Browse Source

new: [bluesky] new charm

Valentin Lab 2 weeks ago
parent
commit
c560e2bdc3
  1. 98
      bluesky/actions/new-invite
  2. 7
      bluesky/hooks/init
  3. 12
      bluesky/hooks/web_proxy-relation-joined
  4. 67
      bluesky/lib/common
  5. 40
      bluesky/metadata.yml

98
bluesky/actions/new-invite

@ -0,0 +1,98 @@
#!/bin/bash
## compose: no-hooks
if [ -z "$SERVICE_DATASTORE" ]; then
echo "This script is meant to be run through 'compose' to work properly." >&2
exit 1
fi
. $CHARM_PATH/lib/common
version=0.1
usage="$exname [-h|--help]"
help="
USAGE:
$usage
DESCRIPTION:
Request an invite code.
EXAMPLES:
$exname
"
dbname=
neutralize=
while [ "$1" ]; do
case "$1" in
"--help"|"-h")
print_help >&2
exit 0
;;
--*|-*)
err "Unexpected optional argument '$1'"
print_usage >&2
exit 1
;;
*)
err "Unexpected positional argument '$1'"
print_usage >&2
exit 1
;;
esac
shift
done
set -e
. "$PDS_ENV_FILE"
curl_opts=()
container_network_ip=$(get_healthy_container_ip_for_service "$SERVICE_NAME" 3000 4) || {
err "Please ensure that $DARKYELLOW$service$NORMAL is running before using '$exname'."
exit 1
}
container_ip=${container_network_ip##*:}
container_network=${container_network_ip%%:*}
DEFAULT_CURL_IMAGE=${DEFAULT_CURL_IMAGE:-docker.0k.io/curl}
cmd=(
docker run -i --rm --network "$container_network"
"$DEFAULT_CURL_IMAGE"
--fail \
--silent \
--show-error \
--request POST \
--user "admin:${PDS_ADMIN_PASSWORD}" \
--header "Content-Type: application/json" \
--data '{"useCount": 1}' \
"http://${container_ip}:3000/xrpc/com.atproto.server.createInviteCode"
)
## XXXvlab: contains password, left only for advanced debug
#echo "COMMAND: ${cmd[@]}" >&2
if ! out=$("${cmd[@]}"); then
err "Failed to request an invite code."
echo " $out" | prefix " $GRAY|$NORMAL " >&2
exit 1
fi
e "$out" | jq -r '.code' || {
err "Failed to parse invite code from response."
echo " $out" | prefix " $GRAY|$NORMAL " >&2
exit 1
}

7
bluesky/hooks/init

@ -0,0 +1,7 @@
#!/bin/bash
. lib/common
set -e
bluesky:init

12
bluesky/hooks/web_proxy-relation-joined

@ -0,0 +1,12 @@
#!/bin/bash
set -e
DOMAIN=$(relation-get domain) || exit 1
config-add "\
services:
$MASTER_BASE_SERVICE_NAME:
environment:
PDS_HOSTNAME: $DOMAIN
"

67
bluesky/lib/common

@ -0,0 +1,67 @@
# -*- mode: shell-script -*-
PDS_LOCAL_DATADIR=/var/lib/bluesky
PDS_DATADIR="$SERVICE_DATASTORE$PDS_LOCAL_DATADIR"
PDS_ENV_FILE="$PDS_DATADIR/.env"
bluesky:init() {
local admin_password
init-config-add "
$SERVICE_NAME:
env_file:
- \"$PDS_ENV_FILE\"
"
[ -e "$PDS_ENV_FILE" ] && return
admin_password=$(password:get admin internal) || {
err "Failed to get admin password" >&2
return 1
}
mkdir -p "${PDS_ENV_FILE%/*}"
if ! plc_key=$(openssl ecparam --name secp256k1 --genkey --noout --outform DER 2>&1); then
err "Failed to generate PLC key" >&2
e "$plc_key" | prefix " $GRAY|$NORMAL " >&2
return 1
fi
if ! plc_key=$(set -o pipefail
echo "$plc_key" |
tail --bytes=+8 |
head --bytes=32 |
xxd --plain --cols 32 2>&1
); then
err "Failed to extract PLC key" >&2
e "$plc_key" | prefix " $GRAY|$NORMAL " >&2
return 1
fi
if ! jwt_secret=$(openssl rand -hex 16); then
err "Failed to generate JWT secret" >&2
e "$jwt_secret" | prefix " $GRAY|$NORMAL " >&2
return 1
fi
cat > "$PDS_ENV_FILE" <<EOF
PDS_JWT_SECRET=${jwt_secret}
PDS_ADMIN_PASSWORD=${admin_password}
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=${plc_key}
PDS_DATA_DIRECTORY=${PDS_LOCAL_DATADIR}
PDS_BLOBSTORE_DISK_LOCATION=${PDS_LOCAL_DATADIR}/blocks
PDS_BLOB_UPLOAD_LIMIT=52428800
PDS_DID_PLC_URL=https://plc.directory
PDS_BSKY_APP_VIEW_URL=https://api.bsky.app
PDS_BSKY_APP_VIEW_DID=did:web:api.bsky.app
PDS_REPORT_SERVICE_URL=https://mod.bsky.app
PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac
PDS_CRAWLERS=https://bsky.network
LOG_ENABLED=true
EOF
}

40
bluesky/metadata.yml

@ -0,0 +1,40 @@
docker-image: docker.0k.io/bluesky:0.4.67 ## from: ghcr.io/bluesky-social/pds:0.4.67
data-resources:
- /var/lib/bluesky
default-options:
uses:
web-proxy:
#constraint: required | recommended | optional
#auto: pair | summon | none ## default: pair
constraint: recommended
auto: pair
solves:
proxy: "Public access"
default-options:
target: !var-expand ${MASTER_BASE_SERVICE_NAME}:3000
apache-custom-rules:
- !var-expand |
RewriteEngine On
RewriteCond %{HTTP:Upgrade} ^websocket$ [NC]
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteRule /(.*)$ ws://${MASTER_BASE_SERVICE_NAME}:80/\$1 [P,L]
backup:
constraint: recommended
auto: pair
solves:
backup: "Automatic regular backup"
default-options:
## First pattern matching wins, no pattern matching includes.
## include-patterns are checked first, then exclude-patterns
## Patterns rules:
## - ending / for directory
## - '*' authorized
## - must start with a '/', will start from $SERVICE_DATASTORE
#exclude-patterns:
# - "/var/lib/odoo/sessions/"
Loading…
Cancel
Save