init

.gitignore

@@ -0,0 +1,2 @@
+.env
+pds.env

Dockerfile

@@ -0,0 +1,79 @@
+################################################################################
+# adapted from https://github.com/bluesky-social/pds/blob/v0.4.74/Dockerfile
+################################################################################
+FROM node:20.11-bookworm-slim AS pds-build
+RUN npm install -g pnpm
+
+RUN apt-get update
+RUN apt-get -y install unzip
+
+# Download and extract the PDS archive
+WORKDIR /app
+ADD https://github.com/bluesky-social/pds/archive/refs/tags/v0.4.74.zip .
+RUN unzip v0.4.74.zip && \
+    mv pds-0.4.74/service/** . && \
+    mv pds-0.4.74/pdsadmin.sh .
+
+RUN pnpm install --prod=true --frozen-lockfile
+
+################################################################################
+# adapted from https://github.com/bluesky-social/pds/blob/v0.4.74/Dockerfile
+################################################################################
+FROM node:20.11-bookworm-slim AS pds-runtime
+
+RUN apt-get update
+RUN apt-get install -y \
+    dumb-init \
+    ca-certificates \
+    curl \
+    gnupg \
+    jq \
+    lsb-release \
+    openssl \
+    sqlite3 \
+    xxd
+
+WORKDIR /app
+COPY --from=pds-build /app /app
+
+EXPOSE 3000
+ENV PDS_PORT=3000
+ENV NODE_ENV=production
+# potential perf issues w/ io_uring on this version of node
+ENV UV_USE_IO_URING=0
+
+LABEL org.opencontainers.image.source=https://github.com/bluesky-social/pds
+LABEL org.opencontainers.image.description="AT Protocol PDS"
+LABEL org.opencontainers.image.licenses=MIT
+
+################################################################################
+# adapted from https://github.com/bluesky-social/pds/blob/v0.4.74/installer.sh
+################################################################################
+FROM pds-runtime
+
+ENV LOG_ENABLED="true"
+ENV PDS_BLOB_UPLOAD_LIMIT="52428800"
+ENV PDS_DATADIR="/pds"
+ENV PDS_DATA_DIRECTORY="/pds"
+ENV PDS_BLOBSTORE_DISK_LOCATION="${PDS_DATADIR}/blocks"
+ENV PDS_DID_PLC_URL="https://plc.directory"
+ENV PDS_BSKY_APP_VIEW_URL="https://api.bsky.app"
+ENV PDS_BSKY_APP_VIEW_DID="did:web:api.bsky.app"
+ENV PDS_REPORT_SERVICE_URL="https://mod.bsky.app"
+ENV PDS_REPORT_SERVICE_DID="did:plc:ar7c4by46qjdydhdevvrndac"
+ENV PDS_CRAWLERS="https://bsky.network"
+
+RUN mv pdsadmin.sh /usr/local/bin/pdsadmin && \
+    chmod +x /usr/local/bin/pdsadmin && \
+    mkdir --mode=700 --parent ${PDS_DATADIR}
+
+RUN rm -rf pds-0.4.74 v0.4.74.zip && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+ENTRYPOINT ["dumb-init", "--"]
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+CMD ["/entrypoint.sh"]
+

Makefile

@@ -0,0 +1,37 @@
+IMAGE_NAME=bluesky-pds
+IMAGE_TAG=0.4.74
+
+export DOCKER_BUILDKIT=1
+# export BUILDKIT_PROGRESS=plain
+
+.PHONY: build
+build:
+	docker build --tag $(IMAGE_NAME):$(IMAGE_TAG) .
+
+.PHONY: create-config
+create-config:
+	@echo "PDS_JWT_SECRET=" >> pds.env
+	@echo "PDS_ADMIN_PASSWORD=" >> pds.env
+	@echo "PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=" >> pds.env
+	@echo "PDS_HOSTNAME=" >> pds.env
+	@echo "Done."
+	@echo "run 'make generate' to generate secrets"
+
+.PHONY: generate-secrets
+generate-secrets:
+	@echo "Generating secrets..."
+	$(eval GENERATE_SECURE_SECRET_CMD=openssl rand --hex 16)
+	$(eval GENERATE_K256_PRIVATE_KEY_CMD=openssl ecparam --name secp256k1 --genkey --noout --outform DER | tail --bytes=+8 | head --bytes=32 | xxd --plain --cols 32)
+	$(eval PDS_ADMIN_PASSWORD=$(shell ${GENERATE_SECURE_SECRET_CMD}))
+	$(eval PDS_JWT_SECRET=$(shell ${GENERATE_SECURE_SECRET_CMD}))
+	$(eval PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=$(shell ${GENERATE_K256_PRIVATE_KEY_CMD}))
+
+	@sed -i "s/^PDS_ADMIN_PASSWORD=.*/PDS_ADMIN_PASSWORD=${PDS_ADMIN_PASSWORD}/" pds.env || echo "PDS_ADMIN_PASSWORD=${PDS_ADMIN_PASSWORD}" >> pds.env
+	@sed -i "s/^PDS_JWT_SECRET=.*/PDS_JWT_SECRET=${PDS_JWT_SECRET}/" pds.env || echo "PDS_JWT_SECRET=${PDS_JWT_SECRET}" >> pds.env
+	@sed -i "s/^PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=.*/PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=${PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX}/" pds.env || echo "PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=${PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX}" >> pds.env
+
+	@echo "Done."
+
+.PHONY: run
+run:
+	docker compose up

README.md

@@ -0,0 +1,43 @@
+http://localhost:3000
+
+```
+This is an AT Protocol Personal Data Server (PDS): https://github.com/bluesky-social/atproto
+
+Most API routes are under /xrpc/
+```
+
+## Deployment
+
+### Generate Config:
+
+```bash
+git clone .....
+make create-config
+make generate-secrets
+# edit the pds.env file to set the FQDN
+```
+
+### Deploy with Docker
+
+```bash
+PDS_HOSTNAME="pds.sheltersky.org"
+docker run --rm --name bluesky-pds -p 3000:3000 -v ./pds.env:/pds/pds.env --hostname "${PDS_HOSTNAME}" --env-file ./pds.env bluesky-pds:0.4.74
+```
+
+### Deploy with Docker Compose
+
+```yaml
+services:
+  bluesky-pds:
+    hostname: ${PDS_HOSTNAME}
+    image: bluesky-pds:0.4.74
+    env_file: ./pds.env
+    ports:
+      - 3000:3000
+    volumes:
+      - ./pds.env:/pds/pds.env
+```
+
+```bash
+docker-compose up -d
+```

docker-compose.yaml

@@ -0,0 +1,10 @@
+services:
+  bluesky-pds-dev:
+    container_name: bluesky-pds-dev
+    hostname: ${PDS_HOSTNAME}
+    image: bluesky-pds:0.4.74
+    env_file: .env
+    ports:
+      - 3000:3000
+    volumes:
+      - ./pds.env:/pds/pds.env

entrypoint.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+LOCAL_IP=$(hostname --all-ip-addresses | awk '{ print $1 }')
+PUBLIC_IP=$(curl https://ipinfo.io/ip --silent)
+HOSTNAME=$(hostname)
+
+function main {
+
+    # pds hostname must be the same as the hostname of the container
+    if [[ "${PDS_HOSTNAME}" != "${HOSTNAME}" ]]; then
+        echo "PDS_HOSTNAME must be the same as the hostname of the container"
+        echo "Set the hostname for the container before running."
+        echo "Current hostname: ${HOSTNAME}"
+        echo "PDS_HOSTNAME: ${PDS_HOSTNAME}"
+        exit 1
+    fi
+
+    if [[ -z "${PDS_HOSTNAME}" ]]; then
+        echo "No public DNS address specified"
+        exit 1
+    fi
+
+    if [[ -z "${PDS_JWT_SECRET}" ]]; then
+        echo "PDS_JWT_SECRET not specified"
+        exit 1
+    fi
+
+    if [[ -z "${PDS_ADMIN_PASSWORD}" ]]; then
+        echo "PDS_ADMIN_PASSWORD not specified"
+        exit 1
+    fi
+
+    if [[ -z "${PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX}" ]]; then
+        echo "PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX not specified"
+        exit 1
+    fi
+
+    cat <<STARTED_MESSAGE
+========================================================================
+PDS Started
+------------------------------------------------------------------------
+
+Hostname                  : ${PDS_HOSTNAME}
+                          : http://${PDS_HOSTNAME}:3000/xrpc/_health
+
+Local IP                  : ${LOCAL_IP}
+                          : http://${LOCAL_IP}:3000/xrpc/_health
+
+Public IP                 : ${PUBLIC_IP}
+                          : http://${PUBLIC_IP}:3000/xrpc/_health
+
+========================================================================
+STARTED_MESSAGE
+
+    node --enable-source-maps index.js
+
+}
+
+main