Deploy bluesky PDS

2024-11-17 20:52:24 +00:00 · 2024-11-17 20:52:24 +00:00 · 74a10e95ea
commit 74a10e95ea
parent e1ee73e0fa
7 changed files with 107 additions and 0 deletions
--- a/ansible/main.yml
+++ b/ansible/main.yml
@ -71,6 +71,7 @@
    - minio
    - ntfy
    - baby_buddy
    - bsky
 - hosts: ingress
  roles:
--- a/ansible/roles/bsky/files/docker-compose.yml
+++ b/ansible/roles/bsky/files/docker-compose.yml
@ -0,0 +1,19 @@
 services:
  pds:
    image: ghcr.io/bluesky-social/pds:latest
    user: "{{ docker_user.id }}"
    restart: unless-stopped
    env_file:
      - /opt/bsky/pds.env
    labels:
      - traefik.enable=true
      - traefik.http.routers.bsky.rule=Host(`bsky.theorangeone.net`)
    volumes:
      - "{{ app_data_dir }}/bsky:/pds"
    networks:
      - default
      - traefik
 networks:
  traefik:
    external: true
--- a/ansible/roles/bsky/files/pds.env
+++ b/ansible/roles/bsky/files/pds.env
@ -0,0 +1,17 @@
 TZ={{ timezone }}
 PDS_HOSTNAME=bsky.theorangeone.net
 PDS_JWT_SECRET={{ vault_jwt_secret }}
 PDS_ADMIN_PASSWORD={{ vault_admin_password }}
 PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX={{ vault_plc_rotation_private_key }}
 PDS_DATA_DIRECTORY=/pds
 PDS_BLOBSTORE_DISK_LOCATION=/pds/blocks
 PDS_BLOB_UPLOAD_LIMIT=52428800
 PDS_DID_PLC_URL=https://plc.directory
 PDS_BSKY_APP_VIEW_URL=https://api.bsky.app
 PDS_BSKY_APP_VIEW_DID=did:web:api.bsky.app
 PDS_REPORT_SERVICE_URL=https://mod.bsky.app
 PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac
 PDS_CRAWLERS=https://bsky.network
 LOG_ENABLED=false
 PDS_EMAIL_SMTP_URL={{ vault_smtp_url }}
 PDS_EMAIL_FROM_ADDRESS={{ vault_smtp_from_address }}
--- a/ansible/roles/bsky/handlers/main.yml
+++ b/ansible/roles/bsky/handlers/main.yml
@ -0,0 +1,4 @@
 - name: restart bsky
  shell:
    chdir: /opt/bsky
    cmd: "{{ docker_update_command }}"
--- a/ansible/roles/bsky/tasks/main.yml
+++ b/ansible/roles/bsky/tasks/main.yml
@ -0,0 +1,26 @@
 - name: Include vault
  include_vars: vault.yml
 - name: Create install directory
  file:
    path: /opt/bsky
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
 - name: Install environment variables
  template:
    src: files/pds.env
    dest: /opt/bsky/pds.env
    mode: "660"
    owner: "{{ docker_user.name }}"
  notify: restart bsky
 - name: Install compose file
  template:
    src: files/docker-compose.yml
    dest: /opt/bsky/docker-compose.yml
    mode: "{{ docker_compose_file_mask }}"
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart bsky
--- a/ansible/roles/bsky/vars/vault.yml
+++ b/ansible/roles/bsky/vars/vault.yml
@ -0,0 +1,24 @@
 $ANSIBLE_VAULT;1.1;AES256
 35316238376465633461333439343331636238346532623336316231653664653963643331346362
 3763363363333066636166356465373233323138643961390a343232623866303961316431363534
 31653234383465356637363636363838393130396364623261353266396533326563303838643366
 6339666332326439610a666235636432616565643839663234336134343632316538353331396337
 33303836373037336533623864613966646463333161663965653663326266376234633530393530
 63303938376338613531623065316339653938666439643035663231646566643334356337343861
 65353264613465626532643935313262323766666538386239613163366536636335616562613635
 31643637333266373336323035366465636261346263666239323934616238616366383330336661
 38386536326137363531636635626232333465613031633031336330316337303237303736656639
 37313331346165363465326336663536646438363835393138646238353661303937346430303333
 39663236663530396562626133666434396132356638643563626362636563373464356636313337
 63303730656338313036313937323462326366366231363265363335636536396335323561663235
 65333666333033376334303463376666373738376361316463343836323839383735666530656135
 33316238356536663362646437633866323531353439393561626331326562663366663839393438
 35653262653262326532386431373336393737363665393030363538356262346435343333373636
 34343261623832306139623337353137646435613433346630643865333965303334393666336534
 61353035373034323864356636643930333638396564616134353536663164363932643364656162
 35366139363939663632353066373932363961656464393131373239356663303736653334336531
 35303236303065363764313432643664333532343134393965323963636664663536376632323538
 38356335383934636631643436356563636364646136333637666331363261656236346539373233
 37306330306531623464663031626337346339613630363635633161336366653638626339356662
 63383836613863646436346233376563353037373666313631393161333133633132666633663361
 326132663033396335306165333862666433
--- a/terraform/theorangeone.net.tf
+++ b/terraform/theorangeone.net.tf
@ -221,6 +221,22 @@ resource "cloudflare_record" "theorangeonenet_comentario" {
  ttl     = 1
 }
 resource "cloudflare_record" "theorangeonenet_bsky" {
  zone_id = cloudflare_zone.theorangeonenet.id
  name    = "bsky"
  value   = cloudflare_record.sys_domain_pve.hostname
  type    = "CNAME"
  ttl     = 1
 }
 resource "cloudflare_record" "theorangeonenet_atproto" {
  zone_id = cloudflare_zone.theorangeonenet.id
  name    = "_atproto"
  value   = "did=did:plc:pgyg4ih7zsqkwdon34jqkbuz"
  type    = "TXT"
  ttl     = 1
 }
 resource "cloudflare_record" "theorangeonenet_caa" {
  zone_id = cloudflare_zone.theorangeonenet.id
  name    = "@"