tangled.org / core
Monorepo for Tangled tangled.org
fork atom

local-infra: local, sandboxed atmosphere infra #684

closed opened by boltless.me targeting master from sandboxed-atmosphere
STACK 6
#768 local-infra: local, sandboxed atmosphere infra
3/3
1
#0
#701 nix/vm: make vm more configurable
3/3
0
#8
#700 nix: knot: pass config to knot guard
3/3
0
#8
#699 nix: add plcUrl options for services.{knot,spindle}
3/3
0
#8
#698 Revert "Revert "*/config: add PLC URL config option""
3/3
0
#8
#704 appview/oauth: support custom PLC directory
3/3
0
#8
ABANDONED PULLS 1
#718 local-infra: support https scheme for knot
0
#0
Labels

None yet.

assignee

None yet.

Participants 1
AT URI
at://did:plc:xasnlahkri4ewmbuzly2rlc5/sh.tangled.repo.pull/3m3hok6yxvs22
+226
Diff #0
unified split
+54
local-infra/Caddyfile
···
··· 1 + { 2 + storage file_system /data/ 3 + debug 4 + pki { 5 + ca localtangled { 6 + name "LocalTangledCA" 7 + } 8 + } 9 + } 10 + 11 + plc.tngl.boltless.dev { 12 + tls { 13 + issuer internal { 14 + ca localtangled 15 + } 16 + } 17 + reverse_proxy http://plc:8080 18 + } 19 + 20 + *.pds.tngl.boltless.dev, pds.tngl.boltless.dev { 21 + tls { 22 + issuer internal { 23 + ca localtangled 24 + } 25 + } 26 + reverse_proxy http://pds:3000 27 + } 28 + 29 + jetstream.tngl.boltless.dev { 30 + tls { 31 + issuer internal { 32 + ca localtangled 33 + } 34 + } 35 + reverse_proxy http://jetstream:6008 36 + } 37 + 38 + knot.tngl.boltless.dev { 39 + tls { 40 + issuer internal { 41 + ca localtangled 42 + } 43 + } 44 + reverse_proxy http://localhost:6000 45 + } 46 + 47 + spindle.tngl.boltless.dev { 48 + tls { 49 + issuer internal { 50 + ca localtangled 51 + } 52 + } 53 + reverse_proxy http://localhost:6555 54 + }
+78
local-infra/docker-compose.yml
···
··· 1 + name: tangled-local-infra 2 + services: 3 + caddy: 4 + container_name: caddy 5 + image: caddy:2 6 + depends_on: 7 + - pds 8 + restart: unless-stopped 9 + cap_add: 10 + - NET_ADMIN 11 + ports: 12 + - "80:80" 13 + - "443:443" 14 + - "443:443/udp" 15 + volumes: 16 + - ./Caddyfile:/etc/caddy/Caddyfile 17 + - caddy_data:/data 18 + - caddy_config:/config 19 + 20 + plc: 21 + image: ghcr.io/bluesky-social/did-method-plc:plc-f2ab7516bac5bc0f3f86842fa94e996bd1b3815b 22 + # did-method-plc only provides linux/amd64 23 + platform: linux/amd64 24 + container_name: plc 25 + restart: unless-stopped 26 + ports: 27 + - "4000:8080" 28 + depends_on: 29 + - plc_db 30 + environment: 31 + DEBUG_MODE: 1 32 + LOG_ENABLED: "true" 33 + LOG_LEVEL: "debug" 34 + LOG_DESTINATION: 1 35 + DB_CREDS_JSON: &DB_CREDS_JSON '{"username":"pg","password":"password","host":"plc_db","port":5432}' 36 + DB_MIGRATE_CREDS_JSON: *DB_CREDS_JSON 37 + PLC_VERSION: 0.0.1 38 + PORT: 8080 39 + 40 + plc_db: 41 + image: postgres:14.4-alpine 42 + container_name: plc_db 43 + environment: 44 + - POSTGRES_USER=pg 45 + - POSTGRES_PASSWORD=password 46 + - PGPORT=5432 47 + volumes: 48 + - plc:/var/lib/postgresql/data 49 + 50 + pds: 51 + container_name: pds 52 + image: ghcr.io/bluesky-social/pds:0.4 53 + restart: unless-stopped 54 + ports: 55 + - "4001:3000" 56 + volumes: 57 + - pds:/pds 58 + env_file: 59 + - ./pds.env 60 + 61 + jetstream: 62 + container_name: jetstream 63 + image: ghcr.io/bluesky-social/jetstream:sha-0ab10bd 64 + restart: unless-stopped 65 + volumes: 66 + - jetstream:/data 67 + environment: 68 + - JETSTREAM_DATA_DIR=/data 69 + # livness check interval to restart when no events are received (default: 15sec) 70 + - JETSTREAM_LIVENESS_TTL=300s 71 + - JETSTREAM_WS_URL=ws://pds:3000/xrpc/com.atproto.sync.subscribeRepos 72 + 73 + volumes: 74 + caddy_config: 75 + caddy_data: 76 + plc: 77 + pds: 78 + jetstream:
+17
local-infra/pds.env
···
··· 1 + PDS_JWT_SECRET=8cae8bffcc73d9932819650791e4e89a 2 + PDS_ADMIN_PASSWORD=d6a902588cd93bee1af83f924f60cfd3 3 + PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=2e92e336a50a618458e1097d94a1db86ec3fd8829d7735020cbae80625c761d7 4 + 5 + LOG_ENABLED=true 6 + 7 + # PDS_BSKY_APP_VIEW_DID=did:web:api.bsky.app 8 + # PDS_BSKY_APP_VIEW_URL=https://api.bsky.app 9 + 10 + PDS_DATA_DIRECTORY=/pds 11 + PDS_BLOBSTORE_DISK_LOCATION=/pds/blocks 12 + 13 + # PDS_DID_PLC_URL=http://plc:8080 14 + PDS_HOSTNAME=pds.tngl.boltless.dev 15 + 16 + # PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac 17 + # PDS_REPORT_SERVICE_URL=https://mod.bsky.app
+14
local-infra/readme.md
···
··· 1 + run compose 2 + ``` 3 + docker compose up -d 4 + ``` 5 + 6 + copy the self-signed certificate to host machine 7 + ``` 8 + docker cp caddy:/data/pki/authorities/localtangled/root.crt localtangled.crt 9 + ``` 10 + 11 + trust the cert (macOS) 12 + ``` 13 + sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ./localtangled.crt 14 + ```
+63
local-infra/scripts/create-test-account.sh
···
··· 1 + #!/bin/bash 2 + set -o errexit 3 + set -o nounset 4 + set -o pipefail 5 + 6 + source "$(dirname "$0")/../pds.env" 7 + 8 + # curl a URL and fail if the request fails. 9 + function curl_cmd_get { 10 + curl --fail --silent --show-error "$@" 11 + } 12 + 13 + # curl a URL and fail if the request fails. 14 + function curl_cmd_post { 15 + curl --fail --silent --show-error --request POST --header "Content-Type: application/json" "$@" 16 + } 17 + 18 + # curl a URL but do not fail if the request fails. 19 + function curl_cmd_post_nofail { 20 + curl --silent --show-error --request POST --header "Content-Type: application/json" "$@" 21 + } 22 + 23 + USERNAME="${1:-}" 24 + 25 + if [[ "${USERNAME}" == "" ]]; then 26 + read -p "Enter a username: " USERNAME 27 + fi 28 + 29 + if [[ "${USERNAME}" == "" ]]; then 30 + echo "ERROR: missing USERNAME parameter." >/dev/stderr 31 + echo "Usage: $0 ${SUBCOMMAND} <USERNAME>" >/dev/stderr 32 + exit 1 33 + fi 34 + 35 + PASSWORD="password" 36 + INVITE_CODE="$(curl_cmd_post \ 37 + --user "admin:${PDS_ADMIN_PASSWORD}" \ 38 + --data '{"useCount": 1}' \ 39 + "https://${PDS_HOSTNAME}/xrpc/com.atproto.server.createInviteCode" | jq --raw-output '.code' 40 + )" 41 + RESULT="$(curl_cmd_post_nofail \ 42 + --data "{\"email\":\"${USERNAME}@${PDS_HOSTNAME}\", \"handle\":\"${USERNAME}.${PDS_HOSTNAME}\", \"password\":\"${PASSWORD}\", \"inviteCode\":\"${INVITE_CODE}\"}" \ 43 + "https://${PDS_HOSTNAME}/xrpc/com.atproto.server.createAccount" 44 + )" 45 + 46 + DID="$(echo $RESULT | jq --raw-output '.did')" 47 + if [[ "${DID}" != did:* ]]; then 48 + ERR="$(echo ${RESULT} | jq --raw-output '.message')" 49 + echo "ERROR: ${ERR}" >/dev/stderr 50 + echo "Usage: $0 <EMAIL> <HANDLE>" >/dev/stderr 51 + exit 1 52 + fi 53 + 54 + echo 55 + echo "Account created successfully!" 56 + echo "-----------------------------" 57 + echo "Handle : ${USERNAME}.${PDS_HOSTNAME}" 58 + echo "DID : ${DID}" 59 + echo "Password : ${PASSWORD}" 60 + echo "-----------------------------" 61 + echo "This is a test account with an insecure password." 62 + echo "Make sure it's only used for development." 63 + echo

History

11 rounds 1 comment
sign up or login to add to the discussion
boltless.me submitted #10
diff interdiff
1 commit
expand
006a6526
local-infra: local, sandboxed atmosphere infra
3/3 success
expand
build.yml
fmt.yml
test.yml
expand 0 comments
closed without merging
boltless.me submitted #9
diff interdiff
1 commit
expand
4e54aab7
local-infra: local, sandboxed atmosphere infra
3/3 success
expand
build.yml
fmt.yml
test.yml
expand 0 comments
boltless.me submitted #8
diff interdiff
1 commit
expand
f6bb1c75
local-infra: local, sandboxed atmosphere infra
1/3 failed, 2/3 timeout
expand
build.yml
fmt.yml
test.yml
expand 0 comments
boltless.me submitted #7
diff interdiff
1 commit
expand
3e247994
local-infra: local, sandboxed atmosphere infra
3/3 success
expand
build.yml
fmt.yml
test.yml
expand 0 comments
boltless.me submitted #6
diff interdiff
1 commit
expand
ce6180b3
local-infra: local, sandboxed atmosphere infra
3/3 success
expand
build.yml
fmt.yml
test.yml
expand 0 comments
boltless.me submitted #5
diff interdiff
1 commit
expand
74f37a3d
local-infra: local, sandboxed atmosphere infra
3/3 success
expand
build.yml
fmt.yml
test.yml
expand 0 comments
boltless.me submitted #4
diff interdiff
1 commit
expand
0682aaff
local-infra: local, sandboxed atmosphere infra
3/3 success
expand
build.yml
fmt.yml
test.yml
expand 0 comments
boltless.me submitted #3
diff interdiff
1 commit
expand
916ad126
local-infra: local, sandboxed atmosphere infra
expand 0 comments
boltless.me submitted #2
diff interdiff
1 commit
expand
6b2f47b6
local-infra: local, sandboxed atmosphere infra
expand 0 comments
boltless.me submitted #1
diff interdiff
1 commit
expand
887e9aa9
local-infra: local, sandboxed atmosphere infra
expand 0 comments
boltless.me submitted #0
1 commit
expand
490f3e7c
local-infra: local, sandboxed atmosphere infra
expand 1 comment
boltless.me

this is draft PR that needs more work, I'm not sure if we are ok with docker-compose or should we package everything into nixos-vm. #683 is fine to merge though.