group_vars/all

@@ -129,8 +129,8 @@ nginx_configuration_directory:  "/etc/nginx/conf.d/"
 nginx_servers_directory:        "{{nginx_configuration_directory}}servers/"     # Contains server blogs
 nginx_maps_directory:           "{{nginx_configuration_directory}}maps/"        # Contains mappins
 nginx_upstreams_directory:      "{{nginx_configuration_directory}}upstreams/"   # Contains upstream configurations
-nginx_well_known_root:          "/usr/share/nginx/well-known/"                  # Path where well-known files are stored
+nginx_well_known_root:          "/usr/share/nginx/well-known/"                   # Path where well-known files are stored
-nginx_homepage_root:            "/usr/share/nginx/homepage/"                    # Path where the static homepage files are stored
+nginx_homepage_root:            "/usr/share/nginx/homepage/"                     # Path where the static homepage files are stored
 
 ## Domains
 
@@ -139,15 +139,14 @@ domain_akaunting:               "accounting.{{top_domain}}"
 domain_attendize:               "tickets.{{top_domain}}"
 domain_baserow:                 "baserow.{{top_domain}}"
 domain_bigbluebutton:           "meet.{{top_domain}}"
-domain_bluesky_api:             "bluesky.{{top_domain}}"
+domain_bluesky:                 "bluesky.{{top_domain}}"
-domain_bluesky_web:             "bskyweb.{{top_domain}}"
 domain_discourse:               "forum.{{top_domain}}"
 domain_elk:                     "elk.{{top_domain}}"
 domain_friendica:               "friendica.{{top_domain}}"
 domain_funkwhale:               "music.{{top_domain}}"
 domain_gitea:                   "git.{{top_domain}}"
 domain_gitlab:                  "gitlab.{{top_domain}}"
-domain_portfolio:               "{{top_domain}}"
+domain_portfolio:             "{{top_domain}}"
 domain_listmonk:                "newsletter.{{top_domain}}"
 domain_mailu:                   "{{system_email_host}}"
 domain_mastodon:                "microblog.{{top_domain}}"

playbook.servers.yml

@@ -286,17 +286,6 @@
         domain: "{{domain_portfolio}}"
         http_port: 8029
 
-- name: setup bluesky
-  hosts: bluesky
-  become: true
-  roles:
-   -  role: docker-bluesky
-      vars:
-        domain_api:   "{{domain_bluesky_api}}"
-        domain_web:   "{{domain_bluesky_web}}"
-        http_port_api: 8030
-        http_port_web: 8031
-
 # Native Webserver Roles
 - name: setup nginx-static-repositorys
   hosts: nginx-static-repositorys

roles/docker-bigbluebutton/handlers/main.yml

@@ -51,7 +51,7 @@
 
 - name: docker compose up bigbluebutton
   command:
-    cmd: docker-compose -p bigbluebutton up -d --force-recreate --build
+    cmd: docker-compose -p bigbluebutton up -d --force-recreate
     chdir: "{{docker_compose_instance_directory}}"
   environment:
     COMPOSE_HTTP_TIMEOUT: 600

roles/docker-bigbluebutton/templates/nginx-proxy.conf.j2

@@ -1,7 +1,6 @@
 server {
-  listen 443 ssl default_server;
+  listen 443 ssl http2 default_server;
-  listen [::]:443 ssl default_server;
+  listen [::]:443 ssl http2 default_server;
-  http2 on;
   server_name {{domain}};
 
   ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem;

roles/docker-bluesky/README.md

@@ -1,40 +1,9 @@
 # DRAFT role docker-bluesky
+UPtIn/VqlSyN4a8jO7FtwUxFqcHP5yqCXEzcDCRxRrvf1DPDtuPz7RS8yZ4GQq8K
+CT+h2/EdjnMrdIcaPa1XRw==
 
-## Set variables
+jtEVJfLEfonUNkFhBsThHXAFhBI2f2u5fwLxCaXuXYvTrRIMl3ju1TTEzrGNw4cYsxdUZ4+4HDx5dkpGzd3HGA==
-
-### bluesky_pds_jwt_secret
-```bash
-openssl rand -base64 64 | tr -d '\n'
-```
-for 
-
-### bluesky_pds_plc_rotation_key_k256_private_key_hex
-openssl rand -hex 32
-
-### bluesky_pds_admin_password
-openssl rand -base64 16
-
-### bluesky_database_password
-openssl rand -base64 32
-
-## create user
-```bash
-curl -X POST https://your-pds-domain/xrpc/com.atproto.server.createAccount \
-  --user "admin:$admin-password" 
-  -H "Content-Type: application/json" \
-  -d '{
-        "email": "user@example.com",
-        "handle": "username",
-        "password": "securepassword123",
-        "inviteCode": "optional-invite-code"
-      }'
-```
-
 ## more information
 - https://therobbiedavis.com/selfhosting-bluesky-with-docker-and-swag/
 - https://cprimozic.net/notes/posts/notes-on-self-hosting-bluesky-pds-alongside-other-services/
 - https://github.com/bluesky-social/pds
-- https://chatgpt.com/c/678a2eb6-145c-800f-bf51-ff706981a928
-- https://www.youtube.com/watch?v=7_AG50u7D6c
-- https://github.com/bluesky-social/pds/issues/52
-- https://github.com/lhaig/pdsadmin

roles/docker-bluesky/tasks/main.yml

@@ -1,56 +1,14 @@
 ---
-- name: "include docker/compose/common.yml"
+- name: "include docker/compose/database.yml"
-  include_tasks: docker/compose/common.yml
+  include_tasks: docker/compose/database.yml
 
-- name: "Include tasks for API domain"
+- name: "include tasks nginx-docker-proxy-domain.yml"
   include_tasks: nginx-docker-proxy-domain.yml
-  vars:
-    domain: "{{ domain_api }}"
-    http_port: "{{ http_port_api }}"
-
-- name: "Include tasks for Web domain"
-  include_tasks: nginx-docker-proxy-domain.yml
-  vars:
-    domain: "{{ domain_web }}"
-    http_port: "{{ http_port_web }}" 
-
-# The following lines should be removed when the following issue is closed:
-# https://github.com/bluesky-social/pds/issues/52
-
-- name: Download pdsadmin tarball
-  get_url:
-    url: "https://github.com/lhaig/pdsadmin/releases/download/v1.0.0-dev/pdsadmin_Linux_x86_64.tar.gz"
-    dest: "{{pdsadmin_temporary_tar_path}}"
-    mode: '0644'
-
-- name: Create {{pdsadmin_folder_path}}
-  file:
-    path: "{{pdsadmin_folder_path}}"
-    state: directory
-    mode: '0755'
-    
-- name: Extract pdsadmin tarball
-  unarchive:
-    src: "{{pdsadmin_temporary_tar_path}}"
-    dest: "{{pdsadmin_folder_path}}"
-    remote_src: yes
-    mode: '0755'
-
-- name: Ensure pdsadmin is executable
-  file:
-    path: "{{pdsadmin_file_path}}"
-    mode: '0755'
-    state: file
-
-- name: clone social app repository
-  git:
-    repo: "https://github.com/bluesky-social/social-app.git"
-    dest: "{{social_app_path}}"
-    version: "main"
-  notify: docker compose project build and setup 
 
 - name: add docker-compose.yml
-  template: 
+  template: src=docker-compose.yml.j2 dest={{docker_compose_instance_directory}}docker-compose.yml
-    src:  docker-compose.yml.j2
+  notify: docker compose project setup
-    dest: "{{docker_compose_instance_directory}}docker-compose.yml"
+
-  notify: docker compose project build and setup
+- name: configure run.env
+  template: src=env.j2 dest={{docker_compose_instance_directory}}/env
+  notify: docker compose project setup

roles/docker-bluesky/templates/docker-compose.yml.j2

@@ -1,27 +1,32 @@
 services:
   pds:
-    image: ghcr.io/bluesky-social/pds:latest
+    image: ghcr.io/bluesky-social/pds:0.4
     restart: {{docker_restart_policy}}
+    ports:
+      - {{http_port}}:3000
     volumes:
-        - pds_data:/pds
+        - data:/pds
-        - {{pdsadmin_file_path}}:/usr/local/bin/pdsadmin:ro
+    env_file:
+      - /env
     environment:
       # Geben Sie hier Ihre Domain und Konfigurationsdetails an
-      PDS_HOSTNAME: "{{domain_api}}"
+      PDS_HOSTNAME: "{{domain}}"
-      PDS_ADMIN_EMAIL: "{{administrator_email}}"
+      PDS_ADMIN_EMAIL: "{{PDS_ADMIN_EMAIL}}"
-      PDS_SERVICE_DID: "did:web:{{domain_api}}"
+      PDS_DB__POSTGRES__URL: "postgres://{{ database_username }}:{{ database_password }}@{{ database_host }}:5432/{{ database_name }}"
+      PDS_SERVICE_DID: "did:web:{{ domain }}"
       # See https://mattdyson.org/blog/2024/11/self-hosting-bluesky-pds/
-      PDS_SERVICE_HANDLE_DOMAINS: ".{{top_domain}}"
+      PDS_SERVICE_HANDLE_DOMAINS: ."{{domain}}"
-      PDS_JWT_SECRET: "{{bluesky_pds_jwt_secret}}"
+      PDS_JWT_SECRET: <INSERT SECRET HERE>
-      PDS_ADMIN_PASSWORD: "{{bluesky_pds_admin_password}}"
+      PDS_ADMIN_PASSWORD: <INSERT ANOTHER SECRET HERE>
-      PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: "{{bluesky_pds_plc_rotation_key_k256_private_key_hex}}"
+      PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: <INSERT KEY HEX HERE>
       PDS_CRAWLERS: https://bsky.network
-      PDS_EMAIL_SMTP_URL: smtps://{{system_email_username}}:{{system_email_password}}@{{system_email_host}}:{{system_email_smtp_port}}/
+      PDS_EMAIL_SMTP_URL: smtps://{{system_email_username}}:{{system_email_passwort}}@{{system_email_host}}:{{system_email_port}}/
       PDS_EMAIL_FROM_ADDRESS: {{system_email_from}}
       LOG_ENABLED: true
-      PDS_BLOBSTORE_DISK_LOCATION: /opt/pds/blocks
+
       # -- DEFAULT VALUES ---
       # PDS_DATA_DIRECTORY: /opt/pds
+      # PDS_BLOBSTORE_DISK_LOCATION: /opt/pds/blocks
       # PDS_BLOB_UPLOAD_LIMIT: 52428800
       # PDS_DID_PLC_URL=https://plc.directory
       # PDS_BSKY_APP_VIEW_URL=https://api.bsky.app
@@ -29,39 +34,33 @@ services:
       # PDS_REPORT_SERVICE_URL=https://mod.bsky.app
       # PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac
     ports:
-      - "127.0.0.1:{{http_port_api}}:3000"
+      - "127.0.0.1:{{http_port}}:3000"
     healthcheck:
-      test: ["CMD", "wget", "--spider", "http://127.0.0.1:3000/xrpc/_health"]
+      test: ["CMD", "curl", "-f", "http://127.0.0.1:3000"]
       interval: 1m
       timeout: 10s
       retries: 3
 {% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
 
 #  Deactivated for the moment @see https://github.com/bluesky-social/social-app
-  web:
+#  bluesky-app:
-    command: ["bskyweb","serve"]
+#    image: ghcr.io/bluesky-social/app:latest # Beispiel-App-Image
-    build:
+#    restart: always
-      context: "{{ social_app_path }}"
+#    ports:
-      dockerfile: Dockerfile 
+#      - "8080:8080"
-      # It doesn't compile yet with this parameters. @todo Fix it
+#    environment:
-      args:
+#      # Verbindung zur PDS-Instanz
-        REACT_APP_PDS_URL: "http://{{domain_api}}" # URL des PDS
+#      REACT_APP_PDS_URL: "http://application:3000" # URL des PDS
-        REACT_APP_API_URL: "http://{{domain_api}}" # API-URL des PDS
+#      REACT_APP_API_URL: "http://application:3000" # API-URL des PDS
-        REACT_APP_SITE_NAME: "{{top_domain | upper}} - Bluesky"
+#      REACT_APP_SITE_NAME: "Bluesky"
-        REACT_APP_SITE_DESCRIPTION: "Decentral Social "
+#      REACT_APP_SITE_DESCRIPTION: "Dezentrales Soziales Netzwerk"
-    restart: {{docker_restart_policy}}
+#    depends_on:
-    ports:
+#      - application
-      - "127.0.0.1:{{http_port_web}}:8100"
+
-    # Start already parallel to pds
+{% include 'templates/docker/services/' + database_type + '.yml.j2' %}
-    #depends_on:
-    #  - None
-    healthcheck:
-      test: ["CMD", "sh", "-c", "for pid in $(ls /proc | grep -E '^[0-9]+$'); do if cat /proc/$pid/cmdline 2>/dev/null | grep -q 'bskywebserve'; then exit 0; fi; done; exit 1"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
 
 {% include 'templates/docker/compose/volumes.yml.j2' %}
-  pds_data:
+  data:
 
 {% include 'templates/docker/compose/networks.yml.j2' %}

roles/docker-bluesky/templates/env.j2

@@ -0,0 +1,17 @@
+PDS_HOSTNAME= {{domain}}
+PDS_JWT_SECRET= #openssl rand --hex 16
+PDS_ADMIN_PASSWORD= #openssl rand --hex 16
+PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX= #openssl ecparam --name secp256k1 --genkey --noout --outform DER | tail --bytes=+8 | head --bytes=32 | xxd --plain --cols 32
+PDS_EMAIL_SMTP_URL= #smtp://username@gmail.com:password@smtp.gmail.com:587
+PDS_EMAIL_FROM_ADDRESS= {{administrator_email}}
+PDS_MODERATION_EMAIL_SMTP_URL= #smtp://username@gmail.com:password@smtp.gmail.com:587
+PDS_MODERATION_EMAIL_ADDRESS= {{administrator_email}}
+PDS_DATA_DIRECTORY=/pds
+PDS_BLOBSTORE_DISK_LOCATION=/pds/blocks
+PDS_DID_PLC_URL=https://plc.directory
+PDS_BSKY_APP_VIEW_URL=https://api.bsky.app
+PDS_BSKY_APP_VIEW_DID=did:web:api.bsky.app
+PDS_REPORT_SERVICE_URL=https://mod.bsky.app
+PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac
+PDS_CRAWLERS=https://bsky.network
+LOG_ENABLED=true

roles/docker-bluesky/vars/main.yml

@@ -1,8 +1,3 @@
 docker_compose_project_name:        "bluesky"
-social_app_path:                    "{{ docker_compose_instance_directory }}/social-app"
+database_password:                  "{{bluesky_database_password}}"
-
+database_type:                      "postgres"
-# This should be removed when the following issue is closed:
-# https://github.com/bluesky-social/pds/issues/52
-pdsadmin_folder_path:               "{{ docker_compose_instance_directory }}/pdsadmin"
-pdsadmin_file_path:                 "{{pdsadmin_folder_path}}/pdsadmin"
-pdsadmin_temporary_tar_path:        "/tmp/pdsadmin.tar.gz"

roles/docker-compose/handlers/main.yml

@@ -8,7 +8,6 @@
 #  listen: docker compose project setup
 #  when: mode_reset | bool
 
-# default setup for docker compose files
 - name: docker compose project setup
   command:
     cmd: docker-compose -p "{{docker_compose_project_name}}" up -d --force-recreate
@@ -17,14 +16,3 @@
     COMPOSE_HTTP_TIMEOUT: 600
     DOCKER_CLIENT_TIMEOUT: 600
   listen: docker compose project setup
-
-# it's necessary to rebuild when a build in the docker compose files is defined
-# for performance reasons it's not recommended to use this if there is no build tag specified
-- name: docker compose project build and setup 
-  command:
-    cmd: docker-compose -p "{{docker_compose_project_name}}" up -d --force-recreate --build
-    chdir: "{{docker_compose_instance_directory}}"
-  environment:
-    COMPOSE_HTTP_TIMEOUT: 600
-    DOCKER_CLIENT_TIMEOUT: 600
-  listen: docker compose project setup

roles/docker-keycloak/README.md

@@ -1,6 +0,0 @@
-# docker-keycloak
-
-## More Information
-- https://www.keycloak.org/
-- https://github.com/keycloak/keycloak
-- https://en.wikipedia.org/wiki/Keycloak

roles/docker-keycloak/templates/docker-compose.yml.j2

@@ -1,32 +0,0 @@
-version: '3.7'
-
-services:
-
-# include database container
-{% include 'templates/docker/services/' + database_type + '.yml.j2' %}
-
-  keycloak:
-    image: quay.io/keycloak/keycloak:23.0.6
-    command: start
-    environment:
-      KC_HOSTNAME: {{domain}}
-      KC_HOSTNAME_PORT: {{http_port}}
-      KC_HOSTNAME_STRICT_BACKCHANNEL: false
-      KC_HTTP_ENABLED: true
-      KC_HOSTNAME_STRICT_HTTPS: false
-      KC_HEALTH_ENABLED: true
-      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
-      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
-      KC_DB: postgres
-      KC_DB_URL: jdbc:postgresql://postgres/${POSTGRES_DB}
-      KC_DB_USERNAME: ${POSTGRES_USER}
-      KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
-    ports:
-      - "127.0.0.1:{{http_port}}:8080"
-    restart: always
-{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
-
-{% include 'templates/docker/compose/volumes.yml.j2' %}
-
-{% include 'templates/docker/compose/networks.yml.j2' %}

roles/docker-matrix-compose/templates/nginx.conf.j2

@@ -3,9 +3,8 @@ server {
     {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
     
     # For the federation port
-    listen 8448 ssl default_server;
+    listen 8448 ssl http2 default_server;
-    listen [::]:8448 ssl default_server;
+    listen [::]:8448 ssl http2 default_server;
-    http2 on;
 
     {% if nginx_matomo_tracking | bool %}
         {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}

roles/letsencrypt/templates/ssl_header.j2

@@ -1,6 +1,5 @@
-listen 443 ssl;
+listen 443 ssl http2;
-listen [::]:443 ssl;
+listen [::]:443 ssl http2;
-http2 on;
 ssl_session_timeout 1d;
 ssl_session_cache shared:SSL:50m;
 ssl_session_tickets on;