docs/install-debian.md at 004315ce0ec897220dacfc2fa711114c957850f8 · lewis.moe/bspds-sandbox

lewis.moe / bspds-sandbox
this repo has no description
bspds-sandbox / docs / install-debian.md
at 004315ce0ec897220dacfc2fa711114c957850f8 6.2 kB view raw view rendered
  1# BSPDS Production Installation on Debian
  2> **Warning**: These instructions are untested and theoretical, written from the top of Lewis' head. They may contain errors or omissions. This warning will be removed once the guide has been verified.
  3This guide covers installing BSPDS on Debian 13 "Trixie" (current stable as of December 2025).
  4## Choose Your Installation Method
  5| Method | Best For |
  6|--------|----------|
  7| **Native (this guide)** | Maximum performance, full control, simpler debugging |
  8| **[Containerized](install-containers.md)** | Easier updates, isolation, reproducible deployments |
  9| **[Kubernetes](install-kubernetes.md)** | Multi-node, high availability, auto-scaling |
 10This guide covers native installation. For containerized deployment with podman and systemd quadlets, see the [container guide](install-containers.md).
 11---
 12## Prerequisites
 13- A VPS with at least 2GB RAM and 20GB disk
 14- A domain name pointing to your server's IP
 15- Root or sudo access
 16## 1. System Setup
 17```bash
 18apt update && apt upgrade -y
 19apt install -y curl git build-essential pkg-config libssl-dev
 20```
 21## 2. Install Rust
 22```bash
 23curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
 24source ~/.cargo/env
 25rustup default stable
 26```
 27This installs the latest stable Rust (1.92+ as of December 2025).
 28## 3. Install postgres
 29Debian 13 includes PostgreSQL 17:
 30```bash
 31apt install -y postgresql postgresql-contrib
 32systemctl enable postgresql
 33systemctl start postgresql
 34sudo -u postgres psql -c "CREATE USER bspds WITH PASSWORD 'your-secure-password';"
 35sudo -u postgres psql -c "CREATE DATABASE pds OWNER bspds;"
 36sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE pds TO bspds;"
 37```
 38## 4. Install minio
 39```bash
 40curl -O https://dl.min.io/server/minio/release/linux-amd64/minio
 41chmod +x minio
 42mv minio /usr/local/bin/
 43mkdir -p /var/lib/minio/data
 44useradd -r -s /sbin/nologin minio-user
 45chown -R minio-user:minio-user /var/lib/minio
 46cat > /etc/default/minio << 'EOF'
 47MINIO_ROOT_USER=minioadmin
 48MINIO_ROOT_PASSWORD=your-minio-password
 49MINIO_VOLUMES="/var/lib/minio/data"
 50MINIO_OPTS="--console-address :9001"
 51EOF
 52cat > /etc/systemd/system/minio.service << 'EOF'
 53[Unit]
 54Description=MinIO Object Storage
 55After=network.target
 56[Service]
 57User=minio-user
 58Group=minio-user
 59EnvironmentFile=/etc/default/minio
 60ExecStart=/usr/local/bin/minio server $MINIO_VOLUMES $MINIO_OPTS
 61Restart=always
 62LimitNOFILE=65536
 63[Install]
 64WantedBy=multi-user.target
 65EOF
 66systemctl daemon-reload
 67systemctl enable minio
 68systemctl start minio
 69```
 70Create the blob bucket (wait a few seconds for minio to start):
 71```bash
 72curl -O https://dl.min.io/client/mc/release/linux-amd64/mc
 73chmod +x mc
 74mv mc /usr/local/bin/
 75mc alias set local http://localhost:9000 minioadmin your-minio-password
 76mc mb local/pds-blobs
 77```
 78## 5. Install valkey
 79Debian 13 includes Valkey 8:
 80```bash
 81apt install -y valkey
 82systemctl enable valkey-server
 83systemctl start valkey-server
 84```
 85## 6. Install deno (for frontend build)
 86```bash
 87curl -fsSL https://deno.land/install.sh | sh
 88export PATH="$HOME/.deno/bin:$PATH"
 89echo 'export PATH="$HOME/.deno/bin:$PATH"' >> ~/.bashrc
 90```
 91## 7. Clone and Build BSPDS
 92```bash
 93cd /opt
 94git clone https://tangled.org/lewis.moe/bspds-sandbox bspds
 95cd bspds
 96cd frontend
 97deno task build
 98cd ..
 99cargo build --release
100```
101## 8. Install sqlx-cli and Run Migrations
102```bash
103cargo install sqlx-cli --no-default-features --features postgres
104export DATABASE_URL="postgres://bspds:your-secure-password@localhost:5432/pds"
105sqlx migrate run
106```
107## 9. Configure BSPDS
108```bash
109mkdir -p /etc/bspds
110cp /opt/bspds/.env.example /etc/bspds/bspds.env
111chmod 600 /etc/bspds/bspds.env
112```
113Edit `/etc/bspds/bspds.env` and fill in your values. Generate secrets with:
114```bash
115openssl rand -base64 48
116```
117## 10. Create Systemd Service
118```bash
119useradd -r -s /sbin/nologin bspds
120cp /opt/bspds/target/release/bspds /usr/local/bin/
121mkdir -p /var/lib/bspds
122cp -r /opt/bspds/frontend/dist /var/lib/bspds/frontend
123chown -R bspds:bspds /var/lib/bspds
124cat > /etc/systemd/system/bspds.service << 'EOF'
125[Unit]
126Description=BSPDS - AT Protocol PDS
127After=network.target postgresql.service minio.service
128[Service]
129Type=simple
130User=bspds
131Group=bspds
132EnvironmentFile=/etc/bspds/bspds.env
133Environment=FRONTEND_DIR=/var/lib/bspds/frontend
134ExecStart=/usr/local/bin/bspds
135Restart=always
136RestartSec=5
137[Install]
138WantedBy=multi-user.target
139EOF
140systemctl daemon-reload
141systemctl enable bspds
142systemctl start bspds
143```
144## 11. Install and Configure nginx
145Debian 13 includes nginx 1.26:
146```bash
147apt install -y nginx certbot python3-certbot-nginx
148cat > /etc/nginx/sites-available/bspds << 'EOF'
149server {
150    listen 80;
151    listen [::]:80;
152    server_name pds.example.com;
153    location / {
154        proxy_pass http://127.0.0.1:3000;
155        proxy_http_version 1.1;
156        proxy_set_header Upgrade $http_upgrade;
157        proxy_set_header Connection "upgrade";
158        proxy_set_header Host $host;
159        proxy_set_header X-Real-IP $remote_addr;
160        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
161        proxy_set_header X-Forwarded-Proto $scheme;
162        proxy_read_timeout 86400;
163    }
164}
165EOF
166ln -s /etc/nginx/sites-available/bspds /etc/nginx/sites-enabled/
167rm -f /etc/nginx/sites-enabled/default
168nginx -t
169systemctl reload nginx
170```
171## 12. Obtain SSL Certificate
172```bash
173certbot --nginx -d pds.example.com
174```
175Certbot automatically configures nginx for HTTP/2 and sets up auto-renewal.
176## 13. Configure Firewall
177```bash
178apt install -y ufw
179ufw allow ssh
180ufw allow 80/tcp
181ufw allow 443/tcp
182ufw enable
183```
184## 14. Verify Installation
185```bash
186systemctl status bspds
187curl -s https://pds.example.com/xrpc/_health | jq
188curl -s https://pds.example.com/.well-known/atproto-did
189```
190## Maintenance
191View logs:
192```bash
193journalctl -u bspds -f
194```
195Update BSPDS:
196```bash
197cd /opt/bspds
198git pull
199cd frontend && deno task build && cd ..
200cargo build --release
201systemctl stop bspds
202cp target/release/bspds /usr/local/bin/
203cp -r frontend/dist /var/lib/bspds/frontend
204DATABASE_URL="postgres://bspds:your-secure-password@localhost:5432/pds" sqlx migrate run
205systemctl start bspds
206```
207Backup database:
208```bash
209sudo -u postgres pg_dump pds > /var/backups/pds-$(date +%Y%m%d).sql
210```