Deploy bluesky PDS

ansible/main.yml

@@ -71,6 +71,7 @@
     - minio
     - ntfy
     - baby_buddy
+    - bsky
 
 - hosts: ingress
   roles:

ansible/roles/bsky/files/docker-compose.yml

@@ -0,0 +1,19 @@
+services:
+  pds:
+    image: ghcr.io/bluesky-social/pds:latest
+    user: "{{ docker_user.id }}"
+    restart: unless-stopped
+    env_file:
+      - /opt/bsky/pds.env
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.bsky.rule=Host(`bsky.theorangeone.net`)
+    volumes:
+      - "{{ app_data_dir }}/bsky:/pds"
+    networks:
+      - default
+      - traefik
+
+networks:
+  traefik:
+    external: true

ansible/roles/bsky/files/pds.env

@@ -0,0 +1,17 @@
+TZ={{ timezone }}
+PDS_HOSTNAME=bsky.theorangeone.net
+PDS_JWT_SECRET={{ vault_jwt_secret }}
+PDS_ADMIN_PASSWORD={{ vault_admin_password }}
+PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX={{ vault_plc_rotation_private_key }}
+PDS_DATA_DIRECTORY=/pds
+PDS_BLOBSTORE_DISK_LOCATION=/pds/blocks
+PDS_BLOB_UPLOAD_LIMIT=52428800
+PDS_DID_PLC_URL=https://plc.directory
+PDS_BSKY_APP_VIEW_URL=https://api.bsky.app
+PDS_BSKY_APP_VIEW_DID=did:web:api.bsky.app
+PDS_REPORT_SERVICE_URL=https://mod.bsky.app
+PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac
+PDS_CRAWLERS=https://bsky.network
+LOG_ENABLED=false
+PDS_EMAIL_SMTP_URL={{ vault_smtp_url }}
+PDS_EMAIL_FROM_ADDRESS={{ vault_smtp_from_address }}

ansible/roles/bsky/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart bsky
+  shell:
+    chdir: /opt/bsky
+    cmd: "{{ docker_update_command }}"

ansible/roles/bsky/tasks/main.yml

@@ -0,0 +1,26 @@
+- name: Include vault
+  include_vars: vault.yml
+
+- name: Create install directory
+  file:
+    path: /opt/bsky
+    state: directory
+    owner: "{{ docker_user.name }}"
+    mode: "{{ docker_compose_directory_mask }}"
+
+- name: Install environment variables
+  template:
+    src: files/pds.env
+    dest: /opt/bsky/pds.env
+    mode: "660"
+    owner: "{{ docker_user.name }}"
+  notify: restart bsky
+
+- name: Install compose file
+  template:
+    src: files/docker-compose.yml
+    dest: /opt/bsky/docker-compose.yml
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+    validate: docker-compose -f %s config
+  notify: restart bsky

ansible/roles/bsky/vars/vault.yml

@@ -0,0 +1,24 @@
+$ANSIBLE_VAULT;1.1;AES256
+35316238376465633461333439343331636238346532623336316231653664653963643331346362
+3763363363333066636166356465373233323138643961390a343232623866303961316431363534
+31653234383465356637363636363838393130396364623261353266396533326563303838643366
+6339666332326439610a666235636432616565643839663234336134343632316538353331396337
+33303836373037336533623864613966646463333161663965653663326266376234633530393530
+63303938376338613531623065316339653938666439643035663231646566643334356337343861
+65353264613465626532643935313262323766666538386239613163366536636335616562613635
+31643637333266373336323035366465636261346263666239323934616238616366383330336661
+38386536326137363531636635626232333465613031633031336330316337303237303736656639
+37313331346165363465326336663536646438363835393138646238353661303937346430303333
+39663236663530396562626133666434396132356638643563626362636563373464356636313337
+63303730656338313036313937323462326366366231363265363335636536396335323561663235
+65333666333033376334303463376666373738376361316463343836323839383735666530656135
+33316238356536663362646437633866323531353439393561626331326562663366663839393438
+35653262653262326532386431373336393737363665393030363538356262346435343333373636
+34343261623832306139623337353137646435613433346630643865333965303334393666336534
+61353035373034323864356636643930333638396564616134353536663164363932643364656162
+35366139363939663632353066373932363961656464393131373239356663303736653334336531
+35303236303065363764313432643664333532343134393965323963636664663536376632323538
+38356335383934636631643436356563636364646136333637666331363261656236346539373233
+37306330306531623464663031626337346339613630363635633161336366653638626339356662
+63383836613863646436346233376563353037373666313631393161333133633132666633663361
+326132663033396335306165333862666433

terraform/theorangeone.net.tf

@@ -221,6 +221,22 @@ resource "cloudflare_record" "theorangeonenet_comentario" {
   ttl     = 1
 }
 
+resource "cloudflare_record" "theorangeonenet_bsky" {
+  zone_id = cloudflare_zone.theorangeonenet.id
+  name    = "bsky"
+  value   = cloudflare_record.sys_domain_pve.hostname
+  type    = "CNAME"
+  ttl     = 1
+}
+
+resource "cloudflare_record" "theorangeonenet_atproto" {
+  zone_id = cloudflare_zone.theorangeonenet.id
+  name    = "_atproto"
+  value   = "did=did:plc:pgyg4ih7zsqkwdon34jqkbuz"
+  type    = "TXT"
+  ttl     = 1
+}
+
 resource "cloudflare_record" "theorangeonenet_caa" {
   zone_id = cloudflare_zone.theorangeonenet.id
   name    = "@"