lewis.moe / bspds-sandbox
this repo has no description
fork atom
bspds-sandbox / docs / install-alpine.md
at 6f959c6c1b6e9ee99e7f6e49c3fc78a4affe0491 7.0 kB view raw view rendered
1# BSPDS Production Installation on Alpine Linux 2> **Warning**: These instructions are untested and theoretical, written from the top of Lewis' head. They may contain errors or omissions. This warning will be removed once the guide has been verified. 3This guide covers installing BSPDS on Alpine Linux 3.23 (current stable as of December 2025). 4## Choose Your Installation Method 5| Method | Best For | 6|--------|----------| 7| **Native (this guide)** | Maximum performance, minimal footprint, full control | 8| **[Containerized](install-containers.md)** | Easier updates, isolation, reproducible deployments | 9| **[Kubernetes](install-kubernetes.md)** | Multi-node, high availability, auto-scaling | 10This guide covers native installation. For containerized deployment with podman and systemd quadlets, see the [container guide](install-containers.md). 11--- 12## Prerequisites 13- A VPS with at least 2GB RAM and 20GB disk 14- A domain name pointing to your server's IP 15- Root access 16## 1. System Setup 17```sh 18apk update && apk upgrade 19apk add curl git build-base openssl-dev pkgconf 20``` 21## 2. Install Rust 22```sh 23apk add rustup 24rustup-init -y 25source ~/.cargo/env 26rustup default stable 27``` 28This installs the latest stable Rust (1.92+ as of December 2025). Alpine 3.23 also ships Rust 1.91 via `apk add rust cargo` if you prefer system packages. 29## 3. Install postgres 30Alpine 3.23 includes PostgreSQL 18: 31```sh 32apk add postgresql postgresql-contrib 33rc-update add postgresql 34/etc/init.d/postgresql setup 35rc-service postgresql start 36psql -U postgres -c "CREATE USER bspds WITH PASSWORD 'your-secure-password';" 37psql -U postgres -c "CREATE DATABASE pds OWNER bspds;" 38psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE pds TO bspds;" 39``` 40## 4. Install minio 41```sh 42curl -O https://dl.min.io/server/minio/release/linux-amd64/minio 43chmod +x minio 44mv minio /usr/local/bin/ 45mkdir -p /var/lib/minio/data 46adduser -D -H -s /sbin/nologin minio-user 47chown -R minio-user:minio-user /var/lib/minio 48cat > /etc/conf.d/minio << 'EOF' 49MINIO_ROOT_USER="minioadmin" 50MINIO_ROOT_PASSWORD="your-minio-password" 51MINIO_VOLUMES="/var/lib/minio/data" 52MINIO_OPTS="--console-address :9001" 53EOF 54cat > /etc/init.d/minio << 'EOF' 55#!/sbin/openrc-run 56name="minio" 57description="MinIO Object Storage" 58command="/usr/local/bin/minio" 59command_args="server ${MINIO_VOLUMES} ${MINIO_OPTS}" 60command_user="minio-user" 61command_background=true 62pidfile="/run/${RC_SVCNAME}.pid" 63output_log="/var/log/minio.log" 64error_log="/var/log/minio.log" 65depend() { 66 need net 67} 68start_pre() { 69 . /etc/conf.d/minio 70 export MINIO_ROOT_USER MINIO_ROOT_PASSWORD 71} 72EOF 73chmod +x /etc/init.d/minio 74rc-update add minio 75rc-service minio start 76``` 77Create the blob bucket (wait a few seconds for minio to start): 78```sh 79curl -O https://dl.min.io/client/mc/release/linux-amd64/mc 80chmod +x mc 81mv mc /usr/local/bin/ 82mc alias set local http://localhost:9000 minioadmin your-minio-password 83mc mb local/pds-blobs 84``` 85## 5. Install valkey 86Alpine 3.23 includes Valkey 9: 87```sh 88apk add valkey 89rc-update add valkey 90rc-service valkey start 91``` 92## 6. Install deno (for frontend build) 93```sh 94curl -fsSL https://deno.land/install.sh | sh 95export PATH="$HOME/.deno/bin:$PATH" 96echo 'export PATH="$HOME/.deno/bin:$PATH"' >> ~/.profile 97``` 98## 7. Clone and Build BSPDS 99```sh 100mkdir -p /opt && cd /opt 101git clone https://tangled.org/lewis.moe/bspds-sandbox bspds 102cd bspds 103cd frontend 104deno task build 105cd .. 106cargo build --release 107``` 108## 8. Install sqlx-cli and Run Migrations 109```sh 110cargo install sqlx-cli --no-default-features --features postgres 111export DATABASE_URL="postgres://bspds:your-secure-password@localhost:5432/pds" 112sqlx migrate run 113``` 114## 9. Configure BSPDS 115```sh 116mkdir -p /etc/bspds 117cp /opt/bspds/.env.example /etc/bspds/bspds.env 118chmod 600 /etc/bspds/bspds.env 119``` 120Edit `/etc/bspds/bspds.env` and fill in your values. Generate secrets with: 121```sh 122openssl rand -base64 48 123``` 124## 10. Create OpenRC Service 125```sh 126adduser -D -H -s /sbin/nologin bspds 127cp /opt/bspds/target/release/bspds /usr/local/bin/ 128mkdir -p /var/lib/bspds 129cp -r /opt/bspds/frontend/dist /var/lib/bspds/frontend 130chown -R bspds:bspds /var/lib/bspds 131cat > /etc/init.d/bspds << 'EOF' 132#!/sbin/openrc-run 133name="bspds" 134description="BSPDS - AT Protocol PDS" 135command="/usr/local/bin/bspds" 136command_user="bspds" 137command_background=true 138pidfile="/run/${RC_SVCNAME}.pid" 139output_log="/var/log/bspds.log" 140error_log="/var/log/bspds.log" 141depend() { 142 need net postgresql minio 143} 144start_pre() { 145 export FRONTEND_DIR=/var/lib/bspds/frontend 146 . /etc/bspds/bspds.env 147 export SERVER_HOST SERVER_PORT PDS_HOSTNAME DATABASE_URL 148 export S3_ENDPOINT AWS_REGION S3_BUCKET AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY 149 export VALKEY_URL JWT_SECRET DPOP_SECRET MASTER_KEY APPVIEW_URL CRAWLERS 150} 151EOF 152chmod +x /etc/init.d/bspds 153rc-update add bspds 154rc-service bspds start 155``` 156## 11. Install and Configure nginx 157Alpine 3.23 includes nginx 1.28: 158```sh 159apk add nginx certbot certbot-nginx 160cat > /etc/nginx/http.d/bspds.conf << 'EOF' 161server { 162 listen 80; 163 listen [::]:80; 164 server_name pds.example.com; 165 location / { 166 proxy_pass http://127.0.0.1:3000; 167 proxy_http_version 1.1; 168 proxy_set_header Upgrade $http_upgrade; 169 proxy_set_header Connection "upgrade"; 170 proxy_set_header Host $host; 171 proxy_set_header X-Real-IP $remote_addr; 172 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 173 proxy_set_header X-Forwarded-Proto $scheme; 174 proxy_read_timeout 86400; 175 } 176} 177EOF 178rc-update add nginx 179rc-service nginx start 180``` 181## 12. Obtain SSL Certificate 182```sh 183certbot --nginx -d pds.example.com 184``` 185Set up auto-renewal: 186```sh 187echo "0 0 * * * certbot renew --quiet" | crontab - 188``` 189## 13. Configure Firewall 190```sh 191apk add iptables ip6tables 192iptables -A INPUT -p tcp --dport 22 -j ACCEPT 193iptables -A INPUT -p tcp --dport 80 -j ACCEPT 194iptables -A INPUT -p tcp --dport 443 -j ACCEPT 195iptables -A INPUT -i lo -j ACCEPT 196iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 197iptables -P INPUT DROP 198ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT 199ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT 200ip6tables -A INPUT -p tcp --dport 443 -j ACCEPT 201ip6tables -A INPUT -i lo -j ACCEPT 202ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 203ip6tables -P INPUT DROP 204rc-update add iptables 205rc-update add ip6tables 206/etc/init.d/iptables save 207/etc/init.d/ip6tables save 208``` 209## 14. Verify Installation 210```sh 211rc-service bspds status 212curl -s https://pds.example.com/xrpc/_health 213curl -s https://pds.example.com/.well-known/atproto-did 214``` 215## Maintenance 216View logs: 217```sh 218tail -f /var/log/bspds.log 219``` 220Update BSPDS: 221```sh 222cd /opt/bspds 223git pull 224cd frontend && deno task build && cd .. 225cargo build --release 226rc-service bspds stop 227cp target/release/bspds /usr/local/bin/ 228cp -r frontend/dist /var/lib/bspds/frontend 229DATABASE_URL="postgres://bspds:your-secure-password@localhost:5432/pds" sqlx migrate run 230rc-service bspds start 231``` 232Backup database: 233```sh 234pg_dump -U postgres pds > /var/backups/pds-$(date +%Y%m%d).sql 235```