Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

2025-08-29 15:06:26 +02:00 · 2025-07-08 23:43:13 +02:00
parent 6b87a049d4
commit 563d5fd528
1242 changed files with 2301 additions and 1355 deletions
--- a/roles/web-app-bluesky/Administration.md
+++ b/roles/web-app-bluesky/Administration.md
@@ -0,0 +1,28 @@
+# Administration
+
+## create user via POST
+```bash
+curl -X POST https://your-pds-domain/xrpc/com.atproto.server.createAccount \
+  --user "admin:$admin-password" 
+  -H "Content-Type: application/json" \
+  -d '{
+        "email": "user@example.com",
+        "handle": "username",
+        "password": "securepassword123",
+        "inviteCode": "optional-invite-code"
+      }'
+```
+
+## Use pdsadmin
+docker compose exec -it pds pdsadmin
+
+docker compose exec -it pds pdsadmin account create-invite-code
+
+## Debugging
+
+- Websocket: https://piehost.com/websocket-tester
+- Instance: https://bsky-debug.app
+
+https://bluesky.veen.world/.well-known/atproto-did
+
+Initial setup keine top level domain
--- a/roles/web-app-bluesky/Installation.md
+++ b/roles/web-app-bluesky/Installation.md
@@ -0,0 +1,4 @@
+# Installation
+
+## Configure DNS
+- https://bsky.social/about/blog/4-28-2023-domain-handle-tutorial
--- a/roles/web-app-bluesky/README.md
+++ b/roles/web-app-bluesky/README.md
@@ -0,0 +1,41 @@
+# Bluesky
+
+## Description
+
+Soar to new digital heights with Bluesky, an innovative platform that reimagines social networking with its forward-thinking, community-driven approach. Experience a burst of energy, creativity, and the freedom to connect in a truly inspiring way.
+
+## Overview
+
+This role deploys Bluesky using Docker Compose. It sets up the personal data server (PDS) and the social web service, configures multiple domains via Nginx, downloads and extracts the pdsadmin tool for administration, and clones the social app repository to build a fully orchestrated container environment for Bluesky.
+
+## Installation
+
+For DNS configuration and other setup details, please refer to [Installation.md](./Installation.md).
+
+## Features
+
+- **Decentralized Social Networking:** Engage in a community-driven social platform that prioritizes data ownership and privacy.
+- **Innovative Community Moderation:** Utilize advanced tools for managing content and maintaining healthy discussions.
+- **Scalable Infrastructure:** Leverage a Dockerized deployment that adapts to growing workloads efficiently.
+- **Real-Time Content Delivery:** Enjoy dynamic and instantaneous updates for a modern social experience.
+- **Developer-Friendly API:** Integrate with external systems and extend functionalities through a robust set of APIs.
+
+## Further Resources
+
+- [Self-hosting Bluesky with Docker and SWAG](https://therobbiedavis.com/selfhosting-bluesky-with-web-app-and-swag/)
+- [Notes on Self-hosting Bluesky PDS with Other Services](https://cprimozic.net/notes/posts/notes-on-self-hosting-bluesky-pds-alongside-other-services/)
+- [Bluesky PDS GitHub Repository](https://github.com/bluesky-social/pds)
+- [Social App Repository Discussion](https://chatgpt.com/c/678a2eb6-145c-800f-bf51-ff706981a928)
+- [Bluesky Social YouTube Overview](https://www.youtube.com/watch?v=7_AG50u7D6c)
+- [Bluesky PDS Issue #52](https://github.com/bluesky-social/pds/issues/52)
+- [pdsadmin GitHub Repository](https://github.com/lhaig/pdsadmin)
+- [Bluesky PDS Issue #147](https://github.com/bluesky-social/pds/issues/147)
+- [OAuth Client Documentation](https://docs.bsky.app/docs/advanced-guides/oauth-client)
+
+## Credits
+
+Developed and maintained by **Kevin Veen-Birkenbach**.  
+Learn more at [veen.world](https://www.veen.world).
+
+Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)  
+Licensed under [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl).
--- a/roles/web-app-bluesky/meta/main.yml
+++ b/roles/web-app-bluesky/meta/main.yml
@@ -0,0 +1,25 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Soar to new digital heights with Bluesky, an innovative platform that reimagines social networking with its forward-thinking, community-driven approach. Experience a burst of energy, creativity, and the freedom to connect in a truly inspiring way."
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  galaxy_tags:
+    - bluesky
+    - docker
+    - social network
+    - decentralized
+  repository: https://s.veen.world/cymais
+  issue_tracker_url: https://s.veen.world/cymaisissues
+  documentation: https://s.veen.world/cymais
+  logo:
+    class: "fa-solid fa-sun"
+  run_after:
+    - web-app-matomo
+    - web-app-keycloak
+    - web-app-mailu
+dependencies: []
--- a/roles/web-app-bluesky/meta/schema.yml
+++ b/roles/web-app-bluesky/meta/schema.yml
@@ -0,0 +1,13 @@
+credentials:
+  jwt_secret:
+    description: "Secret used for JWT signing (base64, 64 bytes)"
+    algorithm: "plain"
+    validation: "^[A-Za-z0-9+/=]{86,}$"  # 64 bytes base64 = ~86 characters without newline
+  plc_rotation_key_k256_private_key_hex:
+    description: "PLC rotation key in hex format (32 bytes)"
+    algorithm: "sha256"
+    validation: "^[a-f0-9]{64}$"
+  admin_password:
+    description: "Initial admin password for Bluesky PDS"
+    algorithm: "plain"
+    validation: "^.{12,}$"
--- a/roles/web-app-bluesky/meta/users.yml
+++ b/roles/web-app-bluesky/meta/users.yml
@@ -0,0 +1,3 @@
+users:
+  administrator:
+    email:          "administrator@{{ primary_domain }}"
--- a/roles/web-app-bluesky/tasks/main.yml
+++ b/roles/web-app-bluesky/tasks/main.yml
@@ -0,0 +1,48 @@
+- name: "include docker-compose role"
+  include_role: 
+    name: docker-compose
+
+- name: "include role webserver-proxy-domain for {{application_id}}"
+  include_role:
+    name: webserver-proxy-domain
+  vars:
+    domain: "{{ item.domain }}"
+    http_port: "{{ item.http_port }}"
+  loop:
+    - { domain: "{{domains.[application_id].api", http_port: "{{ports.localhost.http.bluesky_api}}" }
+    - { domain: "{{domains.[application_id].web}}", http_port: "{{ports.localhost.http.bluesky_web}}" }
+
+# The following lines should be removed when the following issue is closed:
+# https://github.com/bluesky-social/pds/issues/52
+
+- name: Download pdsadmin tarball
+  get_url:
+    url: "https://github.com/lhaig/pdsadmin/releases/download/v1.0.0-dev/pdsadmin_Linux_x86_64.tar.gz"
+    dest: "{{pdsadmin_temporary_tar_path}}"
+    mode: '0644'
+
+- name: Create {{pdsadmin_folder_path}}
+  file:
+    path: "{{pdsadmin_folder_path}}"
+    state: directory
+    mode: '0755'
+    
+- name: Extract pdsadmin tarball
+  unarchive:
+    src: "{{pdsadmin_temporary_tar_path}}"
+    dest: "{{pdsadmin_folder_path}}"
+    remote_src: yes
+    mode: '0755'
+
+- name: Ensure pdsadmin is executable
+  file:
+    path: "{{pdsadmin_file_path}}"
+    mode: '0755'
+    state: file
+
+- name: clone social app repository
+  git:
+    repo: "https://github.com/bluesky-social/social-app.git"
+    dest: "{{social_app_path}}"
+    version: "main"
+  notify: docker compose up 
--- a/roles/web-app-bluesky/templates/docker-compose.yml.j2
+++ b/roles/web-app-bluesky/templates/docker-compose.yml.j2
@@ -0,0 +1,41 @@
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
+
+  pds:
+{% set container_port = 3000 %}
+{% set container_healthcheck = 'xrpc/_health' %}
+    image: "{{ applications[application_id].images.pds }}"
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+    volumes:
+        - pds_data:/opt/pds
+        - {{pdsadmin_file_path}}:/usr/local/bin/pdsadmin:ro
+    ports:
+      - "127.0.0.1:{{ports.localhost.http.bluesky_api}}:{{ container_port }}"
+
+{% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+
+#  Deactivated for the moment @see https://github.com/bluesky-social/social-app
+  web:
+    command: ["bskyweb","serve"]
+    build:
+      context: "{{ social_app_path }}"
+      dockerfile: Dockerfile 
+      # It doesn't compile yet with this parameters. @todo Fix it
+      args:
+        REACT_APP_PDS_URL: "{{ web_protocol }}://{{domains.[application_id].api}}" # URL des PDS
+        REACT_APP_API_URL: "{{ web_protocol }}://{{domains.[application_id].api}}" # API-URL des PDS
+        REACT_APP_SITE_NAME: "{{primary_domain | upper}} - Bluesky"
+        REACT_APP_SITE_DESCRIPTION: "Decentral Social "
+    ports:
+      - "127.0.0.1:{{ports.localhost.http.bluesky_web}}:8100"
+    healthcheck:
+      test: ["CMD", "sh", "-c", "for pid in $(ls /proc | grep -E '^[0-9]+$'); do if cat /proc/$pid/cmdline 2>/dev/null | grep -q 'bskywebserve'; then exit 0; fi; done; exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
+  pds_data:
+
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/web-app-bluesky/templates/env.j2
+++ b/roles/web-app-bluesky/templates/env.j2
@@ -0,0 +1,21 @@
+PDS_HOSTNAME="{{domains.[application_id].api}}"
+PDS_ADMIN_EMAIL="{{applications.bluesky.users.administrator.email}}"
+PDS_SERVICE_DID="did:web:{{domains.[application_id].api}}"
+
+# See https://mattdyson.org/blog/2024/11/self-hosting-bluesky-pds/
+PDS_SERVICE_HANDLE_DOMAINS=".{{primary_domain}}"
+PDS_JWT_SECRET="{{applications.bluesky.credentials.jwt_secret}}"
+PDS_ADMIN_PASSWORD="{{applications.bluesky.credentials.admin_password}}"
+PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX="{{applications.bluesky.credentials.plc_rotation_key_k256_private_key_hex}}"
+PDS_CRAWLERS=https://bsky.network
+PDS_EMAIL_SMTP_URL=smtps://{{ users['no-reply'].email }}:{{ users['no-reply'].mailu_token }}@{{system_email.host}}:{{system_email.port}}/
+PDS_EMAIL_FROM_ADDRESS={{ users['no-reply'].email }}
+LOG_ENABLED=true
+PDS_BLOBSTORE_DISK_LOCATION=/opt/pds/blocks
+PDS_DATA_DIRECTORY: /opt/pds
+PDS_BLOB_UPLOAD_LIMIT: 52428800
+PDS_DID_PLC_URL=https://plc.directory
+PDS_BSKY_APP_VIEW_URL=https://{{domains.[application_id].web}}
+PDS_BSKY_APP_VIEW_DID=did:web:{{domains.[application_id].web}}
+PDS_REPORT_SERVICE_URL=https://mod.bsky.app
+PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac
--- a/roles/web-app-bluesky/vars/configuration.yml
+++ b/roles/web-app-bluesky/vars/configuration.yml
@@ -0,0 +1,17 @@
+images:
+  pds:              "ghcr.io/bluesky-social/pds:latest"
+pds:
+  version:          "latest"
+features:
+  matomo:           true
+  css:              true
+  portfolio_iframe: true
+  central_database: true
+domains:
+  canonical:
+    web:  "bskyweb.{{ primary_domain }}"
+    api:  "bluesky.{{ primary_domain }}"
+docker:
+  services:
+    database:
+      enabled: true
--- a/roles/web-app-bluesky/vars/main.yml
+++ b/roles/web-app-bluesky/vars/main.yml
@@ -0,0 +1,8 @@
+application_id:               "bluesky"
+social_app_path:              "{{ docker_compose.directories.services }}/social-app"
+
+# This should be removed when the following issue is closed:
+# https://github.com/bluesky-social/pds/issues/52
+pdsadmin_folder_path:         "{{ docker_compose.directories.volumes }}/pdsadmin"
+pdsadmin_file_path:           "{{pdsadmin_folder_path}}/pdsadmin"
+pdsadmin_temporary_tar_path:  "/tmp/pdsadmin.tar.gz"