Implemented pdsadmin

group_vars/all

@@ -129,8 +129,8 @@ nginx_configuration_directory:  "/etc/nginx/conf.d/"
 nginx_servers_directory:        "{{nginx_configuration_directory}}servers/"     # Contains server blogs
 nginx_maps_directory:           "{{nginx_configuration_directory}}maps/"        # Contains mappins
 nginx_upstreams_directory:      "{{nginx_configuration_directory}}upstreams/"   # Contains upstream configurations
-nginx_well_known_root:          "/usr/share/nginx/well-known/"                   # Path where well-known files are stored
-nginx_homepage_root:            "/usr/share/nginx/homepage/"                     # Path where the static homepage files are stored
+nginx_well_known_root:          "/usr/share/nginx/well-known/"                  # Path where well-known files are stored
+nginx_homepage_root:            "/usr/share/nginx/homepage/"                    # Path where the static homepage files are stored
 
 ## Domains
 
@@ -139,14 +139,15 @@ domain_akaunting:               "accounting.{{top_domain}}"
 domain_attendize:               "tickets.{{top_domain}}"
 domain_baserow:                 "baserow.{{top_domain}}"
 domain_bigbluebutton:           "meet.{{top_domain}}"
-domain_bluesky:                 "bluesky.{{top_domain}}"
+domain_bluesky_api:             "bluesky.{{top_domain}}"
+domain_bluesky_web:             "bskyweb.{{top_domain}}"
 domain_discourse:               "forum.{{top_domain}}"
 domain_elk:                     "elk.{{top_domain}}"
 domain_friendica:               "friendica.{{top_domain}}"
 domain_funkwhale:               "music.{{top_domain}}"
 domain_gitea:                   "git.{{top_domain}}"
 domain_gitlab:                  "gitlab.{{top_domain}}"
-domain_portfolio:             "{{top_domain}}"
+domain_portfolio:               "{{top_domain}}"
 domain_listmonk:                "newsletter.{{top_domain}}"
 domain_mailu:                   "{{system_email_host}}"
 domain_mastodon:                "microblog.{{top_domain}}"

playbook.servers.yml

@@ -286,6 +286,17 @@
         domain: "{{domain_portfolio}}"
         http_port: 8029
 
+- name: setup bluesky
+  hosts: bluesky
+  become: true
+  roles:
+   -  role: docker-bluesky
+      vars:
+        domain_api:   "{{domain_bluesky_api}}"
+        domain_web:   "{{domain_bluesky_web}}"
+        http_port_api: 8030
+        http_port_web: 8031
+
 # Native Webserver Roles
 - name: setup nginx-static-repositorys
   hosts: nginx-static-repositorys

roles/docker-bigbluebutton/handlers/main.yml

@@ -51,7 +51,7 @@
 
 - name: docker compose up bigbluebutton
   command:
-    cmd: docker-compose -p bigbluebutton up -d --force-recreate
+    cmd: docker-compose -p bigbluebutton up -d --force-recreate --build
     chdir: "{{docker_compose_instance_directory}}"
   environment:
     COMPOSE_HTTP_TIMEOUT: 600

roles/docker-bigbluebutton/templates/nginx-proxy.conf.j2

@@ -1,6 +1,7 @@
 server {
-  listen 443 ssl http2 default_server;
-  listen [::]:443 ssl http2 default_server;
+  listen 443 ssl default_server;
+  listen [::]:443 ssl default_server;
+  http2 on;
   server_name {{domain}};
 
   ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem;

roles/docker-bluesky/README.md

@@ -1,9 +1,40 @@
 # DRAFT role docker-bluesky
-UPtIn/VqlSyN4a8jO7FtwUxFqcHP5yqCXEzcDCRxRrvf1DPDtuPz7RS8yZ4GQq8K
-CT+h2/EdjnMrdIcaPa1XRw==
 
-jtEVJfLEfonUNkFhBsThHXAFhBI2f2u5fwLxCaXuXYvTrRIMl3ju1TTEzrGNw4cYsxdUZ4+4HDx5dkpGzd3HGA==
+## Set variables
+
+### bluesky_pds_jwt_secret
+```bash
+openssl rand -base64 64 | tr -d '\n'
+```
+for 
+
+### bluesky_pds_plc_rotation_key_k256_private_key_hex
+openssl rand -hex 32
+
+### bluesky_pds_admin_password
+openssl rand -base64 16
+
+### bluesky_database_password
+openssl rand -base64 32
+
+## create user
+```bash
+curl -X POST https://your-pds-domain/xrpc/com.atproto.server.createAccount \
+  --user "admin:$admin-password" 
+  -H "Content-Type: application/json" \
+  -d '{
+        "email": "user@example.com",
+        "handle": "username",
+        "password": "securepassword123",
+        "inviteCode": "optional-invite-code"
+      }'
+```
+
 ## more information
 - https://therobbiedavis.com/selfhosting-bluesky-with-docker-and-swag/
 - https://cprimozic.net/notes/posts/notes-on-self-hosting-bluesky-pds-alongside-other-services/
-- https://github.com/bluesky-social/pds
+- https://github.com/bluesky-social/pds
+- https://chatgpt.com/c/678a2eb6-145c-800f-bf51-ff706981a928
+- https://www.youtube.com/watch?v=7_AG50u7D6c
+- https://github.com/bluesky-social/pds/issues/52
+- https://github.com/lhaig/pdsadmin

roles/docker-bluesky/tasks/main.yml

@@ -1,14 +1,56 @@
 ---
-- name: "include docker/compose/database.yml"
-  include_tasks: docker/compose/database.yml
+- name: "include docker/compose/common.yml"
+  include_tasks: docker/compose/common.yml
 
-- name: "include tasks nginx-docker-proxy-domain.yml"
+- name: "Include tasks for API domain"
   include_tasks: nginx-docker-proxy-domain.yml
+  vars:
+    domain: "{{ domain_api }}"
+    http_port: "{{ http_port_api }}"
+
+- name: "Include tasks for Web domain"
+  include_tasks: nginx-docker-proxy-domain.yml
+  vars:
+    domain: "{{ domain_web }}"
+    http_port: "{{ http_port_web }}" 
+
+# The following lines should be removed when the following issue is closed:
+# https://github.com/bluesky-social/pds/issues/52
+
+- name: Download pdsadmin tarball
+  get_url:
+    url: "https://github.com/lhaig/pdsadmin/releases/download/v1.0.0-dev/pdsadmin_Linux_x86_64.tar.gz"
+    dest: "{{pdsadmin_temporary_tar_path}}"
+    mode: '0644'
+
+- name: Create {{pdsadmin_folder_path}}
+  file:
+    path: "{{pdsadmin_folder_path}}"
+    state: directory
+    mode: '0755'
+    
+- name: Extract pdsadmin tarball
+  unarchive:
+    src: "{{pdsadmin_temporary_tar_path}}"
+    dest: "{{pdsadmin_folder_path}}"
+    remote_src: yes
+    mode: '0755'
+
+- name: Ensure pdsadmin is executable
+  file:
+    path: "{{pdsadmin_file_path}}"
+    mode: '0755'
+    state: file
+
+- name: clone social app repository
+  git:
+    repo: "https://github.com/bluesky-social/social-app.git"
+    dest: "{{social_app_path}}"
+    version: "main"
+  notify: docker compose project build and setup 
 
 - name: add docker-compose.yml
-  template: src=docker-compose.yml.j2 dest={{docker_compose_instance_directory}}docker-compose.yml
-  notify: docker compose project setup
-
-- name: configure run.env
-  template: src=env.j2 dest={{docker_compose_instance_directory}}/env
-  notify: docker compose project setup
+  template: 
+    src:  docker-compose.yml.j2
+    dest: "{{docker_compose_instance_directory}}docker-compose.yml"
+  notify: docker compose project build and setup

roles/docker-bluesky/templates/docker-compose.yml.j2

@@ -1,32 +1,27 @@
 services:
   pds:
-    image: ghcr.io/bluesky-social/pds:0.4
+    image: ghcr.io/bluesky-social/pds:latest
     restart: {{docker_restart_policy}}
-    ports:
-      - {{http_port}}:3000
     volumes:
-        - data:/pds
-    env_file:
-      - /env
+        - pds_data:/pds
+        - {{pdsadmin_file_path}}:/usr/local/bin/pdsadmin:ro
     environment:
       # Geben Sie hier Ihre Domain und Konfigurationsdetails an
-      PDS_HOSTNAME: "{{domain}}"
-      PDS_ADMIN_EMAIL: "{{PDS_ADMIN_EMAIL}}"
-      PDS_DB__POSTGRES__URL: "postgres://{{ database_username }}:{{ database_password }}@{{ database_host }}:5432/{{ database_name }}"
-      PDS_SERVICE_DID: "did:web:{{ domain }}"
+      PDS_HOSTNAME: "{{domain_api}}"
+      PDS_ADMIN_EMAIL: "{{administrator_email}}"
+      PDS_SERVICE_DID: "did:web:{{domain_api}}"
       # See https://mattdyson.org/blog/2024/11/self-hosting-bluesky-pds/
-      PDS_SERVICE_HANDLE_DOMAINS: ."{{domain}}"
-      PDS_JWT_SECRET: <INSERT SECRET HERE>
-      PDS_ADMIN_PASSWORD: <INSERT ANOTHER SECRET HERE>
-      PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: <INSERT KEY HEX HERE>
+      PDS_SERVICE_HANDLE_DOMAINS: ".{{top_domain}}"
+      PDS_JWT_SECRET: "{{bluesky_pds_jwt_secret}}"
+      PDS_ADMIN_PASSWORD: "{{bluesky_pds_admin_password}}"
+      PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: "{{bluesky_pds_plc_rotation_key_k256_private_key_hex}}"
       PDS_CRAWLERS: https://bsky.network
-      PDS_EMAIL_SMTP_URL: smtps://{{system_email_username}}:{{system_email_passwort}}@{{system_email_host}}:{{system_email_port}}/
+      PDS_EMAIL_SMTP_URL: smtps://{{system_email_username}}:{{system_email_password}}@{{system_email_host}}:{{system_email_smtp_port}}/
       PDS_EMAIL_FROM_ADDRESS: {{system_email_from}}
       LOG_ENABLED: true
-
+      PDS_BLOBSTORE_DISK_LOCATION: /opt/pds/blocks
       # -- DEFAULT VALUES ---
       # PDS_DATA_DIRECTORY: /opt/pds
-      # PDS_BLOBSTORE_DISK_LOCATION: /opt/pds/blocks
       # PDS_BLOB_UPLOAD_LIMIT: 52428800
       # PDS_DID_PLC_URL=https://plc.directory
       # PDS_BSKY_APP_VIEW_URL=https://api.bsky.app
@@ -34,33 +29,39 @@ services:
       # PDS_REPORT_SERVICE_URL=https://mod.bsky.app
       # PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac
     ports:
-      - "127.0.0.1:{{http_port}}:3000"
+      - "127.0.0.1:{{http_port_api}}:3000"
     healthcheck:
-      test: ["CMD", "curl", "-f", "http://127.0.0.1:3000"]
+      test: ["CMD", "wget", "--spider", "http://127.0.0.1:3000/xrpc/_health"]
       interval: 1m
       timeout: 10s
       retries: 3
 {% include 'templates/docker/container/networks.yml.j2' %}
-{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
 
 #  Deactivated for the moment @see https://github.com/bluesky-social/social-app
-#  bluesky-app:
-#    image: ghcr.io/bluesky-social/app:latest # Beispiel-App-Image
-#    restart: always
-#    ports:
-#      - "8080:8080"
-#    environment:
-#      # Verbindung zur PDS-Instanz
-#      REACT_APP_PDS_URL: "http://application:3000" # URL des PDS
-#      REACT_APP_API_URL: "http://application:3000" # API-URL des PDS
-#      REACT_APP_SITE_NAME: "Bluesky"
-#      REACT_APP_SITE_DESCRIPTION: "Dezentrales Soziales Netzwerk"
-#    depends_on:
-#      - application
-
-{% include 'templates/docker/services/' + database_type + '.yml.j2' %}
+  web:
+    command: ["bskyweb","serve"]
+    build:
+      context: "{{ social_app_path }}"
+      dockerfile: Dockerfile 
+      # It doesn't compile yet with this parameters. @todo Fix it
+      args:
+        REACT_APP_PDS_URL: "http://{{domain_api}}" # URL des PDS
+        REACT_APP_API_URL: "http://{{domain_api}}" # API-URL des PDS
+        REACT_APP_SITE_NAME: "{{top_domain | upper}} - Bluesky"
+        REACT_APP_SITE_DESCRIPTION: "Decentral Social "
+    restart: {{docker_restart_policy}}
+    ports:
+      - "127.0.0.1:{{http_port_web}}:8100"
+    # Start already parallel to pds
+    #depends_on:
+    #  - None
+    healthcheck:
+      test: ["CMD", "sh", "-c", "for pid in $(ls /proc | grep -E '^[0-9]+$'); do if cat /proc/$pid/cmdline 2>/dev/null | grep -q 'bskywebserve'; then exit 0; fi; done; exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
 
 {% include 'templates/docker/compose/volumes.yml.j2' %}
-  data:
+  pds_data:
 
 {% include 'templates/docker/compose/networks.yml.j2' %}

roles/docker-bluesky/templates/env.j2

@@ -1,17 +0,0 @@
-PDS_HOSTNAME= {{domain}}
-PDS_JWT_SECRET= #openssl rand --hex 16
-PDS_ADMIN_PASSWORD= #openssl rand --hex 16
-PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX= #openssl ecparam --name secp256k1 --genkey --noout --outform DER | tail --bytes=+8 | head --bytes=32 | xxd --plain --cols 32
-PDS_EMAIL_SMTP_URL= #smtp://username@gmail.com:password@smtp.gmail.com:587
-PDS_EMAIL_FROM_ADDRESS= {{administrator_email}}
-PDS_MODERATION_EMAIL_SMTP_URL= #smtp://username@gmail.com:password@smtp.gmail.com:587
-PDS_MODERATION_EMAIL_ADDRESS= {{administrator_email}}
-PDS_DATA_DIRECTORY=/pds
-PDS_BLOBSTORE_DISK_LOCATION=/pds/blocks
-PDS_DID_PLC_URL=https://plc.directory
-PDS_BSKY_APP_VIEW_URL=https://api.bsky.app
-PDS_BSKY_APP_VIEW_DID=did:web:api.bsky.app
-PDS_REPORT_SERVICE_URL=https://mod.bsky.app
-PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac
-PDS_CRAWLERS=https://bsky.network
-LOG_ENABLED=true

roles/docker-bluesky/vars/main.yml

@@ -1,3 +1,8 @@
 docker_compose_project_name:        "bluesky"
-database_password:                  "{{bluesky_database_password}}"
-database_type:                      "postgres"
+social_app_path:                    "{{ docker_compose_instance_directory }}/social-app"
+
+# This should be removed when the following issue is closed:
+# https://github.com/bluesky-social/pds/issues/52
+pdsadmin_folder_path:               "{{ docker_compose_instance_directory }}/pdsadmin"
+pdsadmin_file_path:                 "{{pdsadmin_folder_path}}/pdsadmin"
+pdsadmin_temporary_tar_path:        "/tmp/pdsadmin.tar.gz"

roles/docker-compose/handlers/main.yml

@@ -8,6 +8,7 @@
 #  listen: docker compose project setup
 #  when: mode_reset | bool
 
+# default setup for docker compose files
 - name: docker compose project setup
   command:
     cmd: docker-compose -p "{{docker_compose_project_name}}" up -d --force-recreate
@@ -16,3 +17,14 @@
     COMPOSE_HTTP_TIMEOUT: 600
     DOCKER_CLIENT_TIMEOUT: 600
   listen: docker compose project setup
+
+# it's necessary to rebuild when a build in the docker compose files is defined
+# for performance reasons it's not recommended to use this if there is no build tag specified
+- name: docker compose project build and setup 
+  command:
+    cmd: docker-compose -p "{{docker_compose_project_name}}" up -d --force-recreate --build
+    chdir: "{{docker_compose_instance_directory}}"
+  environment:
+    COMPOSE_HTTP_TIMEOUT: 600
+    DOCKER_CLIENT_TIMEOUT: 600
+  listen: docker compose project setup

roles/docker-keycloak/README.md

@@ -0,0 +1,6 @@
+# docker-keycloak
+
+## More Information
+- https://www.keycloak.org/
+- https://github.com/keycloak/keycloak
+- https://en.wikipedia.org/wiki/Keycloak

roles/docker-keycloak/templates/docker-compose.yml.j2

@@ -0,0 +1,32 @@
+version: '3.7'
+
+services:
+
+# include database container
+{% include 'templates/docker/services/' + database_type + '.yml.j2' %}
+
+  keycloak:
+    image: quay.io/keycloak/keycloak:23.0.6
+    command: start
+    environment:
+      KC_HOSTNAME: {{domain}}
+      KC_HOSTNAME_PORT: {{http_port}}
+      KC_HOSTNAME_STRICT_BACKCHANNEL: false
+      KC_HTTP_ENABLED: true
+      KC_HOSTNAME_STRICT_HTTPS: false
+      KC_HEALTH_ENABLED: true
+      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
+      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
+      KC_DB: postgres
+      KC_DB_URL: jdbc:postgresql://postgres/${POSTGRES_DB}
+      KC_DB_USERNAME: ${POSTGRES_USER}
+      KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
+    ports:
+      - "127.0.0.1:{{http_port}}:8080"
+    restart: always
+{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
+{% include 'templates/docker/container/networks.yml.j2' %}
+
+{% include 'templates/docker/compose/volumes.yml.j2' %}
+
+{% include 'templates/docker/compose/networks.yml.j2' %}

roles/docker-matrix-compose/templates/nginx.conf.j2

@@ -3,8 +3,9 @@ server {
     {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
     
     # For the federation port
-    listen 8448 ssl http2 default_server;
-    listen [::]:8448 ssl http2 default_server;
+    listen 8448 ssl default_server;
+    listen [::]:8448 ssl default_server;
+    http2 on;
 
     {% if nginx_matomo_tracking | bool %}
         {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}

roles/letsencrypt/templates/ssl_header.j2

@@ -1,5 +1,6 @@
-listen 443 ssl http2;
-listen [::]:443 ssl http2;
+listen 443 ssl;
+listen [::]:443 ssl;
+http2 on;
 ssl_session_timeout 1d;
 ssl_session_cache shared:SSL:50m;
 ssl_session_tickets on;