patch of local-infra: local, sandboxed atmosphere infra · round #0 · pull #684 · tangled.org/core

+54

local-infra/Caddyfile

···

       1
       1
       +
       {

     

       2
       2
       +
       	storage file_system /data/

     

       3
       3
       +
       	debug

     

       4
       4
       +
       	pki {

     

       5
       5
       +
       		ca localtangled {

     

       6
       6
       +
       			name "LocalTangledCA"

     

       7
       7
       +
       		}

     

       8
       8
       +
       	}

     

       9
       9
       +
       }

     

       10
       10
       +
       

     

       11
       11
       +
       plc.tngl.boltless.dev {

     

       12
       12
       +
       	tls {

     

       13
       13
       +
       		issuer internal {

     

       14
       14
       +
       			ca localtangled

     

       15
       15
       +
       		}

     

       16
       16
       +
       	}

     

       17
       17
       +
       	reverse_proxy http://plc:8080

     

       18
       18
       +
       }

     

       19
       19
       +
       

     

       20
       20
       +
       *.pds.tngl.boltless.dev, pds.tngl.boltless.dev {

     

       21
       21
       +
       	tls {

     

       22
       22
       +
       		issuer internal {

     

       23
       23
       +
       			ca localtangled

     

       24
       24
       +
       		}

     

       25
       25
       +
       	}

     

       26
       26
       +
       	reverse_proxy http://pds:3000

     

       27
       27
       +
       }

     

       28
       28
       +
       

     

       29
       29
       +
       jetstream.tngl.boltless.dev {

     

       30
       30
       +
       	tls {

     

       31
       31
       +
       		issuer internal {

     

       32
       32
       +
       			ca localtangled

     

       33
       33
       +
       		}

     

       34
       34
       +
       	}

     

       35
       35
       +
       	reverse_proxy http://jetstream:6008

     

       36
       36
       +
       }

     

       37
       37
       +
       

     

       38
       38
       +
       knot.tngl.boltless.dev {

     

       39
       39
       +
       	tls {

     

       40
       40
       +
       		issuer internal {

     

       41
       41
       +
       			ca localtangled

     

       42
       42
       +
       		}

     

       43
       43
       +
       	}

     

       44
       44
       +
       	reverse_proxy http://localhost:6000

     

       45
       45
       +
       }

     

       46
       46
       +
       

     

       47
       47
       +
       spindle.tngl.boltless.dev {

     

       48
       48
       +
       	tls {

     

       49
       49
       +
       		issuer internal {

     

       50
       50
       +
       			ca localtangled

     

       51
       51
       +
       		}

     

       52
       52
       +
       	}

     

       53
       53
       +
       	reverse_proxy http://localhost:6555

     

       54
       54
       +
       }

+78

local-infra/docker-compose.yml

···

       1
       1
       +
       name: tangled-local-infra

     

       2
       2
       +
       services:

     

       3
       3
       +
         caddy:

     

       4
       4
       +
           container_name: caddy

     

       5
       5
       +
           image: caddy:2

     

       6
       6
       +
           depends_on:

     

       7
       7
       +
             - pds

     

       8
       8
       +
           restart: unless-stopped

     

       9
       9
       +
           cap_add:

     

       10
       10
       +
             - NET_ADMIN

     

       11
       11
       +
           ports:

     

       12
       12
       +
             - "80:80"

     

       13
       13
       +
             - "443:443"

     

       14
       14
       +
             - "443:443/udp"

     

       15
       15
       +
           volumes:

     

       16
       16
       +
             - ./Caddyfile:/etc/caddy/Caddyfile

     

       17
       17
       +
             - caddy_data:/data

     

       18
       18
       +
             - caddy_config:/config

     

       19
       19
       +
       

     

       20
       20
       +
         plc:

     

       21
       21
       +
           image: ghcr.io/bluesky-social/did-method-plc:plc-f2ab7516bac5bc0f3f86842fa94e996bd1b3815b

     

       22
       22
       +
           # did-method-plc only provides linux/amd64

     

       23
       23
       +
           platform: linux/amd64

     

       24
       24
       +
           container_name: plc

     

       25
       25
       +
           restart: unless-stopped

     

       26
       26
       +
           ports:

     

       27
       27
       +
             - "4000:8080"

     

       28
       28
       +
           depends_on:

     

       29
       29
       +
             - plc_db

     

       30
       30
       +
           environment:

     

       31
       31
       +
             DEBUG_MODE: 1

     

       32
       32
       +
             LOG_ENABLED: "true"

     

       33
       33
       +
             LOG_LEVEL: "debug"

     

       34
       34
       +
             LOG_DESTINATION: 1

     

       35
       35
       +
             DB_CREDS_JSON: &DB_CREDS_JSON '{"username":"pg","password":"password","host":"plc_db","port":5432}'

     

       36
       36
       +
             DB_MIGRATE_CREDS_JSON: *DB_CREDS_JSON

     

       37
       37
       +
             PLC_VERSION: 0.0.1

     

       38
       38
       +
             PORT: 8080

     

       39
       39
       +
       

     

       40
       40
       +
         plc_db:

     

       41
       41
       +
           image: postgres:14.4-alpine

     

       42
       42
       +
           container_name: plc_db

     

       43
       43
       +
           environment:

     

       44
       44
       +
             - POSTGRES_USER=pg

     

       45
       45
       +
             - POSTGRES_PASSWORD=password

     

       46
       46
       +
             - PGPORT=5432

     

       47
       47
       +
           volumes:

     

       48
       48
       +
             - plc:/var/lib/postgresql/data

     

       49
       49
       +
       

     

       50
       50
       +
         pds:

     

       51
       51
       +
           container_name: pds

     

       52
       52
       +
           image: ghcr.io/bluesky-social/pds:0.4

     

       53
       53
       +
           restart: unless-stopped

     

       54
       54
       +
           ports:

     

       55
       55
       +
             - "4001:3000"

     

       56
       56
       +
           volumes:

     

       57
       57
       +
             - pds:/pds

     

       58
       58
       +
           env_file:

     

       59
       59
       +
             - ./pds.env

     

       60
       60
       +
       

     

       61
       61
       +
         jetstream:

     

       62
       62
       +
           container_name: jetstream

     

       63
       63
       +
           image: ghcr.io/bluesky-social/jetstream:sha-0ab10bd

     

       64
       64
       +
           restart: unless-stopped

     

       65
       65
       +
           volumes:

     

       66
       66
       +
             - jetstream:/data

     

       67
       67
       +
           environment:

     

       68
       68
       +
             - JETSTREAM_DATA_DIR=/data

     

       69
       69
       +
               # livness check interval to restart when no events are received (default: 15sec)

     

       70
       70
       +
             - JETSTREAM_LIVENESS_TTL=300s

     

       71
       71
       +
             - JETSTREAM_WS_URL=ws://pds:3000/xrpc/com.atproto.sync.subscribeRepos

     

       72
       72
       +
       

     

       73
       73
       +
       volumes:

     

       74
       74
       +
         caddy_config:

     

       75
       75
       +
         caddy_data:

     

       76
       76
       +
         plc:

     

       77
       77
       +
         pds:

     

       78
       78
       +
         jetstream:

+17

local-infra/pds.env

···

       1
       1
       +
       PDS_JWT_SECRET=8cae8bffcc73d9932819650791e4e89a

     

       2
       2
       +
       PDS_ADMIN_PASSWORD=d6a902588cd93bee1af83f924f60cfd3

     

       3
       3
       +
       PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=2e92e336a50a618458e1097d94a1db86ec3fd8829d7735020cbae80625c761d7

     

       4
       4
       +
       

     

       5
       5
       +
       LOG_ENABLED=true

     

       6
       6
       +
       

     

       7
       7
       +
       # PDS_BSKY_APP_VIEW_DID=did:web:api.bsky.app

     

       8
       8
       +
       # PDS_BSKY_APP_VIEW_URL=https://api.bsky.app

     

       9
       9
       +
       

     

       10
       10
       +
       PDS_DATA_DIRECTORY=/pds

     

       11
       11
       +
       PDS_BLOBSTORE_DISK_LOCATION=/pds/blocks

     

       12
       12
       +
       

     

       13
       13
       +
       # PDS_DID_PLC_URL=http://plc:8080

     

       14
       14
       +
       PDS_HOSTNAME=pds.tngl.boltless.dev

     

       15
       15
       +
       

     

       16
       16
       +
       # PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac

     

       17
       17
       +
       # PDS_REPORT_SERVICE_URL=https://mod.bsky.app

+14

local-infra/readme.md

···

       1
       1
       +
       run compose

     

       2
       2
       +
       ```

     

       3
       3
       +
       docker compose up -d

     

       4
       4
       +
       ```

     

       5
       5
       +
       

     

       6
       6
       +
       copy the self-signed certificate to host machine

     

       7
       7
       +
       ```

     

       8
       8
       +
       docker cp caddy:/data/pki/authorities/localtangled/root.crt localtangled.crt

     

       9
       9
       +
       ```

     

       10
       10
       +
       

     

       11
       11
       +
       trust the cert (macOS)

     

       12
       12
       +
       ```

     

       13
       13
       +
       sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ./localtangled.crt

     

       14
       14
       +
       ```

+63

local-infra/scripts/create-test-account.sh

···

       1
       1
       +
       #!/bin/bash

     

       2
       2
       +
       set -o errexit

     

       3
       3
       +
       set -o nounset

     

       4
       4
       +
       set -o pipefail

     

       5
       5
       +
       

     

       6
       6
       +
       source "$(dirname "$0")/../pds.env"

     

       7
       7
       +
       

     

       8
       8
       +
       # curl a URL and fail if the request fails.

     

       9
       9
       +
       function curl_cmd_get {

     

       10
       10
       +
         curl --fail --silent --show-error "$@"

     

       11
       11
       +
       }

     

       12
       12
       +
       

     

       13
       13
       +
       # curl a URL and fail if the request fails.

     

       14
       14
       +
       function curl_cmd_post {

     

       15
       15
       +
         curl --fail --silent --show-error --request POST --header "Content-Type: application/json" "$@"

     

       16
       16
       +
       }

     

       17
       17
       +
       

     

       18
       18
       +
       # curl a URL but do not fail if the request fails.

     

       19
       19
       +
       function curl_cmd_post_nofail {

     

       20
       20
       +
         curl --silent --show-error --request POST --header "Content-Type: application/json" "$@"

     

       21
       21
       +
       }

     

       22
       22
       +
       

     

       23
       23
       +
       USERNAME="${1:-}"

     

       24
       24
       +
       

     

       25
       25
       +
       if [[ "${USERNAME}" == "" ]]; then

     

       26
       26
       +
         read -p "Enter a username: " USERNAME

     

       27
       27
       +
       fi

     

       28
       28
       +
       

     

       29
       29
       +
       if [[ "${USERNAME}" == "" ]]; then

     

       30
       30
       +
         echo "ERROR: missing USERNAME parameter." >/dev/stderr

     

       31
       31
       +
         echo "Usage: $0 ${SUBCOMMAND} <USERNAME>" >/dev/stderr

     

       32
       32
       +
         exit 1

     

       33
       33
       +
       fi

     

       34
       34
       +
       

     

       35
       35
       +
       PASSWORD="password"

     

       36
       36
       +
       INVITE_CODE="$(curl_cmd_post \

     

       37
       37
       +
         --user "admin:${PDS_ADMIN_PASSWORD}" \

     

       38
       38
       +
         --data '{"useCount": 1}' \

     

       39
       39
       +
         "https://${PDS_HOSTNAME}/xrpc/com.atproto.server.createInviteCode" | jq --raw-output '.code'

     

       40
       40
       +
       )"

     

       41
       41
       +
       RESULT="$(curl_cmd_post_nofail \

     

       42
       42
       +
         --data "{\"email\":\"${USERNAME}@${PDS_HOSTNAME}\", \"handle\":\"${USERNAME}.${PDS_HOSTNAME}\", \"password\":\"${PASSWORD}\", \"inviteCode\":\"${INVITE_CODE}\"}" \

     

       43
       43
       +
         "https://${PDS_HOSTNAME}/xrpc/com.atproto.server.createAccount"

     

       44
       44
       +
       )"

     

       45
       45
       +
       

     

       46
       46
       +
       DID="$(echo $RESULT | jq --raw-output '.did')"

     

       47
       47
       +
       if [[ "${DID}" != did:* ]]; then

     

       48
       48
       +
         ERR="$(echo ${RESULT} | jq --raw-output '.message')"

     

       49
       49
       +
         echo "ERROR: ${ERR}" >/dev/stderr

     

       50
       50
       +
         echo "Usage: $0 <EMAIL> <HANDLE>" >/dev/stderr

     

       51
       51
       +
         exit 1

     

       52
       52
       +
       fi

     

       53
       53
       +
       

     

       54
       54
       +
       echo

     

       55
       55
       +
       echo "Account created successfully!"

     

       56
       56
       +
       echo "-----------------------------"

     

       57
       57
       +
       echo "Handle   : ${USERNAME}.${PDS_HOSTNAME}"

     

       58
       58
       +
       echo "DID      : ${DID}"

     

       59
       59
       +
       echo "Password : ${PASSWORD}"

     

       60
       60
       +
       echo "-----------------------------"

     

       61
       61
       +
       echo "This is a test account with an insecure password."

     

       62
       62
       +
       echo "Make sure it's only used for development."

     

       63
       63
       +
       echo