new: [bluesky] new charm

bluesky/actions/create-invite-code

@@ -0,0 +1,114 @@
+#!/bin/bash
+## compose: no-hooks
+
+if [ -z "$SERVICE_DATASTORE" ]; then
+    echo "This script is meant to be run through 'compose' to work properly." >&2
+    exit 1
+fi
+
+
+. $CHARM_PATH/lib/common
+
+
+version=0.1
+usage="$exname [-h|--help]"
+help="
+USAGE:
+
+$usage
+
+DESCRIPTION:
+
+Request an invite code.
+
+EXAMPLES:
+
+  $exname
+
+"
+
+
+dbname=
+neutralize=
+while [ "$1" ]; do
+    case "$1" in
+        "--help"|"-h")
+            print_help >&2
+            exit 0
+            ;;
+        --*|-*)
+            err "Unexpected optional argument '$1'"
+            print_usage >&2
+            exit 1
+            ;;
+        *)
+            err "Unexpected positional argument '$1'"
+            print_usage >&2
+            exit 1
+        ;;
+    esac
+    shift
+done
+
+
+set -e
+
+. "$PDS_ENV_FILE"
+
+
+curl_opts=()
+
+service_def=$(get_compose_service_def "$SERVICE_NAME")
+
+containers="$(get_running_containers_for_service "$SERVICE_NAME")"
+if [ -z "$containers" ]; then
+    err "No containers running for service $DARKYELLOW$SERVICE_NAME$NORMAL."
+    exit 1
+fi
+
+if [ "$(echo "$containers" | wc -l)" -gt 1 ]; then
+    err "More than 1 container running for service $DARKYELLOW$SERVICE_NAME$NORMAL."
+    echo "  Please contact administrator to fix this issue." >&2
+    exit 1
+fi
+
+container="$(echo "$containers" | head -n 1)"
+
+container_network_ip=$(get_healthy_container_ip_for_service "$SERVICE_NAME" 3000 4) || {
+    err "Please ensure that $DARKYELLOW$service$NORMAL is running before using '$exname'."
+    exit 1
+}
+
+container_ip=${container_network_ip##*:}
+container_network=${container_network_ip%%:*}
+
+
+DEFAULT_CURL_IMAGE=${DEFAULT_CURL_IMAGE:-docker.0k.io/curl}
+
+cmd=(
+    docker run -i --rm --network "$container_network"
+        "$DEFAULT_CURL_IMAGE"
+        --fail \
+            --silent \
+            --show-error \
+            --request POST \
+            --user "admin:${PDS_ADMIN_PASSWORD}" \
+            --header "Content-Type: application/json" \
+            --data '{"useCount": 1}' \
+            "http://${container_ip}:3000/xrpc/com.atproto.server.createInviteCode"
+    )
+
+## XXXvlab: contains password, left only for advanced debug
+#echo "COMMAND: ${cmd[@]}" >&2
+
+if ! out=$("${cmd[@]}"); then
+    err "Failed to request an invite code."
+    echo "  $out" | prefix "  $GRAY|$NORMAL " >&2
+    exit 1
+fi
+
+e "$out" | jq -r '.code' || {
+    err "Failed to parse invite code from response."
+    echo "  $out" | prefix "  $GRAY|$NORMAL " >&2
+    exit 1
+}

bluesky/hooks/init

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+. lib/common
+
+set -e
+
+bluesky:init

bluesky/hooks/web_proxy-relation-joined

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -e
+
+DOMAIN=$(relation-get domain) || exit 1
+
+config-add "\
+services:
+  $MASTER_BASE_SERVICE_NAME:
+    environment:
+      PDS_HOSTNAME: $DOMAIN
+"

bluesky/lib/common

@@ -0,0 +1,68 @@
+# -*- mode: shell-script -*-
+
+PDS_LOCAL_DATADIR=/var/lib/bluesky
+PDS_DATADIR="$SERVICE_DATASTORE$PDS_LOCAL_DATADIR"
+PDS_ENV_FILE="$PDS_DATADIR/.env"
+
+
+bluesky:init() {
+    local admin_password
+    init-config-add "
+$SERVICE_NAME:
+  env_file:
+  - \"$PDS_ENV_FILE\"
+"
+
+    [ -e "$PDS_ENV_FILE" ] && return
+
+    admin_password=$(password:get admin internal 2>&1) || {
+        err "Failed to get admin password" >&2
+        e "$admin_password" | prefix "  $GRAY|$NORMAL " >&2
+        return 1
+    }
+    mkdir -p "${PDS_ENV_FILE%/*}"
+
+    if ! plc_key=$(openssl ecparam --name secp256k1 --genkey --noout --outform DER 2>&1); then
+        err "Failed to generate PLC key" >&2
+        e "$plc_key" | prefix "  $GRAY|$NORMAL " >&2
+        return 1
+    fi
+    if ! plc_key=$(set -o pipefail
+        echo "$plc_key" |
+            tail --bytes=+8 |
+            head --bytes=32 |
+            xxd --plain --cols 32 2>&1
+         ); then
+        err "Failed to extract PLC key" >&2
+        e "$plc_key" | prefix "  $GRAY|$NORMAL " >&2
+        return 1
+    fi
+
+    if ! jwt_secret=$(openssl rand -hex 16); then
+        err "Failed to generate JWT secret" >&2
+        e "$jwt_secret" | prefix "  $GRAY|$NORMAL " >&2
+        return 1
+    fi
+
+    cat > "$PDS_ENV_FILE" <<EOF
+PDS_JWT_SECRET=${jwt_secret}
+PDS_ADMIN_PASSWORD=${admin_password}
+PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=${plc_key}
+PDS_DATA_DIRECTORY=${PDS_LOCAL_DATADIR}
+PDS_BLOBSTORE_DISK_LOCATION=${PDS_LOCAL_DATADIR}/blocks
+PDS_BLOB_UPLOAD_LIMIT=52428800
+
+PDS_DID_PLC_URL=https://plc.directory
+
+PDS_BSKY_APP_VIEW_URL=https://api.bsky.app
+PDS_BSKY_APP_VIEW_DID=did:web:api.bsky.app
+
+PDS_REPORT_SERVICE_URL=https://mod.bsky.app
+PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac
+
+PDS_CRAWLERS=https://bsky.network
+
+LOG_ENABLED=true
+EOF
+
+}

bluesky/metadata.yml

@@ -0,0 +1,30 @@
+docker-image: docker.0k.io/bluesky:0.4.67  ## from: ghcr.io/bluesky-social/pds:0.4.67
+data-resources:
+  - /var/lib/bluesky
+
+default-options:
+
+uses:
+  web-proxy:
+    #constraint: required | recommended | optional
+    #auto: pair | summon | none ## default: pair
+    constraint: recommended
+    auto: pair
+    solves:
+      proxy: "Public access"
+    default-options:
+      target: !var-expand ${MASTER_BASE_SERVICE_NAME}:3000
+  backup:
+    constraint: recommended
+    auto: pair
+    solves:
+      backup: "Automatic regular backup"
+    default-options:
+      ## First pattern matching wins, no pattern matching includes.
+      ## include-patterns are checked first, then exclude-patterns
+      ## Patterns rules:
+      ##  - ending / for directory
+      ##  - '*' authorized
+      ##  - must start with a '/', will start from $SERVICE_DATASTORE
+      #exclude-patterns:
+      #  - "/var/lib/odoo/sessions/"