roost.moe / recipes.blue
The recipes.blue monorepo recipes.blue
recipes appview atproto
fork atom

feat: begin restructuring toolchain

hayden.moe 84d7b7ae c67c4b5f

verified
+556 -30
unified split
+145
config/dev/atproto/compose.cue
···
··· 1 + package recipesblue 2 + 3 + version: "3" 4 + 5 + networks: 6 + atproto: 7 + driver: "bridge" 8 + 9 + #pg: { 10 + name: string 11 + embed: { 12 + volumes: "\(name)-pgdata": {} 13 + 14 + services: "\(name)-pg": { 15 + image: "postgres:16" 16 + ports: ["5432"] 17 + environment: { 18 + "POSTGRES_DB": name 19 + "POSTGRES_USER": name 20 + "POSTGRES_PASSWORD": name 21 + } 22 + networks: ["atproto"] 23 + volumes: [ 24 + "\(name)-pgdata:/var/lib/postgresql/data" 25 + ] 26 + healthcheck: { 27 + test: "pg_isready -U \(name)" 28 + interval: "500ms" 29 + timeout: "10s" 30 + retries: 20 31 + } 32 + } 33 + 34 + services: (name): { 35 + depends_on: { 36 + "\(name)-pg": { 37 + condition: "service_healthy" 38 + restart: true 39 + } 40 + } 41 + } 42 + } 43 + } 44 + 45 + (#pg & { name: "plc" }).embed 46 + services: plc: { 47 + image: "ghcr.io/bluesky-social/did-method-plc:plc-c54aea0373e65df0b87f5bc81710007092f539b1" 48 + ports: ["7000:3000"] 49 + restart: "always" 50 + env_file: ["./env/plc.env"] 51 + networks: ["atproto"] 52 + } 53 + 54 + (#pg & { name: "relay"}).embed 55 + services: relay: { 56 + image: "ghcr.io/bluesky-social/indigo:relay-05d91c9bccfe67c0ac981bd17abc03f8954cce4e" 57 + ports: ["7001:3000"] 58 + restart: "always" 59 + env_file: ["./env/relay.env"] 60 + networks: ["atproto"] 61 + volumes: [ 62 + "relay_data:/data", 63 + ] 64 + depends_on: { 65 + plc: condition: "service_started" 66 + } 67 + } 68 + volumes: { 69 + relay_data: {} 70 + } 71 + 72 + services: jetstream: { 73 + image: "ghcr.io/bluesky-social/jetstream:sha-7d7efa58d7f14101a80ccc4f1085953948b7d5de" 74 + ports: ["7002:7002"] 75 + restart: "always" 76 + env_file: ["./env/jetstream.env"] 77 + networks: ["atproto"] 78 + volumes: [ 79 + "jetstream_data:/data", 80 + ] 81 + depends_on: { 82 + plc: condition: "service_started" 83 + relay: condition: "service_started" 84 + } 85 + } 86 + volumes: { 87 + jetstream_data: {} 88 + } 89 + 90 + (#pg & { name: "spicedb"}).embed 91 + services: spicedb_pg_init: { 92 + image: "postgres:16" 93 + restart: "on-failure:3" 94 + command: "psql postgres://spicedb:spicedb@spicedb-pg:5432/spicedb?sslmode=disable -c \"ALTER SYSTEM SET track_commit_timestamp = on;\"" 95 + networks: ["atproto"] 96 + } 97 + services: spicedb_pg_mig: { 98 + image: "authzed/spicedb:latest" 99 + command: "migrate head" 100 + restart: "on-failure" 101 + networks: ["atproto"] 102 + environment: [ 103 + "SPICEDB_DATASTORE_ENGINE=postgres", 104 + "SPICEDB_DATASTORE_CONN_URI=postgres://spicedb:spicedb@spicedb-pg:5432/spicedb?sslmode=disable", 105 + ] 106 + depends_on: spicedb_pg_init: condition: "service_completed_successfully" 107 + } 108 + services: spicedb: { 109 + image: "authzed/spicedb" 110 + command: "serve --http-enabled" 111 + restart: "always" 112 + networks: ["atproto"] 113 + ports: [ 114 + "8080", 115 + "9090", 116 + "50051", 117 + ] 118 + environment: [ 119 + "SPICEDB_GRPC_PRESHARED_KEY=testnet-spicedb", 120 + "SPICEDB_DATASTORE_ENGINE=postgres", 121 + "SPICEDB_DATASTORE_CONN_URI=postgres://spicedb:spicedb@spicedb_pg:5432/spicedb?sslmode=disable", 122 + ] 123 + depends_on: spicedb_pg_mig: condition: "service_completed_successfully" 124 + } 125 + 126 + services: pds: { 127 + image: "ghcr.io/bluesky-social/pds:sha-347a567469edd0ba65ee643d3adeb1119891a9b8" 128 + ports: ["6000:3000"] 129 + restart: "always" 130 + env_file: ["./env/pds.env"] 131 + networks: ["atproto"] 132 + volumes: [ 133 + "pds_data:/app/data", 134 + "pds_blobs:/app/blobs", 135 + ] 136 + depends_on: { 137 + plc: condition: "service_started" 138 + relay: condition: "service_started" 139 + spicedb: condition: "service_started" 140 + } 141 + } 142 + volumes: { 143 + pds_data: {} 144 + pds_blobs: {} 145 + }
+167
config/dev/atproto/compose.yaml
···
··· 1 + version: "3" 2 + networks: 3 + atproto: 4 + driver: bridge 5 + services: 6 + relay-pg: 7 + image: postgres:16 8 + ports: 9 + - "5432" 10 + environment: 11 + POSTGRES_DB: relay 12 + POSTGRES_USER: relay 13 + POSTGRES_PASSWORD: relay 14 + networks: 15 + - atproto 16 + volumes: 17 + - relay-pgdata:/var/lib/postgresql/data 18 + healthcheck: 19 + test: pg_isready -U relay 20 + interval: 500ms 21 + timeout: 10s 22 + retries: 20 23 + plc: 24 + depends_on: 25 + plc-pg: 26 + condition: service_healthy 27 + restart: true 28 + image: ghcr.io/bluesky-social/did-method-plc:plc-c54aea0373e65df0b87f5bc81710007092f539b1 29 + ports: 30 + - "7000:3000" 31 + restart: always 32 + env_file: 33 + - ./env/plc.env 34 + networks: 35 + - atproto 36 + spicedb-pg: 37 + image: postgres:16 38 + ports: 39 + - "5432" 40 + environment: 41 + POSTGRES_DB: spicedb 42 + POSTGRES_USER: spicedb 43 + POSTGRES_PASSWORD: spicedb 44 + networks: 45 + - atproto 46 + volumes: 47 + - spicedb-pgdata:/var/lib/postgresql/data 48 + healthcheck: 49 + test: pg_isready -U spicedb 50 + interval: 500ms 51 + timeout: 10s 52 + retries: 20 53 + relay: 54 + depends_on: 55 + relay-pg: 56 + condition: service_healthy 57 + restart: true 58 + plc: 59 + condition: service_started 60 + image: ghcr.io/bluesky-social/indigo:relay-05d91c9bccfe67c0ac981bd17abc03f8954cce4e 61 + ports: 62 + - "7001:3000" 63 + restart: always 64 + env_file: 65 + - ./env/relay.env 66 + networks: 67 + - atproto 68 + volumes: 69 + - relay_data:/data 70 + plc-pg: 71 + image: postgres:16 72 + ports: 73 + - "5432" 74 + environment: 75 + POSTGRES_DB: plc 76 + POSTGRES_USER: plc 77 + POSTGRES_PASSWORD: plc 78 + networks: 79 + - atproto 80 + volumes: 81 + - plc-pgdata:/var/lib/postgresql/data 82 + healthcheck: 83 + test: pg_isready -U plc 84 + interval: 500ms 85 + timeout: 10s 86 + retries: 20 87 + spicedb: 88 + depends_on: 89 + spicedb-pg: 90 + condition: service_healthy 91 + restart: true 92 + spicedb_pg_mig: 93 + condition: service_completed_successfully 94 + image: authzed/spicedb 95 + command: serve --http-enabled 96 + restart: always 97 + networks: 98 + - atproto 99 + ports: 100 + - "8080" 101 + - "9090" 102 + - "50051" 103 + environment: 104 + - SPICEDB_GRPC_PRESHARED_KEY=testnet-spicedb 105 + - SPICEDB_DATASTORE_ENGINE=postgres 106 + - SPICEDB_DATASTORE_CONN_URI=postgres://spicedb:spicedb@spicedb_pg:5432/spicedb?sslmode=disable 107 + jetstream: 108 + image: ghcr.io/bluesky-social/jetstream:sha-7d7efa58d7f14101a80ccc4f1085953948b7d5de 109 + ports: 110 + - "7002:7002" 111 + restart: always 112 + env_file: 113 + - ./env/jetstream.env 114 + networks: 115 + - atproto 116 + volumes: 117 + - jetstream_data:/data 118 + depends_on: 119 + plc: 120 + condition: service_started 121 + relay: 122 + condition: service_started 123 + spicedb_pg_init: 124 + image: postgres:16 125 + restart: on-failure:3 126 + command: psql postgres://spicedb:spicedb@spicedb-pg:5432/spicedb?sslmode=disable -c "ALTER SYSTEM SET track_commit_timestamp = on;" 127 + networks: 128 + - atproto 129 + spicedb_pg_mig: 130 + image: authzed/spicedb:latest 131 + command: migrate head 132 + restart: on-failure 133 + networks: 134 + - atproto 135 + environment: 136 + - SPICEDB_DATASTORE_ENGINE=postgres 137 + - SPICEDB_DATASTORE_CONN_URI=postgres://spicedb:spicedb@spicedb-pg:5432/spicedb?sslmode=disable 138 + depends_on: 139 + spicedb_pg_init: 140 + condition: service_completed_successfully 141 + pds: 142 + image: ghcr.io/bluesky-social/pds:sha-347a567469edd0ba65ee643d3adeb1119891a9b8 143 + ports: 144 + - "6000:3000" 145 + restart: always 146 + env_file: 147 + - ./env/pds.env 148 + networks: 149 + - atproto 150 + volumes: 151 + - pds_data:/app/data 152 + - pds_blobs:/app/blobs 153 + depends_on: 154 + plc: 155 + condition: service_started 156 + relay: 157 + condition: service_started 158 + spicedb: 159 + condition: service_started 160 + volumes: 161 + relay-pgdata: {} 162 + spicedb-pgdata: {} 163 + plc-pgdata: {} 164 + relay_data: {} 165 + jetstream_data: {} 166 + pds_data: {} 167 + pds_blobs: {}
+5
config/dev/atproto/env/jetstream.env
···
··· 1 + # see: https://github.com/bluesky-social/jetstream/blob/main/cmd/jetstream/main.go 2 + 3 + JETSTREAM_DATA_DIR=/data 4 + JETSTREAM_LISTEN_ADDR=:7002 5 + JETSTREAM_LIVENESS_TTL=86400s
+55
config/dev/atproto/env/pds.env
···
··· 1 + # See more env options in src/config/env.ts 2 + # Hostname - the public domain that you intend to deploy your service at 3 + PDS_HOSTNAME="pds.dev.hayden.moe" 4 + PDS_PORT="3000" 5 + 6 + # Database config - use one or the other 7 + PDS_DATA_DIRECTORY="/app/data" 8 + 9 + # Blobstore - filesystem location to store uploaded blobs 10 + PDS_BLOBSTORE_DISK_LOCATION="/app/blobs" 11 + 12 + # Private keys - these are each expected to be 64 char hex strings (256 bit) 13 + PDS_REPO_SIGNING_KEY_K256_PRIVATE_KEY_HEX="8e187a9a35b6f523c45b7809cbfc50d5fffe139bef7d79818091c04805d35b22b823af8e8cf5ee5541c50b7585c1a8899a9824bf1a41fcfc2b56e64fb85c81b8" 14 + PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX="566ad198e537bd4e7dd710ea850bd99a3f42d7489fcb7791b1bc8a4b65a1581b3208104703bc45843682a7d39422be48d68510b482c17232c9ff8b71492b8835" 15 + 16 + # Secrets - update to secure high-entropy strings 17 + PDS_DPOP_SECRET="Z2amAvrUESz1xH8GT3Y+f91zulmA6YKi7I/N/b6ooqw=" 18 + PDS_JWT_SECRET="/qYxrMq3vRWk49WVSBwvzuFX8VvS6QcmMeGOMIOEasc=" 19 + PDS_ADMIN_PASSWORD="t2CbmsPamTkSmFyf39HBeoVcrrqDieFCLL7VcPxfM3I=" 20 + 21 + # Environment - example is for live network 22 + PDS_DID_PLC_URL="https://plc.dev.hayden.moe" 23 + PDS_CRAWLERS="https://relay.dev.hayden.moe" 24 + # PDS_BSKY_APP_VIEW_URL="https://api.bsky.app" 25 + # PDS_BSKY_APP_VIEW_DID="did:web:api.bsky.app" 26 + 27 + # OAuth Provider 28 + PDS_OAUTH_PROVIDER_NAME="Recipes.blue Test PDS" 29 + PDS_OAUTH_PROVIDER_LOGO= 30 + PDS_OAUTH_PROVIDER_PRIMARY_COLOR="#7507e3" 31 + PDS_OAUTH_PROVIDER_ERROR_COLOR= 32 + PDS_OAUTH_PROVIDER_HOME_LINK= 33 + PDS_OAUTH_PROVIDER_TOS_LINK= 34 + PDS_OAUTH_PROVIDER_POLICY_LINK= 35 + PDS_OAUTH_PROVIDER_SUPPORT_LINK= 36 + 37 + # Permission Provider 38 + PDS_SPICEDB_HOST=spicedb:50051 39 + PDS_SPICEDB_TOKEN=CHANGE-ME 40 + PDS_SPICEDB_INSECURE=1 41 + SPICEDB_DATASTORE_ENGINE="postgres" 42 + SPICEDB_DATASTORE_CONN_URI="postgres://spicedb:spicedb@spicedb_pg:5432/spicedb?sslmode=disable" 43 + SPICEDB_POSTGRES_HOST="spicedb_pg" 44 + SPICEDB_POSTGRES_PORT="5432" 45 + SPICEDB_POSTGRES_DB="spicedb" 46 + SPICEDB_POSTGRES_USER="spicedb" 47 + SPICEDB_POSTGRES_PASSWORD="spicedb" 48 + 49 + # Debugging 50 + PDS_DEV_MODE=1 51 + NODE_TLS_REJECT_UNAUTHORIZED=1 52 + LOG_ENABLED=0 53 + LOG_LEVEL=info 54 + PDS_INVITE_REQUIRED=1 55 + PDS_DISABLE_SSRF_PROTECTION=0
+9
config/dev/atproto/env/plc.env
···
··· 1 + DB_URL=postgres://plc:plc@plc-pg/plc 2 + DB_CREDS_JSON={"url":"postgres://plc:plc@plc-pg/plc"} 3 + DB_MIGRATE_CREDS_JSON={"url":"postgres://plc:plc@plc-pg/plc"} 4 + DB_SCHEMA=public 5 + DEBUG_MODE=1 6 + LOG_ENABLED=true 7 + LOG_LEVEL=debug 8 + ENABLE_MIGRATIONS=true 9 + LOG_DESTINATION=1
+10
config/dev/atproto/env/relay.env
···
··· 1 + # see: https://github.com/bluesky-social/indigo/blob/main/cmd/relay/main.go 2 + 3 + RELAY_ADMIN_PASSWORD=SpEkZB3OVNKUMWiAZAWfAg== 4 + RELAY_PLC_HOST=https://plc.dev.hayden.moe 5 + DATABASE_URL=postgres://relay:relay@relay_pg:5432/relay?sslmode=disable 6 + RELAY_IP_BIND=:7001 7 + RELAY_PERSIST_DIR=/data 8 + RELAY_DISABLE_REQUEST_CRAWL=1 9 + RELAY_INITIAL_SEQ_NUMBER=1 10 + RELAY_TRUSTED_DOMAINS=
+116
config/dev/caddy/Caddyfile
···
··· 1 + { 2 + storage file_system /data/ 3 + debug 4 + pki { 5 + ca hayden { 6 + name "Hayden" 7 + } 8 + } 9 + } 10 + 11 + plc.dev.hayden.moe { 12 + tls { 13 + issuer internal { 14 + ca hayden 15 + } 16 + } 17 + 18 + reverse_proxy http://plc:3000 19 + } 20 + 21 + relay.dev.hayden.moe { 22 + tls { 23 + issuer internal { 24 + ca hayden 25 + } 26 + } 27 + 28 + reverse_proxy http://relay:3000 29 + } 30 + 31 + jetstream.dev.hayden.moe { 32 + tls { 33 + issuer internal { 34 + ca hayden 35 + } 36 + } 37 + 38 + reverse_proxy http://jetstream:3000 39 + } 40 + 41 + pds.dev.hayden.moe, *.pds.dev.hayden.moe { 42 + tls { 43 + issuer internal { 44 + ca hayden 45 + } 46 + } 47 + 48 + reverse_proxy http://pds:3000 49 + } 50 + 51 + api.dev.hayden.moe { 52 + tls { 53 + issuer internal { 54 + ca hayden 55 + } 56 + } 57 + 58 + reverse_proxy http://host.docker.internal:8080 59 + } 60 + 61 + cookware.dev.hayden.moe { 62 + tls { 63 + issuer internal { 64 + ca hayden 65 + } 66 + } 67 + 68 + reverse_proxy http://host.docker.internal:5173 69 + 70 + handle_path /xrpc/* { 71 + rewrite * /xrpc{uri} 72 + reverse_proxy http://host.docker.internal:8080 73 + } 74 + handle_path /api/* { 75 + rewrite * /api{uri} 76 + reverse_proxy http://host.docker.internal:8080 77 + } 78 + } 79 + 80 + http://*.trycloudflare.com { 81 + reverse_proxy http://host.docker.internal:5173 82 + 83 + handle_path /xrpc/* { 84 + rewrite * /xrpc{uri} 85 + reverse_proxy http://host.docker.internal:8080 86 + } 87 + handle_path /oauth/* { 88 + rewrite * /oauth{uri} 89 + reverse_proxy http://host.docker.internal:8080 90 + } 91 + handle_path /api/* { 92 + rewrite * /api{uri} 93 + reverse_proxy http://host.docker.internal:8080 94 + } 95 + } 96 + 97 + acme.dev.hayden.moe { 98 + tls { 99 + issuer internal { 100 + ca hayden 101 + } 102 + } 103 + acme_server { 104 + ca hayden 105 + } 106 + } 107 + 108 + turso.dev.hayden.moe { 109 + tls { 110 + issuer internal { 111 + ca hayden 112 + } 113 + } 114 + 115 + reverse_proxy http://libsql:8080 116 + }
+29
config/dev/caddy/compose.yaml
···
··· 1 + --- 2 + version: '3' 3 + 4 + volumes: 5 + caddy_data: {} 6 + caddy_config: {} 7 + 8 + networks: 9 + caddy: 10 + 11 + services: 12 + caddy: 13 + image: caddy:2 14 + restart: unless-stopped 15 + cap_add: 16 + - NET_ADMIN 17 + ports: 18 + - "80:80" 19 + - "443:443" 20 + - "443:443/udp" 21 + volumes: 22 + - ./Caddyfile:/etc/caddy/Caddyfile 23 + - caddy_data:/data 24 + - caddy_config:/config 25 + extra_hosts: 26 + - "host.docker.internal:host-gateway" 27 + networks: 28 + - caddy 29 + - atproto
+13
config/dev/libsql/compose.yaml
···
··· 1 + --- 2 + volumes: 3 + libsql: {} 4 + 5 + services: 6 + libsql: 7 + image: ghcr.io/tursodatabase/libsql-server:latest 8 + environment: 9 + SQLD_NODE: primary 10 + ports: 11 + - 4001:8080 12 + volumes: 13 + - libsql:/var/lib/sqld
+5 -30
docker-compose.yaml
··· 1 --- 2 services: 3 - caddy: 4 - image: caddy:2 5 - restart: unless-stopped 6 - cap_add: 7 - - NET_ADMIN 8 - ports: 9 - - "80:80" 10 - - "443:443" 11 - - "443:443/udp" 12 - volumes: 13 - - ./Caddyfile:/etc/caddy/Caddyfile 14 - - caddy_data:/data 15 - - caddy_config:/config 16 - extra_hosts: 17 - - "host.docker.internal:host-gateway" 18 - 19 - libsql: 20 - image: ghcr.io/tursodatabase/libsql-server:latest 21 - environment: 22 - SQLD_NODE: primary 23 - ports: 24 - - 4001:8080 25 - volumes: 26 - - libsql:/var/lib/sqld 27 - 28 tunnel: 29 image: cloudflare/cloudflared 30 restart: unless-stopped 31 command: tunnel --url http://caddy 32 - 33 - volumes: 34 - caddy_data: {} 35 - caddy_config: {} 36 - libsql: {}
··· 1 --- 2 + include: 3 + - path: config/dev/atproto/compose.yaml 4 + - path: config/dev/caddy/compose.yaml 5 + - path: config/dev/libsql/compose.yaml 6 + 7 services: 8 tunnel: 9 image: cloudflare/cloudflared 10 restart: unless-stopped 11 command: tunnel --url http://caddy
+2
mise.toml
···
··· 1 + [tools] 2 + cue = "0.15.1"