lewis.moe / bspds-sandbox
this repo has no description
fork atom
bspds-sandbox / docs / install-debian.md
at fcaf28f9df066ce320a397190ff2e9f7ef4097d3 6.3 kB view raw view rendered
1# BSPDS Production Installation on Debian 2 3> **Warning**: These instructions are untested and theoretical, written from the top of Lewis' head. They may contain errors or omissions. This warning will be removed once the guide has been verified. 4 5This guide covers installing BSPDS on Debian 13 "Trixie" (current stable as of December 2025). 6 7## Choose Your Installation Method 8 9| Method | Best For | 10|--------|----------| 11| **Native (this guide)** | Maximum performance, full control, simpler debugging | 12| **[Containerized](install-containers.md)** | Easier updates, isolation, reproducible deployments | 13| **[Kubernetes](install-kubernetes.md)** | Multi-node, high availability, auto-scaling | 14 15This guide covers native installation. For containerized deployment with podman and systemd quadlets, see the [container guide](install-containers.md). 16 17--- 18 19## Prerequisites 20 21- A VPS with at least 2GB RAM and 20GB disk 22- A domain name pointing to your server's IP 23- Root or sudo access 24 25## 1. System Setup 26 27```bash 28apt update && apt upgrade -y 29apt install -y curl git build-essential pkg-config libssl-dev 30``` 31 32## 2. Install Rust 33 34```bash 35curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y 36source ~/.cargo/env 37rustup default stable 38``` 39 40This installs the latest stable Rust (1.92+ as of December 2025). 41 42## 3. Install postgres 43 44Debian 13 includes PostgreSQL 17: 45 46```bash 47apt install -y postgresql postgresql-contrib 48 49systemctl enable postgresql 50systemctl start postgresql 51 52sudo -u postgres psql -c "CREATE USER bspds WITH PASSWORD 'your-secure-password';" 53sudo -u postgres psql -c "CREATE DATABASE pds OWNER bspds;" 54sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE pds TO bspds;" 55``` 56 57## 4. Install minio 58 59```bash 60curl -O https://dl.min.io/server/minio/release/linux-amd64/minio 61chmod +x minio 62mv minio /usr/local/bin/ 63 64mkdir -p /var/lib/minio/data 65useradd -r -s /sbin/nologin minio-user 66chown -R minio-user:minio-user /var/lib/minio 67 68cat > /etc/default/minio << 'EOF' 69MINIO_ROOT_USER=minioadmin 70MINIO_ROOT_PASSWORD=your-minio-password 71MINIO_VOLUMES="/var/lib/minio/data" 72MINIO_OPTS="--console-address :9001" 73EOF 74 75cat > /etc/systemd/system/minio.service << 'EOF' 76[Unit] 77Description=MinIO Object Storage 78After=network.target 79 80[Service] 81User=minio-user 82Group=minio-user 83EnvironmentFile=/etc/default/minio 84ExecStart=/usr/local/bin/minio server $MINIO_VOLUMES $MINIO_OPTS 85Restart=always 86LimitNOFILE=65536 87 88[Install] 89WantedBy=multi-user.target 90EOF 91 92systemctl daemon-reload 93systemctl enable minio 94systemctl start minio 95``` 96 97Create the blob bucket (wait a few seconds for minio to start): 98 99```bash 100curl -O https://dl.min.io/client/mc/release/linux-amd64/mc 101chmod +x mc 102mv mc /usr/local/bin/ 103 104mc alias set local http://localhost:9000 minioadmin your-minio-password 105mc mb local/pds-blobs 106``` 107 108## 5. Install valkey 109 110Debian 13 includes Valkey 8: 111 112```bash 113apt install -y valkey 114 115systemctl enable valkey-server 116systemctl start valkey-server 117``` 118 119## 6. Install deno (for frontend build) 120 121```bash 122curl -fsSL https://deno.land/install.sh | sh 123export PATH="$HOME/.deno/bin:$PATH" 124echo 'export PATH="$HOME/.deno/bin:$PATH"' >> ~/.bashrc 125``` 126 127## 7. Clone and Build BSPDS 128 129```bash 130cd /opt 131git clone https://tangled.org/lewis.moe/bspds.git 132cd bspds 133 134cd frontend 135deno task build 136cd .. 137 138cargo build --release 139``` 140 141## 8. Install sqlx-cli and Run Migrations 142 143```bash 144cargo install sqlx-cli --no-default-features --features postgres 145 146export DATABASE_URL="postgres://bspds:your-secure-password@localhost:5432/pds" 147sqlx migrate run 148``` 149 150## 9. Configure BSPDS 151 152```bash 153mkdir -p /etc/bspds 154cp /opt/bspds/.env.example /etc/bspds/bspds.env 155chmod 600 /etc/bspds/bspds.env 156``` 157 158Edit `/etc/bspds/bspds.env` and fill in your values. Generate secrets with: 159 160```bash 161openssl rand -base64 48 162``` 163 164## 10. Create Systemd Service 165 166```bash 167useradd -r -s /sbin/nologin bspds 168 169cp /opt/bspds/target/release/bspds /usr/local/bin/ 170mkdir -p /var/lib/bspds 171cp -r /opt/bspds/frontend/dist /var/lib/bspds/frontend 172chown -R bspds:bspds /var/lib/bspds 173 174cat > /etc/systemd/system/bspds.service << 'EOF' 175[Unit] 176Description=BSPDS - AT Protocol PDS 177After=network.target postgresql.service minio.service 178 179[Service] 180Type=simple 181User=bspds 182Group=bspds 183EnvironmentFile=/etc/bspds/bspds.env 184Environment=FRONTEND_DIR=/var/lib/bspds/frontend 185ExecStart=/usr/local/bin/bspds 186Restart=always 187RestartSec=5 188 189[Install] 190WantedBy=multi-user.target 191EOF 192 193systemctl daemon-reload 194systemctl enable bspds 195systemctl start bspds 196``` 197 198## 11. Install and Configure nginx 199 200Debian 13 includes nginx 1.26: 201 202```bash 203apt install -y nginx certbot python3-certbot-nginx 204 205cat > /etc/nginx/sites-available/bspds << 'EOF' 206server { 207 listen 80; 208 listen [::]:80; 209 server_name pds.example.com; 210 211 location / { 212 proxy_pass http://127.0.0.1:3000; 213 proxy_http_version 1.1; 214 proxy_set_header Upgrade $http_upgrade; 215 proxy_set_header Connection "upgrade"; 216 proxy_set_header Host $host; 217 proxy_set_header X-Real-IP $remote_addr; 218 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 219 proxy_set_header X-Forwarded-Proto $scheme; 220 proxy_read_timeout 86400; 221 } 222} 223EOF 224 225ln -s /etc/nginx/sites-available/bspds /etc/nginx/sites-enabled/ 226rm -f /etc/nginx/sites-enabled/default 227nginx -t 228systemctl reload nginx 229``` 230 231## 12. Obtain SSL Certificate 232 233```bash 234certbot --nginx -d pds.example.com 235``` 236 237Certbot automatically configures nginx for HTTP/2 and sets up auto-renewal. 238 239## 13. Configure Firewall 240 241```bash 242apt install -y ufw 243ufw allow ssh 244ufw allow 80/tcp 245ufw allow 443/tcp 246ufw enable 247``` 248 249## 14. Verify Installation 250 251```bash 252systemctl status bspds 253curl -s https://pds.example.com/xrpc/_health | jq 254curl -s https://pds.example.com/.well-known/atproto-did 255``` 256 257## Maintenance 258 259View logs: 260```bash 261journalctl -u bspds -f 262``` 263 264Update BSPDS: 265```bash 266cd /opt/bspds 267git pull 268cd frontend && deno task build && cd .. 269cargo build --release 270systemctl stop bspds 271cp target/release/bspds /usr/local/bin/ 272cp -r frontend/dist /var/lib/bspds/frontend 273DATABASE_URL="postgres://bspds:your-secure-password@localhost:5432/pds" sqlx migrate run 274systemctl start bspds 275``` 276 277Backup database: 278```bash 279sudo -u postgres pg_dump pds > /var/backups/pds-$(date +%Y%m%d).sql 280```