3 Commits

Author SHA1 Message Date
Valentin Lab 1816b2f32c fix: [monujo] allow installation of version 1.0.0 4 days ago
Valentin Lab 413dfa378a new: [bluesky] add verify email capability through smtp relation 1 week ago
Valentin Lab acc2b7c9d7 new: [bluesky] new charm 1 week ago
  1. 114
      bluesky/actions/new-invite
  2. 7
      bluesky/hooks/init
  3. 61
      bluesky/hooks/smtp_server-relation-joined
  4. 12
      bluesky/hooks/web_proxy-relation-joined
  5. 67
      bluesky/lib/common
  6. 38
      bluesky/metadata.yml
  7. 11
      monujo/lib/common

114
bluesky/actions/new-invite

@ -0,0 +1,114 @@
#!/bin/bash
## compose: no-hooks
if [ -z "$SERVICE_DATASTORE" ]; then
echo "This script is meant to be run through 'compose' to work properly." >&2
exit 1
fi
. $CHARM_PATH/lib/common
version=0.1
usage="$exname [-h|--help]"
help="
USAGE:
$usage
DESCRIPTION:
Request an invite code.
EXAMPLES:
$exname
"
dbname=
neutralize=
while [ "$1" ]; do
case "$1" in
"--help"|"-h")
print_help >&2
exit 0
;;
--*|-*)
err "Unexpected optional argument '$1'"
print_usage >&2
exit 1
;;
*)
err "Unexpected positional argument '$1'"
print_usage >&2
exit 1
;;
esac
shift
done
set -e
. "$PDS_ENV_FILE"
curl_opts=()
service_def=$(get_compose_service_def "$SERVICE_NAME")
containers="$(get_running_containers_for_service "$SERVICE_NAME")"
if [ -z "$containers" ]; then
err "No containers running for service $DARKYELLOW$SERVICE_NAME$NORMAL."
exit 1
fi
if [ "$(echo "$containers" | wc -l)" -gt 1 ]; then
err "More than 1 container running for service $DARKYELLOW$SERVICE_NAME$NORMAL."
echo " Please contact administrator to fix this issue." >&2
exit 1
fi
container="$(echo "$containers" | head -n 1)"
container_network_ip=$(get_healthy_container_ip_for_service "$SERVICE_NAME" 3000 4) || {
err "Please ensure that $DARKYELLOW$service$NORMAL is running before using '$exname'."
exit 1
}
container_ip=${container_network_ip##*:}
container_network=${container_network_ip%%:*}
DEFAULT_CURL_IMAGE=${DEFAULT_CURL_IMAGE:-docker.0k.io/curl}
cmd=(
docker run -i --rm --network "$container_network"
"$DEFAULT_CURL_IMAGE"
--fail \
--silent \
--show-error \
--request POST \
--user "admin:${PDS_ADMIN_PASSWORD}" \
--header "Content-Type: application/json" \
--data '{"useCount": 1}' \
"http://${container_ip}:3000/xrpc/com.atproto.server.createInviteCode"
)
## XXXvlab: contains password, left only for advanced debug
#echo "COMMAND: ${cmd[@]}" >&2
if ! out=$("${cmd[@]}"); then
err "Failed to request an invite code."
echo " $out" | prefix " $GRAY|$NORMAL " >&2
exit 1
fi
e "$out" | jq -r '.code' || {
err "Failed to parse invite code from response."
echo " $out" | prefix " $GRAY|$NORMAL " >&2
exit 1
}

7
bluesky/hooks/init

@ -0,0 +1,7 @@
#!/bin/bash
. lib/common
set -e
bluesky:init

61
bluesky/hooks/smtp_server-relation-joined

@ -0,0 +1,61 @@
#!/bin/bash
set -e
host=$(relation-get host)
port=$(relation-get port)
connection_security=$(relation-get connection-security)
auth_method=$(relation-get auth-method)
opts=()
declare -A ENV
case "$connection_security" in
"none")
url+="smtp://"
opts+=(
"ignoreTLS=true"
"secure=false"
)
;;
"ssl/tls")
url+="smtps://"
;;
*)
error "Unsupported connection security: $connection_security"
exit 1
;;
esac
case "$auth_method" in
"none")
:
;;
"password")
login=$(relation-get login) || true
password=$(relation-get password) || true
url+="$login:$password@"
;;
*)
error "Unsupported auth method: $auth_method"
exit 1
;;
esac
url+="$host:$port/"
first=1
for opt in "${opts[@]}"; do
if [ $first -eq 1 ]; then
url+="?"
first=0
else
url+="&"
fi
url+="$opt"
done
config-add "\
services:
$MASTER_BASE_SERVICE_NAME:
environment:
PDS_EMAIL_SMTP_URL: \"$url\"
"

12
bluesky/hooks/web_proxy-relation-joined

@ -0,0 +1,12 @@
#!/bin/bash
set -e
DOMAIN=$(relation-get domain) || exit 1
config-add "\
services:
$MASTER_BASE_SERVICE_NAME:
environment:
PDS_HOSTNAME: $DOMAIN
"

67
bluesky/lib/common

@ -0,0 +1,67 @@
# -*- mode: shell-script -*-
PDS_LOCAL_DATADIR=/var/lib/bluesky
PDS_DATADIR="$SERVICE_DATASTORE$PDS_LOCAL_DATADIR"
PDS_ENV_FILE="$PDS_DATADIR/.env"
bluesky:init() {
local admin_password
init-config-add "
$SERVICE_NAME:
env_file:
- \"$PDS_ENV_FILE\"
"
[ -e "$PDS_ENV_FILE" ] && return
admin_password=$(password:get admin internal) || {
err "Failed to get admin password" >&2
return 1
}
mkdir -p "${PDS_ENV_FILE%/*}"
if ! plc_key=$(openssl ecparam --name secp256k1 --genkey --noout --outform DER 2>&1); then
err "Failed to generate PLC key" >&2
e "$plc_key" | prefix " $GRAY|$NORMAL " >&2
return 1
fi
if ! plc_key=$(set -o pipefail
echo "$plc_key" |
tail --bytes=+8 |
head --bytes=32 |
xxd --plain --cols 32 2>&1
); then
err "Failed to extract PLC key" >&2
e "$plc_key" | prefix " $GRAY|$NORMAL " >&2
return 1
fi
if ! jwt_secret=$(openssl rand -hex 16); then
err "Failed to generate JWT secret" >&2
e "$jwt_secret" | prefix " $GRAY|$NORMAL " >&2
return 1
fi
cat > "$PDS_ENV_FILE" <<EOF
PDS_JWT_SECRET=${jwt_secret}
PDS_ADMIN_PASSWORD=${admin_password}
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=${plc_key}
PDS_DATA_DIRECTORY=${PDS_LOCAL_DATADIR}
PDS_BLOBSTORE_DISK_LOCATION=${PDS_LOCAL_DATADIR}/blocks
PDS_BLOB_UPLOAD_LIMIT=52428800
PDS_DID_PLC_URL=https://plc.directory
PDS_BSKY_APP_VIEW_URL=https://api.bsky.app
PDS_BSKY_APP_VIEW_DID=did:web:api.bsky.app
PDS_REPORT_SERVICE_URL=https://mod.bsky.app
PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac
PDS_CRAWLERS=https://bsky.network
LOG_ENABLED=true
EOF
}

38
bluesky/metadata.yml

@ -0,0 +1,38 @@
docker-image: docker.0k.io/bluesky:0.4.67 ## from: ghcr.io/bluesky-social/pds:0.4.67
data-resources:
- /var/lib/bluesky
docker-compose:
environment:
PDS_EMAIL_FROM_ADDRESS: "no-reply@no-domain.org"
default-options:
uses:
web-proxy:
#constraint: required | recommended | optional
#auto: pair | summon | none ## default: pair
constraint: recommended
auto: pair
solves:
proxy: "Public access"
default-options:
target: !var-expand ${MASTER_BASE_SERVICE_NAME}:3000
backup:
constraint: recommended
auto: pair
solves:
backup: "Automatic regular backup"
default-options:
## First pattern matching wins, no pattern matching includes.
## include-patterns are checked first, then exclude-patterns
## Patterns rules:
## - ending / for directory
## - '*' authorized
## - must start with a '/', will start from $SERVICE_DATASTORE
#exclude-patterns:
# - "/var/lib/odoo/sessions/"
smtp-server:
constraint: optional
auto: pair
solves:
mail: "verify email"

11
monujo/lib/common

@ -5,7 +5,7 @@ SOURCE_URL="https://docker.0k.io/downloads"
LOCATION="$SERVICE_CONFIGSTORE/opt/apps/$APP_NAME" LOCATION="$SERVICE_CONFIGSTORE/opt/apps/$APP_NAME"
CONFIGFILE="$LOCATION/config.json" CONFIGFILE="$LOCATION/config.json"
version_gt() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; }
version_gt() { test "$(printf '%s\n' "$@" | xargs semver | head -n 1)" != "$1"; }
monujo:get_source_url() { monujo:get_source_url() {
@ -35,11 +35,14 @@ monujo:code_init() {
fi fi
fi fi
if [ -d "$LOCATION" ]; then if [ -d "$LOCATION" ]; then
find "$LOCATION" -mindepth 1 -delete
find "$LOCATION" -mindepth 1 -delete || return 1
else else
mkdir -p "$LOCATION"
mkdir -p "$LOCATION" || return 1
fi fi
cd "$LOCATION"
cd "$LOCATION" || {
err "Couldn't cd to '$LOCATION'."
return 1
}
source_url="$(monujo:get_source_url "$APP_NAME" "$version")" source_url="$(monujo:get_source_url "$APP_NAME" "$version")"
info "Downloading '$source_url'." info "Downloading '$source_url'."
wget -q "$source_url" -O file.tar.bz2 || { wget -q "$source_url" -O file.tar.bz2 || {

Loading…
Cancel
Save