PDS#

Configuration#

This is a fully operational PDS and needs appropriate configuration. If you decide to run multiple PDS instances for testing, be sure to configure each one individually.

Copy the env.example file to env and update the following entry "PLACEHOLDER" values.

• PDS_JWT_SECRET value set with openssl rand --hex 16
• PDS_ADMIN_PASSWORD value set with openssl rand --hex 16
• PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX value set with openssl ecparam --name secp256k1 --genkey --noout --outform DER | tail --bytes=+8 | head --bytes=32 | xxd --plain --cols 32
• PDS_HOSTNAME value updated to relflect your internal tailnet
• PDS_ADMIN_EMAIL value updated to relflect your internal tailnet
• PDS_DID_PLC_URL value updated to relflect your internal tailnet
• Optionally, if you are not using the pyroclastic.cloud domain (it's fine to leave this as-is) then change that.

Copy docker-compose.example.yml to docker-compose.yml and make the following changes:

• Optional, set the TS_AUTHKEY if you are using one.

Operation#

1. Create the configuration file and update it accordingly.

2. Bring networking up.

   docker compose up tailscale -d

   If you are using dynamic machine authentication, you'll need to view the logs and click on the link.

   docker compose logs tailscale

3. Generate an SSL certificate for the node. Be sure to change internal.ts.net to whatever your Tailnet name is (i.e. sneaky-fox.ts.net)

   docker compose exec tailscale /bin/sh -c "tailscale cert --cert-file /mnt/tls/cert.pem --key-file /mnt/tls/cert.key pds.internal.ts.net"

4. Bring the app and proxy up.

   docker compose up -d

Usage#

The PDS will be available at https://pds.internal.ts.net/.

The maildev service will be available at http://pds.internal.ts.net:1080/.