diff --git a/ansible/main.yml b/ansible/main.yml index 92e6127..0ea8a54 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -71,6 +71,7 @@ - minio - ntfy - baby_buddy + - bsky - hosts: ingress roles: diff --git a/ansible/roles/bsky/files/docker-compose.yml b/ansible/roles/bsky/files/docker-compose.yml new file mode 100644 index 0000000..db921b4 --- /dev/null +++ b/ansible/roles/bsky/files/docker-compose.yml @@ -0,0 +1,19 @@ +services: + pds: + image: ghcr.io/bluesky-social/pds:latest + user: "{{ docker_user.id }}" + restart: unless-stopped + env_file: + - /opt/bsky/pds.env + labels: + - traefik.enable=true + - traefik.http.routers.bsky.rule=Host(`bsky.theorangeone.net`) + volumes: + - "{{ app_data_dir }}/bsky:/pds" + networks: + - default + - traefik + +networks: + traefik: + external: true diff --git a/ansible/roles/bsky/files/pds.env b/ansible/roles/bsky/files/pds.env new file mode 100644 index 0000000..349051d --- /dev/null +++ b/ansible/roles/bsky/files/pds.env @@ -0,0 +1,17 @@ +TZ={{ timezone }} +PDS_HOSTNAME=bsky.theorangeone.net +PDS_JWT_SECRET={{ vault_jwt_secret }} +PDS_ADMIN_PASSWORD={{ vault_admin_password }} +PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX={{ vault_plc_rotation_private_key }} +PDS_DATA_DIRECTORY=/pds +PDS_BLOBSTORE_DISK_LOCATION=/pds/blocks +PDS_BLOB_UPLOAD_LIMIT=52428800 +PDS_DID_PLC_URL=https://plc.directory +PDS_BSKY_APP_VIEW_URL=https://api.bsky.app +PDS_BSKY_APP_VIEW_DID=did:web:api.bsky.app +PDS_REPORT_SERVICE_URL=https://mod.bsky.app +PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac +PDS_CRAWLERS=https://bsky.network +LOG_ENABLED=false +PDS_EMAIL_SMTP_URL={{ vault_smtp_url }} +PDS_EMAIL_FROM_ADDRESS={{ vault_smtp_from_address }} diff --git a/ansible/roles/bsky/handlers/main.yml b/ansible/roles/bsky/handlers/main.yml new file mode 100644 index 0000000..3af44ec --- /dev/null +++ b/ansible/roles/bsky/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart bsky + shell: + chdir: /opt/bsky + cmd: "{{ docker_update_command }}" diff --git a/ansible/roles/bsky/tasks/main.yml b/ansible/roles/bsky/tasks/main.yml new file mode 100644 index 0000000..43de915 --- /dev/null +++ b/ansible/roles/bsky/tasks/main.yml @@ -0,0 +1,26 @@ +- name: Include vault + include_vars: vault.yml + +- name: Create install directory + file: + path: /opt/bsky + state: directory + owner: "{{ docker_user.name }}" + mode: "{{ docker_compose_directory_mask }}" + +- name: Install environment variables + template: + src: files/pds.env + dest: /opt/bsky/pds.env + mode: "660" + owner: "{{ docker_user.name }}" + notify: restart bsky + +- name: Install compose file + template: + src: files/docker-compose.yml + dest: /opt/bsky/docker-compose.yml + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + validate: docker-compose -f %s config + notify: restart bsky diff --git a/ansible/roles/bsky/vars/vault.yml b/ansible/roles/bsky/vars/vault.yml new file mode 100644 index 0000000..eaa7cde --- /dev/null +++ b/ansible/roles/bsky/vars/vault.yml @@ -0,0 +1,24 @@ +$ANSIBLE_VAULT;1.1;AES256 +35316238376465633461333439343331636238346532623336316231653664653963643331346362 +3763363363333066636166356465373233323138643961390a343232623866303961316431363534 +31653234383465356637363636363838393130396364623261353266396533326563303838643366 +6339666332326439610a666235636432616565643839663234336134343632316538353331396337 +33303836373037336533623864613966646463333161663965653663326266376234633530393530 +63303938376338613531623065316339653938666439643035663231646566643334356337343861 +65353264613465626532643935313262323766666538386239613163366536636335616562613635 +31643637333266373336323035366465636261346263666239323934616238616366383330336661 +38386536326137363531636635626232333465613031633031336330316337303237303736656639 +37313331346165363465326336663536646438363835393138646238353661303937346430303333 +39663236663530396562626133666434396132356638643563626362636563373464356636313337 +63303730656338313036313937323462326366366231363265363335636536396335323561663235 +65333666333033376334303463376666373738376361316463343836323839383735666530656135 +33316238356536663362646437633866323531353439393561626331326562663366663839393438 +35653262653262326532386431373336393737363665393030363538356262346435343333373636 +34343261623832306139623337353137646435613433346630643865333965303334393666336534 +61353035373034323864356636643930333638396564616134353536663164363932643364656162 +35366139363939663632353066373932363961656464393131373239356663303736653334336531 +35303236303065363764313432643664333532343134393965323963636664663536376632323538 +38356335383934636631643436356563636364646136333637666331363261656236346539373233 +37306330306531623464663031626337346339613630363635633161336366653638626339356662 +63383836613863646436346233376563353037373666313631393161333133633132666633663361 +326132663033396335306165333862666433 diff --git a/terraform/theorangeone.net.tf b/terraform/theorangeone.net.tf index 946bb0e..691773a 100644 --- a/terraform/theorangeone.net.tf +++ b/terraform/theorangeone.net.tf @@ -221,6 +221,22 @@ resource "cloudflare_record" "theorangeonenet_comentario" { ttl = 1 } +resource "cloudflare_record" "theorangeonenet_bsky" { + zone_id = cloudflare_zone.theorangeonenet.id + name = "bsky" + value = cloudflare_record.sys_domain_pve.hostname + type = "CNAME" + ttl = 1 +} + +resource "cloudflare_record" "theorangeonenet_atproto" { + zone_id = cloudflare_zone.theorangeonenet.id + name = "_atproto" + value = "did=did:plc:pgyg4ih7zsqkwdon34jqkbuz" + type = "TXT" + ttl = 1 +} + resource "cloudflare_record" "theorangeonenet_caa" { zone_id = cloudflare_zone.theorangeonenet.id name = "@"