From 5c5db4f614761e2dd9c2e791d955d6f5ed9aa011 Mon Sep 17 00:00:00 2001 From: primal Date: Mon, 26 Jan 2026 16:33:04 -0500 Subject: [PATCH] Add Docker Compose setup for PDS --- .gitignore | 5 +++++ docker-compose.yml | 42 ++++++++++++++++++++++++++++++++++++++++++ generate-secrets.sh | 6 ++++++ pds.env.example | 29 +++++++++++++++++++++++++++++ 4 files changed, 82 insertions(+) create mode 100644 .gitignore create mode 100644 docker-compose.yml create mode 100755 generate-secrets.sh create mode 100644 pds.env.example diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4728eda --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +# Secrets +pds.env + +# Data directory +data/ diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..8d43d99 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,42 @@ +services: + pds-1440-news: + image: ghcr.io/bluesky-social/pds:0.4 + container_name: pds-1440-news + restart: unless-stopped + volumes: + - ./data:/pds + env_file: + - pds.env + networks: + - proxy + labels: + - "traefik.enable=true" + # PDS API endpoint: pds.1440.news + - "traefik.http.routers.pds-1440-news.rule=Host(`pds.1440.news`)" + - "traefik.http.routers.pds-1440-news.entrypoints=https" + - "traefik.http.routers.pds-1440-news.tls.certresolver=letsencrypt" + # Wildcard for account handles: *.1440.news + - "traefik.http.routers.pds-1440-news-handles.rule=HostRegexp(`^.+\\.1440\\.news$$`)" + - "traefik.http.routers.pds-1440-news-handles.entrypoints=https" + - "traefik.http.routers.pds-1440-news-handles.tls.certresolver=letsencrypt" + - "traefik.http.routers.pds-1440-news-handles.priority=1" + # HTTP to HTTPS redirect + - "traefik.http.routers.pds-1440-news-redirect.rule=Host(`pds.1440.news`)" + - "traefik.http.routers.pds-1440-news-redirect.entrypoints=http" + - "traefik.http.routers.pds-1440-news-redirect.middlewares=https-redirect" + - "traefik.http.routers.pds-1440-news-handles-redirect.rule=HostRegexp(`^.+\\.1440\\.news$$`)" + - "traefik.http.routers.pds-1440-news-handles-redirect.entrypoints=http" + - "traefik.http.routers.pds-1440-news-handles-redirect.middlewares=https-redirect" + - "traefik.http.routers.pds-1440-news-handles-redirect.priority=1" + # Shared middleware + - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https" + - "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true" + # Service port + - "traefik.http.services.pds-1440-news.loadbalancer.server.port=3000" + # Local development + - "traefik.http.routers.pds-1440-news-local.rule=Host(`pds.1440.localhost`)" + - "traefik.http.routers.pds-1440-news-local.entrypoints=http" + +networks: + proxy: + external: true diff --git a/generate-secrets.sh b/generate-secrets.sh new file mode 100755 index 0000000..1751206 --- /dev/null +++ b/generate-secrets.sh @@ -0,0 +1,6 @@ +#!/bin/bash +# Generate secrets for PDS configuration + +echo "PDS_JWT_SECRET=$(openssl rand -hex 32)" +echo "PDS_ADMIN_PASSWORD=$(openssl rand -base64 24)" +echo "PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=$(openssl rand -hex 32)" diff --git a/pds.env.example b/pds.env.example new file mode 100644 index 0000000..8fdf158 --- /dev/null +++ b/pds.env.example @@ -0,0 +1,29 @@ +# PDS Configuration for 1440.news +# Copy to pds.env and fill in values + +# Core (required) +PDS_HOSTNAME=pds.1440.news +PDS_JWT_SECRET= +PDS_ADMIN_PASSWORD= +PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX= + +# Storage +PDS_DATA_DIRECTORY=/pds +PDS_BLOBSTORE_DISK_LOCATION=/pds/blocks +PDS_BLOB_UPLOAD_LIMIT=5242880 + +# AT Protocol Network +PDS_DID_PLC_URL=https://plc.directory +PDS_BSKY_APP_VIEW_URL=https://api.bsky.app +PDS_BSKY_APP_VIEW_DID=did:web:api.bsky.app +PDS_REPORT_SERVICE_URL=https://mod.bsky.app +PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac +PDS_CRAWLERS=https://bsky.network + +# Email (optional but recommended) +# PDS_EMAIL_SMTP_URL=smtps://user:pass@smtp.example.com:465 +# PDS_EMAIL_FROM_ADDRESS=noreply@1440.news + +# Optional +# PDS_PRIVACY_POLICY_URL=https://1440.news/privacy +LOG_LEVEL=info