_APP_VIEW_DID="did:web:api.bsky.app" +ENV PDS_REPORT_SERVICE_URL="https://mod.bsky.app" +ENV PDS_REPORT_SERVICE_DID="did:plc:ar7c4by46qjdydhdevvrndac" +ENV PDS_CRAWLERS="https://bsky.network" + +RUN mv pdsadmin.sh /usr/local/bin/pdsadmin && \ + chmod +x /usr/local/bin/pdsadmin && \ + mkdir --mode=700 --parent ${PDS_DATADIR} + +RUN rm -rf pds-0.4.74 v0.4.74.zip && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +ENTRYPOINT ["dumb-init", "--"] + +COPY entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh +CMD ["/entrypoint.sh"] + diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..2d6f6b8 --- /dev/null +++ b/Makefile @@ -0,0 +1,37 @@ +IMAGE_NAME=bluesky-pds +IMAGE_TAG=0.4.74 + +export DOCKER_BUILDKIT=1 +# export BUILDKIT_PROGRESS=plain + +.PHONY: build +build: + docker build --tag $(IMAGE_NAME):$(IMAGE_TAG) . + +.PHONY: create-config +create-config: + @echo "PDS_JWT_SECRET=" >> pds.env + @echo "PDS_ADMIN_PASSWORD=" >> pds.env + @echo "PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=" >> pds.env + @echo "PDS_HOSTNAME=" >> pds.env + @echo "Done." + @echo "run 'make generate' to generate secrets" + +.PHONY: generate-secrets +generate-secrets: + @echo "Generating secrets..." + $(eval GENERATE_SECURE_SECRET_CMD=openssl rand --hex 16) + $(eval GENERATE_K256_PRIVATE_KEY_CMD=openssl ecparam --name secp256k1 --genkey --noout --outform DER | tail --bytes=+8 | head --bytes=32 | xxd --plain --cols 32) + $(eval PDS_ADMIN_PASSWORD=$(shell ${GENERATE_SECURE_SECRET_CMD})) + $(eval PDS_JWT_SECRET=$(shell ${GENERATE_SECURE_SECRET_CMD})) + $(eval PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=$(shell ${GENERATE_K256_PRIVATE_KEY_CMD})) + + @sed -i "s/^PDS_ADMIN_PASSWORD=.*/PDS_ADMIN_PASSWORD=${PDS_ADMIN_PASSWORD}/" pds.env || echo "PDS_ADMIN_PASSWORD=${PDS_ADMIN_PASSWORD}" >> pds.env + @sed -i "s/^PDS_JWT_SECRET=.*/PDS_JWT_SECRET=${PDS_JWT_SECRET}/" pds.env || echo "PDS_JWT_SECRET=${PDS_JWT_SECRET}" >> pds.env + @sed -i "s/^PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=.*/PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=${PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX}/" pds.env || echo "PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=${PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX}" >> pds.env + + @echo "Done." + +.PHONY: run +run: + docker compose up \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..5190ad5 --- /dev/null +++ b/README.md @@ -0,0 +1,43 @@ +http://localhost:3000 + +``` +This is an AT Protocol Personal Data Server (PDS): https://github.com/bluesky-social/atproto + +Most API routes are under /xrpc/ +``` + +## Deployment + +### Generate Config: + +```bash +git clone ..... +make create-config +make generate-secrets +# edit the pds.env file to set the FQDN +``` + +### Deploy with Docker + +```bash +PDS_HOSTNAME="pds.sheltersky.org" +docker run --rm --name bluesky-pds -p 3000:3000 -v ./pds.env:/pds/pds.env --hostname "${PDS_HOSTNAME}" --env-file ./pds.env bluesky-pds:0.4.74 +``` + +### Deploy with Docker Compose + +```yaml +services: + bluesky-pds: + hostname: ${PDS_HOSTNAME} + image: bluesky-pds:0.4.74 + env_file: ./pds.env + ports: + - 3000:3000 + volumes: + - ./pds.env:/pds/pds.env +``` + +```bash +docker-compose up -d +``` diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..ca04d73 --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,10 @@ +services: + bluesky-pds-dev: + container_name: bluesky-pds-dev + hostname: ${PDS_HOSTNAME} + image: bluesky-pds:0.4.74 + env_file: .env + ports: + - 3000:3000 + volumes: + - ./pds.env:/pds/pds.env diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..b92d525 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,58 @@ +#!/bin/bash +LOCAL_IP=$(hostname --all-ip-addresses | awk '{ print $1 }') +PUBLIC_IP=$(curl https://ipinfo.io/ip --silent) +HOSTNAME=$(hostname) + +function main { + + # pds hostname must be the same as the hostname of the container + if [[ "${PDS_HOSTNAME}" != "${HOSTNAME}" ]]; then + echo "PDS_HOSTNAME must be the same as the hostname of the container" + echo "Set the hostname for the container before running." + echo "Current hostname: ${HOSTNAME}" + echo "PDS_HOSTNAME: ${PDS_HOSTNAME}" + exit 1 + fi + + if [[ -z "${PDS_HOSTNAME}" ]]; then + echo "No public DNS address specified" + exit 1 + fi + + if [[ -z "${PDS_JWT_SECRET}" ]]; then + echo "PDS_JWT_SECRET not specified" + exit 1 + fi + + if [[ -z "${PDS_ADMIN_PASSWORD}" ]]; then + echo "PDS_ADMIN_PASSWORD not specified" + exit 1 + fi + + if [[ -z "${PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX}" ]]; then + echo "PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX not specified" + exit 1 + fi + + cat <