coolify_pds_gatekeeper_compose.yaml · by indexx.dev

indexx.dev / coolify_pds_gatekeeper_compose.yaml
Docker compose file for deploying a Bluesky PDS (reference impl: https://github.com/bluesky-social/pds) through Coolify with PDS gatekeeper (source: https://tangled.org/@baileytownsend.dev/pds-gatekeeper/) which adds email 2FA to third-party PDSes
coolify_pds_gatekeeper_compose.yaml edited 4w ago
112 lines 4.6 kB view raw
  1services:
  2  pds:
  3    image: ghcr.io/bluesky-social/pds:0.4
  4    volumes:
  5      - pds-data:/pds
  6    environment:
  7      # Service Configuration
  8      - SERVICE_FQDN_PDS_3000
  9      - PDS_HOSTNAME=${SERVICE_URL_PDS}
 10      - PDS_DATA_DIRECTORY=${PDS_DATA_DIRECTORY:-/pds}
 11      
 12      # Authentication & Security
 13      - PDS_JWT_SECRET=${SERVICE_BASE64_PDS}
 14      - PDS_ADMIN_PASSWORD=${SERVICE_PASSWORD_PDS}
 15      - PDS_ADMIN_EMAIL=${PDS_ADMIN_EMAIL}
 16      - PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=${SERVICE_HEX_32_ROTATIONKEY}
 17      
 18      # Storage Configuration
 19      - PDS_BLOBSTORE_DISK_LOCATION=${PDS_DATA_DIRECTORY:-/pds}/blocks
 20      - PDS_BLOB_UPLOAD_LIMIT=${PDS_BLOB_UPLOAD_LIMIT:-104857600}
 21      
 22      # External Services
 23      - PDS_DID_PLC_URL=${PDS_DID_PLC_URL:-https://plc.directory}
 24      - PDS_BSKY_APP_VIEW_URL=${PDS_BSKY_APP_VIEW_URL:-https://api.pop1.bsky.app}
 25      - PDS_BSKY_APP_VIEW_DID=${PDS_BSKY_APP_VIEW_DID:-did:web:api.bsky.app}
 26      - PDS_REPORT_SERVICE_URL=${PDS_REPORT_SERVICE_URL:-https://mod.bsky.app}
 27      - PDS_REPORT_SERVICE_DID=${PDS_REPORT_SERVICE_DID:-did:plc:ar7c4by46qjdydhdevvrndac}
 28      - PDS_CRAWLERS=${PDS_CRAWLERS:-https://bsky.network}
 29      
 30      # Email Configuration
 31      - PDS_EMAIL_SMTP_URL=${PDS_EMAIL_SMTP_URL}
 32      - PDS_EMAIL_FROM_ADDRESS=${PDS_EMAIL_FROM_ADDRESS}
 33      - PDS_CONTACT_EMAIL_ADDRESS=${PDS_CONTACT_EMAIL_ADDRESS}
 34      
 35      # Logging
 36      - LOG_ENABLED=${LOG_ENABLED:-false}
 37    command: |
 38      sh -c '
 39        set -euo pipefail
 40        
 41        echo "Installing required packages and pdsadmin..."
 42        apk add --no-cache openssl curl bash jq coreutils gnupg util-linux-misc >/dev/null
 43        
 44        echo "Downloading pdsadmin..."
 45        curl -o /usr/local/bin/pdsadmin.sh https://raw.githubusercontent.com/bluesky-social/pds/main/pdsadmin.sh
 46        chmod 700 /usr/local/bin/pdsadmin.sh
 47        ln -sf /usr/local/bin/pdsadmin.sh /usr/local/bin/pdsadmin
 48        
 49        echo "Generating pds.env with all specified Coolify environment variables..."
 50        env | awk -F "=" "
 51          /^(PDS|LOG|SERVICE)_[A-Z0-9_]+/ {
 52            gsub(/\\x27/, \"\\\"\", \$2);
 53            print \$1 \"=\\\"\" \$2 \"\\\"\"
 54          }" > ${PDS_DATA_DIRECTORY}/pds.env
 55        
 56        echo "Launching PDS..."
 57        exec node --enable-source-maps index.js
 58      '
 59    healthcheck:
 60      test: ["CMD", "wget", "--spider", "http://127.0.0.1:3000/xrpc/_health"]
 61      interval: 2s
 62      timeout: 10s
 63      retries: 10
 64
 65  gatekeeper:
 66    container_name: gatekeeper
 67    image: fatfingers23/pds_gatekeeper:latest
 68    restart: unless-stopped
 69    volumes:
 70      - pds-data:/pds
 71    environment:
 72      - PDS_DATA_DIRECTORY=${PDS_DATA_DIRECTORY:-/pds}
 73      - PDS_BASE_URL=http://pds:3000
 74      - GATEKEEPER_HOST=0.0.0.0
 75    depends_on:
 76      pds:
 77        condition: service_healthy
 78    healthcheck:
 79      test:
 80        - CMD
 81        - timeout
 82        - '1'
 83        - bash
 84        - '-c'
 85        - 'cat < /dev/null > /dev/tcp/0.0.0.0/8080'
 86      interval: 10s
 87      timeout: 5s
 88      retries: 3
 89      start_period: 10s
 90    labels:
 91      # Traefik Configuration (ensure you update the Gatekeeper router Host rule to your PDS hostname)
 92      - traefik.enable=true
 93      - traefik.http.routers.pds-gatekeeper.rule=Host(`pds.indexx.dev`) && (Path(`/xrpc/com.atproto.server.getSession`) || Path(`/xrpc/com.atproto.server.updateEmail`) || Path(`/xrpc/com.atproto.server.createSession`) || Path(`/xrpc/com.atproto.server.createAccount`) || Path(`/@atproto/oauth-provider/~api/sign-in`))
 94      - traefik.http.routers.pds-gatekeeper.entrypoints=https
 95      - traefik.http.routers.pds-gatekeeper.tls=true
 96      - traefik.http.routers.pds-gatekeeper.priority=100
 97      - traefik.http.routers.pds-gatekeeper.middlewares=gatekeeper-cors
 98      
 99      # Load Balancer
100      - traefik.http.services.pds-gatekeeper.loadbalancer.server.port=8080
101      - traefik.http.services.pds-gatekeeper.loadbalancer.server.scheme=http
102      
103      # CORS Middleware
104      - traefik.http.middlewares.gatekeeper-cors.headers.accesscontrolallowmethods=GET,POST,PUT,DELETE,OPTIONS,PATCH
105      - traefik.http.middlewares.gatekeeper-cors.headers.accesscontrolallowheaders=*
106      - traefik.http.middlewares.gatekeeper-cors.headers.accesscontrolalloworiginlist=*
107      - traefik.http.middlewares.gatekeeper-cors.headers.accesscontrolmaxage=100
108      - traefik.http.middlewares.gatekeeper-cors.headers.addvaryheader=true
109      - traefik.http.middlewares.gatekeeper-cors.headers.accesscontrolallowcredentials=true
110
111volumes:
112  pds-data: