feat: nix module #16

+2 -2

.env.example

··· 131 131 # Account Registration 132 132 # ============================================================================= 133 133 # Require invite codes for registration 134 134 + # INVITE_CODE_REQUIRED=true 134 134 - # INVITE_CODE_REQUIRED=false 135 135 # Comma-separated list of available user domains 136 136 # AVAILABLE_USER_DOMAINS=example.com 137 137 # Enable self-hosted did:web identities (default: true) 138 138 # Hosting did:web requires a long-term commitment to serve DID documents. 139 139 # Set to false if you don't want to offer this option. 140 140 + # ENABLE_PDS_HOSTED_DID_WEB=false 140 140 - # ENABLE_SELF_HOSTED_DID_WEB=true 141 141 # ============================================================================= 142 142 # Server Metadata (returned by describeServer) 143 143 # =============================================================================

+210 -3

Cargo.lock

··· 105 105 ] 106 106 107 107 [[package]] 108 108 + name = "anstream" 109 109 + version = "0.6.21" 110 110 + source = "registry+https://github.com/rust-lang/crates.io-index" 111 111 + checksum = "43d5b281e737544384e969a5ccad3f1cdd24b48086a0fc1b2a5262a26b8f4f4a" 112 112 + dependencies = [ 113 113 + "anstyle", 114 114 + "anstyle-parse", 115 115 + "anstyle-query", 116 116 + "anstyle-wincon", 117 117 + "colorchoice", 118 118 + "is_terminal_polyfill", 119 119 + "utf8parse", 120 120 + ] 121 121 + 122 122 + [[package]] 123 123 + name = "anstyle" 124 124 + version = "1.0.13" 125 125 + source = "registry+https://github.com/rust-lang/crates.io-index" 126 126 + checksum = "5192cca8006f1fd4f7237516f40fa183bb07f8fbdfedaa0036de5ea9b0b45e78" 127 127 + 128 128 + [[package]] 129 129 + name = "anstyle-parse" 130 130 + version = "0.2.7" 131 131 + source = "registry+https://github.com/rust-lang/crates.io-index" 132 132 + checksum = "4e7644824f0aa2c7b9384579234ef10eb7efb6a0deb83f9630a49594dd9c15c2" 133 133 + dependencies = [ 134 134 + "utf8parse", 135 135 + ] 136 136 + 137 137 + [[package]] 138 138 + name = "anstyle-query" 139 139 + version = "1.1.5" 140 140 + source = "registry+https://github.com/rust-lang/crates.io-index" 141 141 + checksum = "40c48f72fd53cd289104fc64099abca73db4166ad86ea0b4341abe65af83dadc" 142 142 + dependencies = [ 143 143 + "windows-sys 0.61.2", 144 144 + ] 145 145 + 146 146 + [[package]] 147 147 + name = "anstyle-wincon" 148 148 + version = "3.0.11" 149 149 + source = "registry+https://github.com/rust-lang/crates.io-index" 150 150 + checksum = "291e6a250ff86cd4a820112fb8898808a366d8f9f58ce16d1f538353ad55747d" 151 151 + dependencies = [ 152 152 + "anstyle", 153 153 + "once_cell_polyfill", 154 154 + "windows-sys 0.61.2", 155 155 + ] 156 156 + 157 157 + [[package]] 108 158 name = "anyhow" 109 159 version = "1.0.100" 110 160 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 1217 1267 ] 1218 1268 1219 1269 [[package]] 1270 1270 + name = "clap" 1271 1271 + version = "4.5.58" 1272 1272 + source = "registry+https://github.com/rust-lang/crates.io-index" 1273 1273 + checksum = "63be97961acde393029492ce0be7a1af7e323e6bae9511ebfac33751be5e6806" 1274 1274 + dependencies = [ 1275 1275 + "clap_builder", 1276 1276 + "clap_derive", 1277 1277 + ] 1278 1278 + 1279 1279 + [[package]] 1280 1280 + name = "clap_builder" 1281 1281 + version = "4.5.58" 1282 1282 + source = "registry+https://github.com/rust-lang/crates.io-index" 1283 1283 + checksum = "7f13174bda5dfd69d7e947827e5af4b0f2f94a4a3ee92912fba07a66150f21e2" 1284 1284 + dependencies = [ 1285 1285 + "anstream", 1286 1286 + "anstyle", 1287 1287 + "clap_lex", 1288 1288 + "strsim", 1289 1289 + ] 1290 1290 + 1291 1291 + [[package]] 1292 1292 + name = "clap_derive" 1293 1293 + version = "4.5.55" 1294 1294 + source = "registry+https://github.com/rust-lang/crates.io-index" 1295 1295 + checksum = "a92793da1a46a5f2a02a6f4c46c6496b28c43638adea8306fcb0caa1634f24e5" 1296 1296 + dependencies = [ 1297 1297 + "heck 0.5.0", 1298 1298 + "proc-macro2", 1299 1299 + "quote", 1300 1300 + "syn 2.0.111", 1301 1301 + ] 1302 1302 + 1303 1303 + [[package]] 1304 1304 + name = "clap_lex" 1305 1305 + version = "1.0.0" 1306 1306 + source = "registry+https://github.com/rust-lang/crates.io-index" 1307 1307 + checksum = "3a822ea5bc7590f9d40f1ba12c0dc3c2760f3482c6984db1573ad11031420831" 1308 1308 + 1309 1309 + [[package]] 1220 1310 name = "cmake" 1221 1311 version = "0.1.57" 1222 1312 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 1241 1331 checksum = "3d7b894f5411737b7867f4827955924d7c254fc9f4d91a6aad6b097804b1018b" 1242 1332 1243 1333 [[package]] 1334 1334 + name = "colorchoice" 1335 1335 + version = "1.0.4" 1336 1336 + source = "registry+https://github.com/rust-lang/crates.io-index" 1337 1337 + checksum = "b05b61dc5112cbb17e4b6cd61790d9845d13888356391624cbe7e41efeac1e75" 1338 1338 + 1339 1339 + [[package]] 1244 1340 name = "combine" 1245 1341 version = "4.6.7" 1246 1342 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 1281 1377 ] 1282 1378 1283 1379 [[package]] 1380 1380 + name = "confique" 1381 1381 + version = "0.4.0" 1382 1382 + source = "registry+https://github.com/rust-lang/crates.io-index" 1383 1383 + checksum = "06b4f5ec222421e22bb0a8cbaa36b1d2b50fd45cdd30c915ded34108da78b29f" 1384 1384 + dependencies = [ 1385 1385 + "confique-macro", 1386 1386 + "serde", 1387 1387 + "toml", 1388 1388 + ] 1389 1389 + 1390 1390 + [[package]] 1391 1391 + name = "confique-macro" 1392 1392 + version = "0.0.13" 1393 1393 + source = "registry+https://github.com/rust-lang/crates.io-index" 1394 1394 + checksum = "e4d1754680cd218e7bcb4c960cc9bae3444b5197d64563dccccfdf83cab9e1a7" 1395 1395 + dependencies = [ 1396 1396 + "heck 0.5.0", 1397 1397 + "proc-macro2", 1398 1398 + "quote", 1399 1399 + "syn 2.0.111", 1400 1400 + ] 1401 1401 + 1402 1402 + [[package]] 1284 1403 name = "const-oid" 1285 1404 version = "0.9.6" 1286 1405 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 2762 2881 "libc", 2763 2882 "percent-encoding", 2764 2883 "pin-project-lite", 2884 2884 + "socket2 0.6.2", 2765 2765 - "socket2 0.5.10", 2766 2885 "system-configuration", 2767 2886 "tokio", 2768 2887 "tower-service", ··· 3058 3177 "tokio", 3059 3178 "unsigned-varint 0.7.2", 3060 3179 ] 3180 3180 + 3181 3181 + [[package]] 3182 3182 + name = "is_terminal_polyfill" 3183 3183 + version = "1.70.2" 3184 3184 + source = "registry+https://github.com/rust-lang/crates.io-index" 3185 3185 + checksum = "a6cb138bb79a146c1bd460005623e142ef0181e3d0219cb493e02f7d08a35695" 3061 3186 3062 3187 [[package]] 3063 3188 name = "itertools" ··· 3716 3841 checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" 3717 3842 3718 3843 [[package]] 3844 3844 + name = "once_cell_polyfill" 3845 3845 + version = "1.70.2" 3846 3846 + source = "registry+https://github.com/rust-lang/crates.io-index" 3847 3847 + checksum = "384b8ab6d37215f3c5301a95a4accb5d64aa607f1fcb26a11b5303878451b4fe" 3848 3848 + 3849 3849 + [[package]] 3719 3850 name = "opaque-debug" 3720 3851 version = "0.3.1" 3721 3852 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 4209 4340 "quinn-udp", 4210 4341 "rustc-hash", 4211 4342 "rustls 0.23.35", 4343 4343 + "socket2 0.6.2", 4212 4212 - "socket2 0.5.10", 4213 4344 "thiserror 2.0.17", 4214 4345 "tokio", 4215 4346 "tracing", ··· 4246 4377 "cfg_aliases", 4247 4378 "libc", 4248 4379 "once_cell", 4380 4380 + "socket2 0.6.2", 4249 4249 - "socket2 0.5.10", 4250 4381 "tracing", 4251 4382 "windows-sys 0.60.2", 4252 4383 ] ··· 4907 5038 "proc-macro2", 4908 5039 "quote", 4909 5040 "syn 2.0.111", 5041 5041 + ] 5042 5042 + 5043 5043 + [[package]] 5044 5044 + name = "serde_spanned" 5045 5045 + version = "1.0.4" 5046 5046 + source = "registry+https://github.com/rust-lang/crates.io-index" 5047 5047 + checksum = "f8bbf91e5a4d6315eee45e704372590b30e260ee83af6639d64557f51b067776" 5048 5048 + dependencies = [ 5049 5049 + "serde_core", 4910 5050 ] 4911 5051 4912 5052 [[package]] ··· 5709 5849 ] 5710 5850 5711 5851 [[package]] 5852 5852 + name = "toml" 5853 5853 + version = "0.9.12+spec-1.1.0" 5854 5854 + source = "registry+https://github.com/rust-lang/crates.io-index" 5855 5855 + checksum = "cf92845e79fc2e2def6a5d828f0801e29a2f8acc037becc5ab08595c7d5e9863" 5856 5856 + dependencies = [ 5857 5857 + "indexmap 2.12.1", 5858 5858 + "serde_core", 5859 5859 + "serde_spanned", 5860 5860 + "toml_datetime", 5861 5861 + "toml_parser", 5862 5862 + "toml_writer", 5863 5863 + "winnow", 5864 5864 + ] 5865 5865 + 5866 5866 + [[package]] 5867 5867 + name = "toml_datetime" 5868 5868 + version = "0.7.5+spec-1.1.0" 5869 5869 + source = "registry+https://github.com/rust-lang/crates.io-index" 5870 5870 + checksum = "92e1cfed4a3038bc5a127e35a2d360f145e1f4b971b551a2ba5fd7aedf7e1347" 5871 5871 + dependencies = [ 5872 5872 + "serde_core", 5873 5873 + ] 5874 5874 + 5875 5875 + [[package]] 5876 5876 + name = "toml_parser" 5877 5877 + version = "1.0.7+spec-1.1.0" 5878 5878 + source = "registry+https://github.com/rust-lang/crates.io-index" 5879 5879 + checksum = "247eaa3197818b831697600aadf81514e577e0cba5eab10f7e064e78ae154df1" 5880 5880 + dependencies = [ 5881 5881 + "winnow", 5882 5882 + ] 5883 5883 + 5884 5884 + [[package]] 5885 5885 + name = "toml_writer" 5886 5886 + version = "1.0.6+spec-1.1.0" 5887 5887 + source = "registry+https://github.com/rust-lang/crates.io-index" 5888 5888 + checksum = "ab16f14aed21ee8bfd8ec22513f7287cd4a91aa92e44edfe2c17ddd004e92607" 5889 5889 + 5890 5890 + [[package]] 5712 5891 name = "tonic" 5713 5892 version = "0.14.2" 5714 5893 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 5908 6087 "sha2", 5909 6088 "subtle", 5910 6089 "totp-rs", 6090 6090 + "tranquil-config", 5911 6091 "tranquil-crypto", 5912 6092 "urlencoding", 5913 6093 "uuid", ··· 5922 6102 "redis", 5923 6103 "tokio-util", 5924 6104 "tracing", 6105 6105 + "tranquil-config", 5925 6106 "tranquil-infra", 5926 6107 "tranquil-ripple", 5927 6108 ] ··· 5936 6117 "serde_json", 5937 6118 "thiserror 2.0.17", 5938 6119 "tokio", 6120 6120 + "tranquil-config", 5939 6121 "tranquil-db-traits", 5940 6122 "uuid", 6123 6123 + ] 6124 6124 + 6125 6125 + [[package]] 6126 6126 + name = "tranquil-config" 6127 6127 + version = "0.2.1" 6128 6128 + dependencies = [ 6129 6129 + "confique", 6130 6130 + "serde", 5941 6131 ] 5942 6132 5943 6133 [[package]] ··· 5997 6187 "bytes", 5998 6188 "futures", 5999 6189 "thiserror 2.0.17", 6190 6190 + "tranquil-config", 6000 6191 ] 6001 6192 6002 6193 [[package]] ··· 6041 6232 "chrono", 6042 6233 "ciborium", 6043 6234 "cid", 6235 6235 + "clap", 6044 6236 "ctor", 6045 6237 "dotenvy", 6046 6238 "ed25519-dalek", ··· 6091 6283 "tranquil-auth", 6092 6284 "tranquil-cache", 6093 6285 "tranquil-comms", 6286 6286 + "tranquil-config", 6094 6287 "tranquil-crypto", 6095 6288 "tranquil-db", 6096 6289 "tranquil-db-traits", ··· 6139 6332 "tokio-util", 6140 6333 "tracing", 6141 6334 "tracing-subscriber", 6335 6335 + "tranquil-config", 6142 6336 "tranquil-infra", 6143 6337 "uuid", 6144 6338 ] ··· 6171 6365 "sha2", 6172 6366 "tokio", 6173 6367 "tracing", 6368 6368 + "tranquil-config", 6174 6369 "tranquil-infra", 6175 6370 "uuid", 6176 6371 ] ··· 6355 6550 version = "1.0.4" 6356 6551 source = "registry+https://github.com/rust-lang/crates.io-index" 6357 6552 checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be" 6553 6553 + 6554 6554 + [[package]] 6555 6555 + name = "utf8parse" 6556 6556 + version = "0.2.2" 6557 6557 + source = "registry+https://github.com/rust-lang/crates.io-index" 6558 6558 + checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" 6358 6559 6359 6560 [[package]] 6360 6561 name = "uuid" ··· 6929 7130 version = "0.53.1" 6930 7131 source = "registry+https://github.com/rust-lang/crates.io-index" 6931 7132 checksum = "d6bbff5f0aada427a1e5a6da5f1f98158182f26556f345ac9e04d36d0ebed650" 7133 7133 + 7134 7134 + [[package]] 7135 7135 + name = "winnow" 7136 7136 + version = "0.7.14" 7137 7137 + source = "registry+https://github.com/rust-lang/crates.io-index" 7138 7138 + checksum = "5a5364e9d77fcdeeaa6062ced926ee3381faa2ee02d3eb83a5c27a8825540829" 6932 7139 6933 7140 [[package]] 6934 7141 name = "winreg"

+4

Cargo.toml

··· 2 2 resolver = "2" 3 3 members = [ 4 4 "crates/tranquil-types", 5 5 + "crates/tranquil-config", 5 6 "crates/tranquil-infra", 6 7 "crates/tranquil-crypto", 7 8 "crates/tranquil-storage", ··· 24 25 25 26 [workspace.dependencies] 26 27 tranquil-types = { path = "crates/tranquil-types" } 28 28 + tranquil-config = { path = "crates/tranquil-config" } 27 29 tranquil-infra = { path = "crates/tranquil-infra" } 28 30 tranquil-crypto = { path = "crates/tranquil-crypto" } 29 31 tranquil-storage = { path = "crates/tranquil-storage" } ··· 52 54 bytes = "1.11" 53 55 chrono = { version = "0.4", features = ["serde"] } 54 56 cid = "0.11" 57 57 + clap = { version = "4", features = ["derive", "env"] } 58 58 + confique = { version = "0.4", features = ["toml"] } 55 59 dotenvy = "0.15" 56 60 ed25519-dalek = { version = "2.1", features = ["pkcs8"] } 57 61 foca = { version = "1", features = ["bincode-codec", "tracing"] }

+13 -14

README.md

··· 6 6 7 7 This particular PDS thrives under harsh conditions. It is a dandelion growing through the cracks in the sidewalk concrete. 8 8 9 9 + It has full compatibility with Bluesky's reference PDS. 9 9 - It has full compatibility with Bluesky's reference PDS: same endpoints, same behavior, same client compatibility. Everything works: repo operations, blob storage, firehose, OAuth, handle resolution, account migration, the lot. 10 10 - 11 11 - Another excellent PDS is [Cocoon](https://tangled.org/hailey.at/cocoon), written in go. 12 10 13 11 ## What's different about Tranquil PDS 14 12 13 13 + It is a superset of the reference PDS, including: passkeys and 2FA (WebAuthn/FIDO2, TOTP, backup codes, trusted devices), SSO login and signup, did:web support (PDS-hosted subdomains or bring-your-own), multi-channel communication (email, discord, telegram, signal) for verification and alerts, granular OAuth scopes with a consent UI showing human-readable descriptions, app passwords with granular permissions (read-only, post-only, or custom scopes), account delegation (letting others manage an account with configurable permission levels), and a built-in web UI for account management, repo browsing, and admin. 15 15 - It is a superset of the reference PDS, including: passkeys and 2FA (WebAuthn/FIDO2, TOTP, backup codes, trusted devices), SSO login and signup, did:web support (PDS-hosted subdomains or bring-your-own), multi-channel communication (email, discord, telegram, signal) for verification and alerts, granular OAuth scopes with a consent UI showing human-readable descriptions, app passwords with granular permissions (read-only, post-only, or custom scopes), account delegation (letting others manage an account with configurable permission levels), automatic backups (configurable retention and frequency, one-click restore), and a built-in web UI for account management, OAuth consent, repo browsing, and admin. 16 14 15 15 + The PDS itself is a single binary with no nodeJS runtime. However, at time of writing, Tranquil requires postgres running separately. Blobs are stored on the local filesystem by default (S3 optional). Valkey is also optional (as an alternative to the built-in cache). 17 17 - The PDS itself is a single small binary with no node/npm runtime. It requires postgres. Blobs are stored on the local filesystem by default (S3 optional). Valkey is optional (supported as an alternative to the built-in cache). 18 16 19 17 ## Quick Start 20 18 21 19 ```bash 22 20 cp .env.example .env 21 21 + podman compose up db -d 23 23 - podman compose up -d 24 22 just run 25 23 ``` 26 24 27 25 ## Configuration 28 26 27 27 + See `example.toml` for all configuration options. 28 28 + 29 29 + > [!NOTE] 30 30 + > The order of configuration precendence is: environment variables, than a config file passed via `--config`, than `/etc/tranquil-pds/config.toml`, than the built-in defaults. So you can use environment variables, or a config file, or both. 29 29 - See `.env.example` for all configuration options. 30 31 31 32 ## Development 32 33 ··· 41 42 42 43 ### Quick Deploy (Docker/Podman Compose) 43 44 45 45 + Edit `.env` with your values. Generate secrets with `openssl rand -base64 48`. 44 44 - Edit `.env.prod` with your values. Generate secrets with `openssl rand -base64 48`. 45 46 46 47 ```bash 48 48 + cp .env.example .env 47 47 - cp .env.prod.example .env.prod 48 49 podman-compose -f docker-compose.prod.yaml up -d 49 50 ``` 50 51 51 52 ### Installation Guides 52 53 54 54 + - [Debian](docs/install-debian.md) 55 55 + - [Containers](docs/install-containers.md) 56 56 + - [Kubernetes](docs/install-kubernetes.md) 53 53 - | Guide | Best For | 54 54 - |-------|----------| 55 55 - | [Debian](docs/install-debian.md) | Debian 13+ with systemd | 56 56 - | [Containers](docs/install-containers.md) | Podman with quadlets or OpenRC | 57 57 - | [Kubernetes](docs/install-kubernetes.md) | You know what you're doing | 58 57 59 58 ## Maintainers to ping 60 59

+1

crates/tranquil-auth/Cargo.toml

··· 5 5 license.workspace = true 6 6 7 7 [dependencies] 8 8 + tranquil-config = { workspace = true } 8 9 tranquil-crypto = { workspace = true } 9 10 10 11 anyhow = { workspace = true }

+6 -2

crates/tranquil-auth/src/token.rs

··· 127 127 let jti = uuid::Uuid::new_v4().to_string(); 128 128 129 129 let aud_hostname = hostname.map(|h| h.to_string()).unwrap_or_else(|| { 130 130 + tranquil_config::try_get() 131 131 + .map(|c| c.server.hostname.clone()) 132 132 + .unwrap_or_else(|| "localhost".to_string()) 130 130 - std::env::var("PDS_HOSTNAME").unwrap_or_else(|_| "localhost".to_string()) 131 133 }); 132 134 133 135 let claims = Claims { ··· 253 255 sub: did.to_owned(), 254 256 aud: format!( 255 257 "did:web:{}", 258 258 + tranquil_config::try_get() 259 259 + .map(|c| c.server.hostname.clone()) 260 260 + .unwrap_or_else(|| "localhost".to_string()) 256 256 - std::env::var("PDS_HOSTNAME").unwrap_or_else(|_| "localhost".to_string()) 257 261 ), 258 262 exp: expiration, 259 263 iat: Utc::now().timestamp(),

+43 -2

crates/tranquil-auth/src/types.rs

··· 30 30 type Err = TokenTypeParseError; 31 31 32 32 fn from_str(s: &str) -> Result<Self, Self::Err> { 33 33 + match s.to_ascii_lowercase().as_str() { 33 33 - match s { 34 34 "at+jwt" => Ok(Self::Access), 35 35 "refresh+jwt" => Ok(Self::Refresh), 36 36 "jwt" => Ok(Self::Service), ··· 88 88 type Err = SigningAlgorithmParseError; 89 89 90 90 fn from_str(s: &str) -> Result<Self, Self::Err> { 91 91 + match s.to_ascii_uppercase().as_str() { 91 91 - match s { 92 92 "ES256K" => Ok(Self::ES256K), 93 93 "HS256" => Ok(Self::HS256), 94 94 _ => Err(SigningAlgorithmParseError(s.to_string())), ··· 258 258 } 259 259 260 260 impl std::error::Error for TokenVerifyError {} 261 261 + 262 262 + #[cfg(test)] 263 263 + mod tests { 264 264 + use super::*; 265 265 + 266 266 + #[test] 267 267 + fn token_type_accepts_bluesky_uppercase_jwt() { 268 268 + let result: Result<Header, _> = 269 269 + serde_json::from_str(r#"{"alg":"ES256K","typ":"JWT"}"#); 270 270 + let header = result.expect("should parse uppercase JWT from bluesky reference pds"); 271 271 + assert_eq!(header.typ, TokenType::Service); 272 272 + assert_eq!(header.alg, SigningAlgorithm::ES256K); 273 273 + } 274 274 + 275 275 + #[test] 276 276 + fn token_type_accepts_lowercase_jwt() { 277 277 + let result: Result<Header, _> = 278 278 + serde_json::from_str(r#"{"alg":"ES256K","typ":"jwt"}"#); 279 279 + let header = result.expect("should parse lowercase jwt"); 280 280 + assert_eq!(header.typ, TokenType::Service); 281 281 + } 282 282 + 283 283 + #[test] 284 284 + fn token_type_accepts_mixed_case_access() { 285 285 + assert_eq!(TokenType::from_str("AT+JWT").unwrap(), TokenType::Access); 286 286 + assert_eq!(TokenType::from_str("at+jwt").unwrap(), TokenType::Access); 287 287 + assert_eq!(TokenType::from_str("At+Jwt").unwrap(), TokenType::Access); 288 288 + } 289 289 + 290 290 + #[test] 291 291 + fn token_type_rejects_unknown() { 292 292 + assert!(TokenType::from_str("bearer").is_err()); 293 293 + } 294 294 + 295 295 + #[test] 296 296 + fn signing_algorithm_case_insensitive() { 297 297 + assert_eq!(SigningAlgorithm::from_str("ES256K").unwrap(), SigningAlgorithm::ES256K); 298 298 + assert_eq!(SigningAlgorithm::from_str("es256k").unwrap(), SigningAlgorithm::ES256K); 299 299 + assert_eq!(SigningAlgorithm::from_str("hs256").unwrap(), SigningAlgorithm::HS256); 300 300 + } 301 301 + }

+1

crates/tranquil-cache/Cargo.toml

··· 9 9 valkey = ["dep:redis"] 10 10 11 11 [dependencies] 12 12 + tranquil-config = { workspace = true } 12 13 tranquil-infra = { workspace = true } 13 14 tranquil-ripple = { workspace = true } 14 15

+22 -14

crates/tranquil-cache/src/lib.rs

··· 172 172 pub async fn create_cache( 173 173 shutdown: tokio_util::sync::CancellationToken, 174 174 ) -> (Arc<dyn Cache>, Arc<dyn DistributedRateLimiter>) { 175 175 + let cache_cfg = tranquil_config::try_get().map(|c| &c.cache); 176 176 + let backend = cache_cfg.map(|c| c.backend.as_str()).unwrap_or("ripple"); 177 177 + let valkey_url = cache_cfg.and_then(|c| c.valkey_url.as_deref()); 178 178 + 175 179 #[cfg(feature = "valkey")] 180 180 + if backend == "valkey" { 181 181 + if let Some(url) = valkey_url { 182 182 + match ValkeyCache::new(url).await { 183 183 + Ok(cache) => { 184 184 + tracing::info!("using valkey cache at {url}"); 185 185 + let rate_limiter = Arc::new(RedisRateLimiter::new(cache.connection())); 186 186 + return (Arc::new(cache), rate_limiter); 187 187 + } 188 188 + Err(e) => { 189 189 + tracing::warn!("failed to connect to valkey: {e}. falling back to ripple."); 190 190 + } 176 176 - if let Ok(url) = std::env::var("VALKEY_URL") { 177 177 - match ValkeyCache::new(&url).await { 178 178 - Ok(cache) => { 179 179 - tracing::info!("using valkey cache at {url}"); 180 180 - let rate_limiter = Arc::new(RedisRateLimiter::new(cache.connection())); 181 181 - return (Arc::new(cache), rate_limiter); 182 191 } 192 192 + } else { 193 193 + tracing::warn!("cache.backend is \"valkey\" but VALKEY_URL is not set. using ripple."); 183 183 - Err(e) => { 184 184 - tracing::warn!("failed to connect to valkey: {e}. falling back to ripple."); 185 185 - } 186 194 } 187 195 } 188 196 189 197 #[cfg(not(feature = "valkey"))] 198 198 + if backend == "valkey" { 190 190 - if std::env::var("VALKEY_URL").is_ok() { 191 199 tracing::warn!( 200 200 + "cache.backend is \"valkey\" but binary was compiled without valkey feature. using ripple." 192 192 - "VALKEY_URL is set but binary was compiled without valkey feature. using ripple." 193 201 ); 194 202 } 195 203 204 204 + match tranquil_ripple::RippleConfig::from_config() { 196 196 - match tranquil_ripple::RippleConfig::from_env() { 197 205 Ok(config) => { 198 206 let peer_count = config.seed_peers.len(); 199 207 match tranquil_ripple::RippleEngine::start(config, shutdown).await { ··· 205 213 (cache, rate_limiter) 206 214 } 207 215 Err(e) => { 216 216 + tracing::error!("ripple engine failed to start: {e:#}. running without cache."); 208 208 - tracing::error!("ripple engine failed to start: {e}. running without cache."); 209 217 (Arc::new(NoOpCache), Arc::new(NoOpRateLimiter)) 210 218 } 211 219 } 212 220 } 213 221 Err(e) => { 222 222 + tracing::error!("ripple config error: {e:#}. running without cache."); 214 214 - tracing::error!("ripple config error: {e}. running without cache."); 215 223 (Arc::new(NoOpCache), Arc::new(NoOpRateLimiter)) 216 224 } 217 225 }

+2

crates/tranquil-comms/Cargo.toml

··· 5 5 license.workspace = true 6 6 7 7 [dependencies] 8 8 + tranquil-config = { workspace = true } 9 9 + 8 10 async-trait = { workspace = true } 9 11 base64 = { workspace = true } 10 12 reqwest = { workspace = true }

+14 -16

crates/tranquil-comms/src/sender.rs

··· 112 112 } 113 113 114 114 impl EmailSender { 115 115 + pub fn new(from_address: String, from_name: String, sendmail_path: String) -> Self { 115 115 - pub fn new(from_address: String, from_name: String) -> Self { 116 116 Self { 117 117 from_address, 118 118 from_name, 119 119 + sendmail_path, 119 119 - sendmail_path: std::env::var("SENDMAIL_PATH") 120 120 - .unwrap_or_else(|_| "/usr/sbin/sendmail".to_string()), 121 120 } 122 121 } 123 122 123 123 + pub fn from_config(cfg: &tranquil_config::TranquilConfig) -> Option<Self> { 124 124 + let from_address = cfg.email.from_address.clone()?; 125 125 + let from_name = cfg.email.from_name.clone(); 126 126 + let sendmail_path = cfg.email.sendmail_path.clone(); 127 127 + Some(Self::new(from_address, from_name, sendmail_path)) 124 124 - pub fn from_env() -> Option<Self> { 125 125 - let from_address = std::env::var("MAIL_FROM_ADDRESS").ok()?; 126 126 - let from_name = 127 127 - std::env::var("MAIL_FROM_NAME").unwrap_or_else(|_| "Tranquil PDS".to_string()); 128 128 - Some(Self::new(from_address, from_name)) 129 128 } 130 129 131 130 pub fn format_email(&self, notification: &QueuedComms) -> String { ··· 190 189 } 191 190 } 192 191 192 192 + pub fn from_config(cfg: &tranquil_config::TranquilConfig) -> Option<Self> { 193 193 + let bot_token = cfg.discord.bot_token.clone()?; 193 193 - pub fn from_env() -> Option<Self> { 194 194 - let bot_token = std::env::var("DISCORD_BOT_TOKEN").ok()?; 195 194 Some(Self::new(bot_token)) 196 195 } 197 196 ··· 454 453 } 455 454 } 456 455 456 456 + pub fn from_config(cfg: &tranquil_config::TranquilConfig) -> Option<Self> { 457 457 + let bot_token = cfg.telegram.bot_token.clone()?; 457 457 - pub fn from_env() -> Option<Self> { 458 458 - let bot_token = std::env::var("TELEGRAM_BOT_TOKEN").ok()?; 459 458 Some(Self::new(bot_token)) 460 459 } 461 460 ··· 586 585 } 587 586 } 588 587 588 588 + pub fn from_config(cfg: &tranquil_config::TranquilConfig) -> Option<Self> { 589 589 + let signal_cli_path = cfg.signal.cli_path.clone(); 590 590 + let sender_number = cfg.signal.sender_number.clone()?; 589 589 - pub fn from_env() -> Option<Self> { 590 590 - let signal_cli_path = std::env::var("SIGNAL_CLI_PATH") 591 591 - .unwrap_or_else(|_| "/usr/local/bin/signal-cli".to_string()); 592 592 - let sender_number = std::env::var("SIGNAL_SENDER_NUMBER").ok()?; 593 591 Some(Self::new(signal_cli_path, sender_number)) 594 592 } 595 593 }

+9

crates/tranquil-config/Cargo.toml

··· 1 1 + [package] 2 2 + name = "tranquil-config" 3 3 + version.workspace = true 4 4 + edition.workspace = true 5 5 + license.workspace = true 6 6 + 7 7 + [dependencies] 8 8 + confique = { workspace = true } 9 9 + serde = { workspace = true }

+883

crates/tranquil-config/src/lib.rs

··· 1 1 + use confique::Config; 2 2 + use std::fmt; 3 3 + use std::path::PathBuf; 4 4 + use std::sync::OnceLock; 5 5 + 6 6 + static CONFIG: OnceLock<TranquilConfig> = OnceLock::new(); 7 7 + 8 8 + /// Errors discovered during configuration validation. 9 9 + #[derive(Debug)] 10 10 + pub struct ConfigError { 11 11 + pub errors: Vec<String>, 12 12 + } 13 13 + 14 14 + impl fmt::Display for ConfigError { 15 15 + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { 16 16 + writeln!(f, "configuration validation failed:")?; 17 17 + for err in &self.errors { 18 18 + writeln!(f, " - {err}")?; 19 19 + } 20 20 + Ok(()) 21 21 + } 22 22 + } 23 23 + 24 24 + impl std::error::Error for ConfigError {} 25 25 + 26 26 + /// Initialize the global configuration. Must be called once at startup before 27 27 + /// any other code accesses the configuration. Panics if called more than once. 28 28 + pub fn init(config: TranquilConfig) { 29 29 + CONFIG 30 30 + .set(config) 31 31 + .expect("tranquil-config: configuration already initialized"); 32 32 + } 33 33 + 34 34 + /// Returns a reference to the global configuration. 35 35 + /// Panics if [`init`] has not been called yet. 36 36 + pub fn get() -> &'static TranquilConfig { 37 37 + CONFIG 38 38 + .get() 39 39 + .expect("tranquil-config: not initialized - call tranquil_config::init() first") 40 40 + } 41 41 + 42 42 + /// Returns a reference to the global configuration if it has been initialized. 43 43 + pub fn try_get() -> Option<&'static TranquilConfig> { 44 44 + CONFIG.get() 45 45 + } 46 46 + 47 47 + /// Load configuration from an optional TOML file path, with environment 48 48 + /// variable overrides applied on top. Fields annotated with `#[config(env)]` 49 49 + /// are read from the corresponding environment variables when the `.env()` 50 50 + /// layer is active. 51 51 + /// 52 52 + /// Precedence (highest to lowest): 53 53 + /// 1. Environment variables 54 54 + /// 2. TOML config file (if provided) 55 55 + /// 3. Built-in defaults 56 56 + pub fn load(config_path: Option<&PathBuf>) -> Result<TranquilConfig, confique::Error> { 57 57 + let mut builder = TranquilConfig::builder().env(); 58 58 + if let Some(path) = config_path { 59 59 + builder = builder.file(path); 60 60 + } 61 61 + builder.file("/etc/tranquil-pds/config.toml").load() 62 62 + } 63 63 + 64 64 + // Root configuration 65 65 + #[derive(Debug, Config)] 66 66 + pub struct TranquilConfig { 67 67 + #[config(nested)] 68 68 + pub server: ServerConfig, 69 69 + 70 70 + #[config(nested)] 71 71 + pub database: DatabaseConfig, 72 72 + 73 73 + #[config(nested)] 74 74 + pub secrets: SecretsConfig, 75 75 + 76 76 + #[config(nested)] 77 77 + pub storage: StorageConfig, 78 78 + 79 79 + #[config(nested)] 80 80 + pub backup: BackupConfig, 81 81 + 82 82 + #[config(nested)] 83 83 + pub cache: CacheConfig, 84 84 + 85 85 + #[config(nested)] 86 86 + pub plc: PlcConfig, 87 87 + 88 88 + #[config(nested)] 89 89 + pub firehose: FirehoseConfig, 90 90 + 91 91 + #[config(nested)] 92 92 + pub email: EmailConfig, 93 93 + 94 94 + #[config(nested)] 95 95 + pub discord: DiscordConfig, 96 96 + 97 97 + #[config(nested)] 98 98 + pub telegram: TelegramConfig, 99 99 + 100 100 + #[config(nested)] 101 101 + pub signal: SignalConfig, 102 102 + 103 103 + #[config(nested)] 104 104 + pub notifications: NotificationConfig, 105 105 + 106 106 + #[config(nested)] 107 107 + pub sso: SsoConfig, 108 108 + 109 109 + #[config(nested)] 110 110 + pub moderation: ModerationConfig, 111 111 + 112 112 + #[config(nested)] 113 113 + pub import: ImportConfig, 114 114 + 115 115 + #[config(nested)] 116 116 + pub scheduled: ScheduledConfig, 117 117 + } 118 118 + 119 119 + impl TranquilConfig { 120 120 + /// Validate cross-field constraints that cannot be expressed through 121 121 + /// confique's declarative defaults alone. Call this once after loading 122 122 + /// the configuration and before [`init`]. 123 123 + /// 124 124 + /// Returns `Ok(())` when the configuration is consistent, or a 125 125 + /// [`ConfigError`] listing every problem found. 126 126 + pub fn validate(&self, ignore_secrets: bool) -> Result<(), ConfigError> { 127 127 + let mut errors = Vec::new(); 128 128 + 129 129 + // -- secrets ---------------------------------------------------------- 130 130 + if !ignore_secrets && !self.secrets.allow_insecure && !cfg!(test) { 131 131 + if let Some(ref s) = self.secrets.jwt_secret { 132 132 + if s.len() < 32 { 133 133 + errors.push( 134 134 + "secrets.jwt_secret (JWT_SECRET) must be at least 32 characters" 135 135 + .to_string(), 136 136 + ); 137 137 + } 138 138 + } else { 139 139 + errors.push( 140 140 + "secrets.jwt_secret (JWT_SECRET) is required in production \ 141 141 + (set TRANQUIL_PDS_ALLOW_INSECURE_SECRETS=true for development)" 142 142 + .to_string(), 143 143 + ); 144 144 + } 145 145 + 146 146 + if let Some(ref s) = self.secrets.dpop_secret { 147 147 + if s.len() < 32 { 148 148 + errors.push( 149 149 + "secrets.dpop_secret (DPOP_SECRET) must be at least 32 characters" 150 150 + .to_string(), 151 151 + ); 152 152 + } 153 153 + } else { 154 154 + errors.push( 155 155 + "secrets.dpop_secret (DPOP_SECRET) is required in production \ 156 156 + (set TRANQUIL_PDS_ALLOW_INSECURE_SECRETS=true for development)" 157 157 + .to_string(), 158 158 + ); 159 159 + } 160 160 + 161 161 + if let Some(ref s) = self.secrets.master_key { 162 162 + if s.len() < 32 { 163 163 + errors.push( 164 164 + "secrets.master_key (MASTER_KEY) must be at least 32 characters" 165 165 + .to_string(), 166 166 + ); 167 167 + } 168 168 + } else { 169 169 + errors.push( 170 170 + "secrets.master_key (MASTER_KEY) is required in production \ 171 171 + (set TRANQUIL_PDS_ALLOW_INSECURE_SECRETS=true for development)" 172 172 + .to_string(), 173 173 + ); 174 174 + } 175 175 + } 176 176 + 177 177 + // -- telegram --------------------------------------------------------- 178 178 + if self.telegram.bot_token.is_some() && self.telegram.webhook_secret.is_none() { 179 179 + errors.push( 180 180 + "telegram.bot_token is set but telegram.webhook_secret is missing; \ 181 181 + both are required for secure Telegram integration" 182 182 + .to_string(), 183 183 + ); 184 184 + } 185 185 + 186 186 + // -- blob storage ----------------------------------------------------- 187 187 + match self.storage.backend.as_str() { 188 188 + "s3" => { 189 189 + if self.storage.s3_bucket.is_none() { 190 190 + errors.push( 191 191 + "storage.backend is \"s3\" but storage.s3_bucket (S3_BUCKET) \ 192 192 + is not set" 193 193 + .to_string(), 194 194 + ); 195 195 + } 196 196 + } 197 197 + "filesystem" => {} 198 198 + other => { 199 199 + errors.push(format!( 200 200 + "storage.backend must be \"filesystem\" or \"s3\", got \"{other}\"" 201 201 + )); 202 202 + } 203 203 + } 204 204 + 205 205 + // -- backup storage --------------------------------------------------- 206 206 + if self.backup.enabled { 207 207 + match self.backup.backend.as_str() { 208 208 + "s3" => { 209 209 + if self.backup.s3_bucket.is_none() { 210 210 + errors.push( 211 211 + "backup.backend is \"s3\" but backup.s3_bucket \ 212 212 + (BACKUP_S3_BUCKET) is not set" 213 213 + .to_string(), 214 214 + ); 215 215 + } 216 216 + } 217 217 + "filesystem" => {} 218 218 + other => { 219 219 + errors.push(format!( 220 220 + "backup.backend must be \"filesystem\" or \"s3\", got \"{other}\"" 221 221 + )); 222 222 + } 223 223 + } 224 224 + } 225 225 + 226 226 + // -- SSO providers ---------------------------------------------------- 227 227 + self.validate_sso_provider("sso.github", &self.sso.github, &mut errors); 228 228 + self.validate_sso_provider("sso.google", &self.sso.google, &mut errors); 229 229 + self.validate_sso_discord(&mut errors); 230 230 + self.validate_sso_with_issuer("sso.gitlab", &self.sso.gitlab, &mut errors); 231 231 + self.validate_sso_with_issuer("sso.oidc", &self.sso.oidc, &mut errors); 232 232 + self.validate_sso_apple(&mut errors); 233 233 + 234 234 + // -- moderation ------------------------------------------------------- 235 235 + let has_url = self.moderation.report_service_url.is_some(); 236 236 + let has_did = self.moderation.report_service_did.is_some(); 237 237 + if has_url != has_did { 238 238 + errors.push( 239 239 + "moderation.report_service_url and moderation.report_service_did \ 240 240 + must both be set or both be unset" 241 241 + .to_string(), 242 242 + ); 243 243 + } 244 244 + 245 245 + // -- cache ------------------------------------------------------------ 246 246 + match self.cache.backend.as_str() { 247 247 + "valkey" => { 248 248 + if self.cache.valkey_url.is_none() { 249 249 + errors.push( 250 250 + "cache.backend is \"valkey\" but cache.valkey_url (VALKEY_URL) \ 251 251 + is not set" 252 252 + .to_string(), 253 253 + ); 254 254 + } 255 255 + } 256 256 + "ripple" => {} 257 257 + other => { 258 258 + errors.push(format!( 259 259 + "cache.backend must be \"ripple\" or \"valkey\", got \"{other}\"" 260 260 + )); 261 261 + } 262 262 + } 263 263 + 264 264 + if errors.is_empty() { 265 265 + Ok(()) 266 266 + } else { 267 267 + Err(ConfigError { errors }) 268 268 + } 269 269 + } 270 270 + 271 271 + fn validate_sso_provider(&self, prefix: &str, p: &SsoProviderConfig, errors: &mut Vec<String>) { 272 272 + if p.enabled { 273 273 + if p.client_id.is_none() { 274 274 + errors.push(format!( 275 275 + "{prefix}.client_id is required when {prefix}.enabled = true" 276 276 + )); 277 277 + } 278 278 + if p.client_secret.is_none() { 279 279 + errors.push(format!( 280 280 + "{prefix}.client_secret is required when {prefix}.enabled = true" 281 281 + )); 282 282 + } 283 283 + } 284 284 + } 285 285 + 286 286 + fn validate_sso_discord(&self, errors: &mut Vec<String>) { 287 287 + let p = &self.sso.discord; 288 288 + if p.enabled { 289 289 + if p.client_id.is_none() { 290 290 + errors.push( 291 291 + "sso.discord.client_id is required when sso.discord.enabled = true".to_string(), 292 292 + ); 293 293 + } 294 294 + if p.client_secret.is_none() { 295 295 + errors.push( 296 296 + "sso.discord.client_secret is required when sso.discord.enabled = true" 297 297 + .to_string(), 298 298 + ); 299 299 + } 300 300 + } 301 301 + } 302 302 + 303 303 + fn validate_sso_with_issuer( 304 304 + &self, 305 305 + prefix: &str, 306 306 + p: &SsoProviderWithIssuerConfig, 307 307 + errors: &mut Vec<String>, 308 308 + ) { 309 309 + if p.enabled { 310 310 + if p.client_id.is_none() { 311 311 + errors.push(format!( 312 312 + "{prefix}.client_id is required when {prefix}.enabled = true" 313 313 + )); 314 314 + } 315 315 + if p.client_secret.is_none() { 316 316 + errors.push(format!( 317 317 + "{prefix}.client_secret is required when {prefix}.enabled = true" 318 318 + )); 319 319 + } 320 320 + if p.issuer.is_none() { 321 321 + errors.push(format!( 322 322 + "{prefix}.issuer is required when {prefix}.enabled = true" 323 323 + )); 324 324 + } 325 325 + } 326 326 + } 327 327 + 328 328 + fn validate_sso_apple(&self, errors: &mut Vec<String>) { 329 329 + let p = &self.sso.apple; 330 330 + if p.enabled { 331 331 + if p.client_id.is_none() { 332 332 + errors.push( 333 333 + "sso.apple.client_id is required when sso.apple.enabled = true".to_string(), 334 334 + ); 335 335 + } 336 336 + if p.team_id.is_none() { 337 337 + errors.push( 338 338 + "sso.apple.team_id is required when sso.apple.enabled = true".to_string(), 339 339 + ); 340 340 + } 341 341 + if p.key_id.is_none() { 342 342 + errors 343 343 + .push("sso.apple.key_id is required when sso.apple.enabled = true".to_string()); 344 344 + } 345 345 + if p.private_key.is_none() { 346 346 + errors.push( 347 347 + "sso.apple.private_key is required when sso.apple.enabled = true".to_string(), 348 348 + ); 349 349 + } 350 350 + } 351 351 + } 352 352 + } 353 353 + 354 354 + // --------------------------------------------------------------------------- 355 355 + // Server 356 356 + // --------------------------------------------------------------------------- 357 357 + 358 358 + #[derive(Debug, Config)] 359 359 + pub struct ServerConfig { 360 360 + /// Public hostname of the PDS (e.g. `pds.example.com`). 361 361 + #[config(env = "PDS_HOSTNAME")] 362 362 + pub hostname: String, 363 363 + 364 364 + /// Address to bind the HTTP server to. 365 365 + #[config(env = "SERVER_HOST", default = "127.0.0.1")] 366 366 + pub host: String, 367 367 + 368 368 + /// Port to bind the HTTP server to. 369 369 + #[config(env = "SERVER_PORT", default = 3000)] 370 370 + pub port: u16, 371 371 + 372 372 + /// List of domains for user handles. 373 373 + /// Defaults to the PDS hostname when not set. 374 374 + #[config(env = "PDS_USER_HANDLE_DOMAINS", parse_env = split_comma_list)] 375 375 + pub user_handle_domains: Option<Vec<String>>, 376 376 + 377 377 + /// List of domains available for user registration. 378 378 + /// Defaults to the PDS hostname when not set. 379 379 + #[config(env = "AVAILABLE_USER_DOMAINS", parse_env = split_comma_list)] 380 380 + pub available_user_domains: Option<Vec<String>>, 381 381 + 382 382 + /// Enable PDS-hosted did:web identities. Hosting did:web requires a 383 383 + /// long-term commitment to serve DID documents; opt-in only. 384 384 + #[config(env = "ENABLE_PDS_HOSTED_DID_WEB", default = false)] 385 385 + pub enable_pds_hosted_did_web: bool, 386 386 + 387 387 + /// When set to true, skip age-assurance birthday prompt for all accounts. 388 388 + #[config(env = "PDS_AGE_ASSURANCE_OVERRIDE", default = false)] 389 389 + pub age_assurance_override: bool, 390 390 + 391 391 + /// Require an invite code for new account registration. 392 392 + #[config(env = "INVITE_CODE_REQUIRED", default = true)] 393 393 + pub invite_code_required: bool, 394 394 + 395 395 + /// Allow HTTP (non-TLS) proxy requests. Only useful during development. 396 396 + #[config(env = "ALLOW_HTTP_PROXY", default = false)] 397 397 + pub allow_http_proxy: bool, 398 398 + 399 399 + /// Disable all rate limiting. Should only be used in testing. 400 400 + #[config(env = "DISABLE_RATE_LIMITING", default = false)] 401 401 + pub disable_rate_limiting: bool, 402 402 + 403 403 + /// List of additional banned words for handle validation. 404 404 + #[config(env = "PDS_BANNED_WORDS", parse_env = split_comma_list)] 405 405 + pub banned_words: Option<Vec<String>>, 406 406 + 407 407 + /// URL to a privacy policy page. 408 408 + #[config(env = "PRIVACY_POLICY_URL")] 409 409 + pub privacy_policy_url: Option<String>, 410 410 + 411 411 + /// URL to terms of service page. 412 412 + #[config(env = "TERMS_OF_SERVICE_URL")] 413 413 + pub terms_of_service_url: Option<String>, 414 414 + 415 415 + /// Operator contact email address. 416 416 + #[config(env = "CONTACT_EMAIL")] 417 417 + pub contact_email: Option<String>, 418 418 + 419 419 + /// Maximum allowed blob size in bytes (default 10 GiB). 420 420 + #[config(env = "MAX_BLOB_SIZE", default = 10_737_418_240u64)] 421 421 + pub max_blob_size: u64, 422 422 + } 423 423 + 424 424 + impl ServerConfig { 425 425 + /// The public HTTPS URL for this PDS. 426 426 + pub fn public_url(&self) -> String { 427 427 + format!("https://{}", self.hostname) 428 428 + } 429 429 + 430 430 + /// Hostname without port suffix (e.g. `pds.example.com` from 431 431 + /// `pds.example.com:443`). 432 432 + pub fn hostname_without_port(&self) -> &str { 433 433 + self.hostname.split(':').next().unwrap_or(&self.hostname) 434 434 + } 435 435 + 436 436 + /// Returns the extra banned words list, or an empty vec when unset. 437 437 + pub fn banned_word_list(&self) -> Vec<String> { 438 438 + self.banned_words.clone().unwrap_or_default() 439 439 + } 440 440 + 441 441 + /// Returns the available user domains, falling back to `[hostname_without_port]`. 442 442 + pub fn available_user_domain_list(&self) -> Vec<String> { 443 443 + self.available_user_domains 444 444 + .clone() 445 445 + .unwrap_or_else(|| vec![self.hostname_without_port().to_string()]) 446 446 + } 447 447 + 448 448 + /// Returns the user handle domains, falling back to `[hostname_without_port]`. 449 449 + pub fn user_handle_domain_list(&self) -> Vec<String> { 450 450 + self.user_handle_domains 451 451 + .clone() 452 452 + .unwrap_or_else(|| vec![self.hostname_without_port().to_string()]) 453 453 + } 454 454 + } 455 455 + 456 456 + #[derive(Debug, Config)] 457 457 + pub struct DatabaseConfig { 458 458 + /// PostgreSQL connection URL. 459 459 + #[config(env = "DATABASE_URL")] 460 460 + pub url: String, 461 461 + 462 462 + /// Maximum number of connections in the pool. 463 463 + #[config(env = "DATABASE_MAX_CONNECTIONS", default = 100)] 464 464 + pub max_connections: u32, 465 465 + 466 466 + /// Minimum number of idle connections kept in the pool. 467 467 + #[config(env = "DATABASE_MIN_CONNECTIONS", default = 10)] 468 468 + pub min_connections: u32, 469 469 + 470 470 + /// Timeout in seconds when acquiring a connection from the pool. 471 471 + #[config(env = "DATABASE_ACQUIRE_TIMEOUT_SECS", default = 10)] 472 472 + pub acquire_timeout_secs: u64, 473 473 + } 474 474 + 475 475 + #[derive(Config)] 476 476 + pub struct SecretsConfig { 477 477 + /// Secret used for signing JWTs. Must be at least 32 characters in 478 478 + /// production. 479 479 + #[config(env = "JWT_SECRET")] 480 480 + pub jwt_secret: Option<String>, 481 481 + 482 482 + /// Secret used for DPoP proof validation. Must be at least 32 characters 483 483 + /// in production. 484 484 + #[config(env = "DPOP_SECRET")] 485 485 + pub dpop_secret: Option<String>, 486 486 + 487 487 + /// Master key used for key-encryption and HKDF derivation. Must be at 488 488 + /// least 32 characters in production. 489 489 + #[config(env = "MASTER_KEY")] 490 490 + pub master_key: Option<String>, 491 491 + 492 492 + /// PLC rotation key (DID key). If not set, user-level keys are used. 493 493 + #[config(env = "PLC_ROTATION_KEY")] 494 494 + pub plc_rotation_key: Option<String>, 495 495 + 496 496 + /// Allow insecure/test secrets. NEVER enable in production. 497 497 + #[config(env = "TRANQUIL_PDS_ALLOW_INSECURE_SECRETS", default = false)] 498 498 + pub allow_insecure: bool, 499 499 + } 500 500 + 501 501 + impl std::fmt::Debug for SecretsConfig { 502 502 + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { 503 503 + f.debug_struct("SecretsConfig") 504 504 + .field( 505 505 + "jwt_secret", 506 506 + &self.jwt_secret.as_ref().map(|_| "[REDACTED]"), 507 507 + ) 508 508 + .field( 509 509 + "dpop_secret", 510 510 + &self.dpop_secret.as_ref().map(|_| "[REDACTED]"), 511 511 + ) 512 512 + .field( 513 513 + "master_key", 514 514 + &self.master_key.as_ref().map(|_| "[REDACTED]"), 515 515 + ) 516 516 + .field( 517 517 + "plc_rotation_key", 518 518 + &self.plc_rotation_key.as_ref().map(|_| "[REDACTED]"), 519 519 + ) 520 520 + .field("allow_insecure", &self.allow_insecure) 521 521 + .finish() 522 522 + } 523 523 + } 524 524 + 525 525 + impl SecretsConfig { 526 526 + /// Resolve the JWT secret, falling back to an insecure default if 527 527 + /// `allow_insecure` is true. 528 528 + pub fn jwt_secret_or_default(&self) -> String { 529 529 + self.jwt_secret.clone().unwrap_or_else(|| { 530 530 + if cfg!(test) || self.allow_insecure { 531 531 + "test-jwt-secret-not-for-production".to_string() 532 532 + } else { 533 533 + panic!( 534 534 + "JWT_SECRET must be set in production. \ 535 535 + Set TRANQUIL_PDS_ALLOW_INSECURE_SECRETS=true for development/testing." 536 536 + ); 537 537 + } 538 538 + }) 539 539 + } 540 540 + 541 541 + /// Resolve the DPoP secret, falling back to an insecure default if 542 542 + /// `allow_insecure` is true. 543 543 + pub fn dpop_secret_or_default(&self) -> String { 544 544 + self.dpop_secret.clone().unwrap_or_else(|| { 545 545 + if cfg!(test) || self.allow_insecure { 546 546 + "test-dpop-secret-not-for-production".to_string() 547 547 + } else { 548 548 + panic!( 549 549 + "DPOP_SECRET must be set in production. \ 550 550 + Set TRANQUIL_PDS_ALLOW_INSECURE_SECRETS=true for development/testing." 551 551 + ); 552 552 + } 553 553 + }) 554 554 + } 555 555 + 556 556 + /// Resolve the master key, falling back to an insecure default if 557 557 + /// `allow_insecure` is true. 558 558 + pub fn master_key_or_default(&self) -> String { 559 559 + self.master_key.clone().unwrap_or_else(|| { 560 560 + if cfg!(test) || self.allow_insecure { 561 561 + "test-master-key-not-for-production".to_string() 562 562 + } else { 563 563 + panic!( 564 564 + "MASTER_KEY must be set in production. \ 565 565 + Set TRANQUIL_PDS_ALLOW_INSECURE_SECRETS=true for development/testing." 566 566 + ); 567 567 + } 568 568 + }) 569 569 + } 570 570 + } 571 571 + 572 572 + #[derive(Debug, Config)] 573 573 + pub struct StorageConfig { 574 574 + /// Storage backend: `filesystem` or `s3`. 575 575 + #[config(env = "BLOB_STORAGE_BACKEND", default = "filesystem")] 576 576 + pub backend: String, 577 577 + 578 578 + /// Path on disk for the filesystem blob backend. 579 579 + #[config(env = "BLOB_STORAGE_PATH", default = "/var/lib/tranquil-pds/blobs")] 580 580 + pub path: String, 581 581 + 582 582 + /// S3 bucket name for blob storage. 583 583 + #[config(env = "S3_BUCKET")] 584 584 + pub s3_bucket: Option<String>, 585 585 + 586 586 + /// Custom S3 endpoint URL (for MinIO, R2, etc.). 587 587 + #[config(env = "S3_ENDPOINT")] 588 588 + pub s3_endpoint: Option<String>, 589 589 + } 590 590 + 591 591 + #[derive(Debug, Config)] 592 592 + pub struct BackupConfig { 593 593 + /// Enable automatic backups. 594 594 + #[config(env = "BACKUP_ENABLED", default = true)] 595 595 + pub enabled: bool, 596 596 + 597 597 + /// Backup storage backend: `filesystem` or `s3`. 598 598 + #[config(env = "BACKUP_STORAGE_BACKEND", default = "filesystem")] 599 599 + pub backend: String, 600 600 + 601 601 + /// Path on disk for the filesystem backup backend. 602 602 + #[config(env = "BACKUP_STORAGE_PATH", default = "/var/lib/tranquil-pds/backups")] 603 603 + pub path: String, 604 604 + 605 605 + /// S3 bucket name for backups. 606 606 + #[config(env = "BACKUP_S3_BUCKET")] 607 607 + pub s3_bucket: Option<String>, 608 608 + 609 609 + /// Number of backup revisions to keep per account. 610 610 + #[config(env = "BACKUP_RETENTION_COUNT", default = 7)] 611 611 + pub retention_count: u32, 612 612 + 613 613 + /// Seconds between backup runs. 614 614 + #[config(env = "BACKUP_INTERVAL_SECS", default = 86400)] 615 615 + pub interval_secs: u64, 616 616 + } 617 617 + 618 618 + #[derive(Debug, Config)] 619 619 + pub struct CacheConfig { 620 620 + /// Cache backend: `ripple` (default, built-in gossip) or `valkey`. 621 621 + #[config(env = "CACHE_BACKEND", default = "ripple")] 622 622 + pub backend: String, 623 623 + 624 624 + /// Valkey / Redis connection URL. Required when `backend = "valkey"`. 625 625 + #[config(env = "VALKEY_URL")] 626 626 + pub valkey_url: Option<String>, 627 627 + 628 628 + #[config(nested)] 629 629 + pub ripple: RippleCacheConfig, 630 630 + } 631 631 + 632 632 + #[derive(Debug, Config)] 633 633 + pub struct PlcConfig { 634 634 + /// Base URL of the PLC directory. 635 635 + #[config(env = "PLC_DIRECTORY_URL", default = "https://plc.directory")] 636 636 + pub directory_url: String, 637 637 + 638 638 + /// HTTP request timeout in seconds. 639 639 + #[config(env = "PLC_TIMEOUT_SECS", default = 10)] 640 640 + pub timeout_secs: u64, 641 641 + 642 642 + /// TCP connect timeout in seconds. 643 643 + #[config(env = "PLC_CONNECT_TIMEOUT_SECS", default = 5)] 644 644 + pub connect_timeout_secs: u64, 645 645 + 646 646 + /// Seconds to cache DID documents in memory. 647 647 + #[config(env = "DID_CACHE_TTL_SECS", default = 300)] 648 648 + pub did_cache_ttl_secs: u64, 649 649 + } 650 650 + 651 651 + #[derive(Debug, Config)] 652 652 + pub struct FirehoseConfig { 653 653 + /// Size of the in-memory broadcast buffer for firehose events. 654 654 + #[config(env = "FIREHOSE_BUFFER_SIZE", default = 10000)] 655 655 + pub buffer_size: usize, 656 656 + 657 657 + /// How many hours of historical events to replay for cursor-based 658 658 + /// firehose connections. 659 659 + #[config(env = "FIREHOSE_BACKFILL_HOURS", default = 72)] 660 660 + pub backfill_hours: i64, 661 661 + 662 662 + /// Maximum number of lagged events before disconnecting a slow consumer. 663 663 + #[config(env = "FIREHOSE_MAX_LAG", default = 5000)] 664 664 + pub max_lag: u64, 665 665 + 666 666 + /// List of relay / crawler notification URLs. 667 667 + #[config(env = "CRAWLERS", parse_env = split_comma_list)] 668 668 + pub crawlers: Option<Vec<String>>, 669 669 + } 670 670 + 671 671 + impl FirehoseConfig { 672 672 + /// Returns the list of crawler URLs, falling back to `["https://bsky.network"]` 673 673 + /// when none are configured. 674 674 + pub fn crawler_list(&self) -> Vec<String> { 675 675 + self.crawlers 676 676 + .clone() 677 677 + .unwrap_or_else(|| vec!["https://bsky.network".to_string()]) 678 678 + } 679 679 + } 680 680 + 681 681 + #[derive(Debug, Config)] 682 682 + pub struct EmailConfig { 683 683 + /// Sender email address. When unset, email sending is disabled. 684 684 + #[config(env = "MAIL_FROM_ADDRESS")] 685 685 + pub from_address: Option<String>, 686 686 + 687 687 + /// Display name used in the `From` header. 688 688 + #[config(env = "MAIL_FROM_NAME", default = "Tranquil PDS")] 689 689 + pub from_name: String, 690 690 + 691 691 + /// Path to the `sendmail` binary. 692 692 + #[config(env = "SENDMAIL_PATH", default = "/usr/sbin/sendmail")] 693 693 + pub sendmail_path: String, 694 694 + } 695 695 + 696 696 + #[derive(Debug, Config)] 697 697 + pub struct DiscordConfig { 698 698 + /// Discord bot token. When unset, Discord integration is disabled. 699 699 + #[config(env = "DISCORD_BOT_TOKEN")] 700 700 + pub bot_token: Option<String>, 701 701 + } 702 702 + 703 703 + #[derive(Debug, Config)] 704 704 + pub struct TelegramConfig { 705 705 + /// Telegram bot token. When unset, Telegram integration is disabled. 706 706 + #[config(env = "TELEGRAM_BOT_TOKEN")] 707 707 + pub bot_token: Option<String>, 708 708 + 709 709 + /// Secret token for incoming webhook verification. 710 710 + #[config(env = "TELEGRAM_WEBHOOK_SECRET")] 711 711 + pub webhook_secret: Option<String>, 712 712 + } 713 713 + 714 714 + #[derive(Debug, Config)] 715 715 + pub struct SignalConfig { 716 716 + /// Path to the `signal-cli` binary. 717 717 + #[config(env = "SIGNAL_CLI_PATH", default = "/usr/local/bin/signal-cli")] 718 718 + pub cli_path: String, 719 719 + 720 720 + /// Sender phone number. When unset, Signal integration is disabled. 721 721 + #[config(env = "SIGNAL_SENDER_NUMBER")] 722 722 + pub sender_number: Option<String>, 723 723 + } 724 724 + 725 725 + #[derive(Debug, Config)] 726 726 + pub struct NotificationConfig { 727 727 + /// Polling interval in milliseconds for the comms queue. 728 728 + #[config(env = "NOTIFICATION_POLL_INTERVAL_MS", default = 1000)] 729 729 + pub poll_interval_ms: u64, 730 730 + 731 731 + /// Number of notifications to process per batch. 732 732 + #[config(env = "NOTIFICATION_BATCH_SIZE", default = 100)] 733 733 + pub batch_size: i64, 734 734 + } 735 735 + 736 736 + #[derive(Debug, Config)] 737 737 + pub struct SsoConfig { 738 738 + #[config(nested)] 739 739 + pub github: SsoProviderConfig, 740 740 + 741 741 + #[config(nested)] 742 742 + pub discord: SsoDiscordProviderConfig, 743 743 + 744 744 + #[config(nested)] 745 745 + pub google: SsoProviderConfig, 746 746 + 747 747 + #[config(nested)] 748 748 + pub gitlab: SsoProviderWithIssuerConfig, 749 749 + 750 750 + #[config(nested)] 751 751 + pub oidc: SsoProviderWithIssuerConfig, 752 752 + 753 753 + #[config(nested)] 754 754 + pub apple: SsoAppleConfig, 755 755 + } 756 756 + 757 757 + // Generic SSO provider (GitHub, Google) 758 758 + #[derive(Debug, Config)] 759 759 + pub struct SsoProviderConfig { 760 760 + #[config(default = false)] 761 761 + pub enabled: bool, 762 762 + pub client_id: Option<String>, 763 763 + pub client_secret: Option<String>, 764 764 + pub display_name: Option<String>, 765 765 + } 766 766 + 767 767 + // SSO provider with custom env prefixes for Discord 768 768 + // (since the nested TOML key is `sso.discord` but env vars are `SSO_DISCORD_*`) 769 769 + #[derive(Debug, Config)] 770 770 + pub struct SsoDiscordProviderConfig { 771 771 + #[config(default = false)] 772 772 + pub enabled: bool, 773 773 + pub client_id: Option<String>, 774 774 + pub client_secret: Option<String>, 775 775 + pub display_name: Option<String>, 776 776 + } 777 777 + 778 778 + // SSO providers that require an issuer URL (GitLab, OIDC) 779 779 + #[derive(Debug, Config)] 780 780 + pub struct SsoProviderWithIssuerConfig { 781 781 + #[config(default = false)] 782 782 + pub enabled: bool, 783 783 + pub client_id: Option<String>, 784 784 + pub client_secret: Option<String>, 785 785 + pub issuer: Option<String>, 786 786 + pub display_name: Option<String>, 787 787 + } 788 788 + 789 789 + #[derive(Debug, Config)] 790 790 + pub struct SsoAppleConfig { 791 791 + #[config(env = "SSO_APPLE_ENABLED", default = false)] 792 792 + pub enabled: bool, 793 793 + 794 794 + #[config(env = "SSO_APPLE_CLIENT_ID")] 795 795 + pub client_id: Option<String>, 796 796 + 797 797 + #[config(env = "SSO_APPLE_TEAM_ID")] 798 798 + pub team_id: Option<String>, 799 799 + 800 800 + #[config(env = "SSO_APPLE_KEY_ID")] 801 801 + pub key_id: Option<String>, 802 802 + 803 803 + #[config(env = "SSO_APPLE_PRIVATE_KEY")] 804 804 + pub private_key: Option<String>, 805 805 + } 806 806 + 807 807 + #[derive(Debug, Config)] 808 808 + pub struct ModerationConfig { 809 809 + /// External report-handling service URL. 810 810 + #[config(env = "REPORT_SERVICE_URL")] 811 811 + pub report_service_url: Option<String>, 812 812 + 813 813 + /// DID of the external report-handling service. 814 814 + #[config(env = "REPORT_SERVICE_DID")] 815 815 + pub report_service_did: Option<String>, 816 816 + } 817 817 + 818 818 + #[derive(Debug, Config)] 819 819 + pub struct ImportConfig { 820 820 + /// Whether the PDS accepts repo imports. 821 821 + #[config(env = "ACCEPTING_REPO_IMPORTS", default = true)] 822 822 + pub accepting: bool, 823 823 + 824 824 + /// Maximum allowed import archive size in bytes (default 1 GiB). 825 825 + #[config(env = "MAX_IMPORT_SIZE", default = 1_073_741_824)] 826 826 + pub max_size: u64, 827 827 + 828 828 + /// Maximum number of blocks allowed in an import. 829 829 + #[config(env = "MAX_IMPORT_BLOCKS", default = 500000)] 830 830 + pub max_blocks: u64, 831 831 + 832 832 + /// Skip CAR verification during import. Only for development/debugging. 833 833 + #[config(env = "SKIP_IMPORT_VERIFICATION", default = false)] 834 834 + pub skip_verification: bool, 835 835 + } 836 836 + 837 837 + /// Parse a comma-separated environment variable into a `Vec<String>`, 838 838 + /// trimming whitespace and dropping empty entries. 839 839 + /// 840 840 + /// Signature matches confique's `parse_env` expectation: `fn(&str) -> Result<T, E>`. 841 841 + fn split_comma_list(value: &str) -> Result<Vec<String>, std::convert::Infallible> { 842 842 + Ok(value 843 843 + .split(',') 844 844 + .map(|item| item.trim().to_string()) 845 845 + .filter(|item| !item.is_empty()) 846 846 + .collect()) 847 847 + } 848 848 + 849 849 + #[derive(Debug, Config)] 850 850 + pub struct RippleCacheConfig { 851 851 + /// Address to bind the Ripple gossip protocol listener. 852 852 + #[config(env = "RIPPLE_BIND", default = "0.0.0.0:0")] 853 853 + pub bind_addr: String, 854 854 + 855 855 + /// List of seed peer addresses. 856 856 + #[config(env = "RIPPLE_PEERS", parse_env = split_comma_list)] 857 857 + pub peers: Option<Vec<String>>, 858 858 + 859 859 + /// Unique machine identifier. Auto-derived from hostname when not set. 860 860 + #[config(env = "RIPPLE_MACHINE_ID")] 861 861 + pub machine_id: Option<u64>, 862 862 + 863 863 + /// Gossip protocol interval in milliseconds. 864 864 + #[config(env = "RIPPLE_GOSSIP_INTERVAL_MS", default = 200)] 865 865 + pub gossip_interval_ms: u64, 866 866 + 867 867 + /// Maximum cache size in megabytes. 868 868 + #[config(env = "RIPPLE_CACHE_MAX_MB", default = 256)] 869 869 + pub cache_max_mb: usize, 870 870 + } 871 871 + 872 872 + #[derive(Debug, Config)] 873 873 + pub struct ScheduledConfig { 874 874 + /// Interval in seconds between scheduled delete checks. 875 875 + #[config(env = "SCHEDULED_DELETE_CHECK_INTERVAL_SECS", default = 3600)] 876 876 + pub delete_check_interval_secs: u64, 877 877 + } 878 878 + 879 879 + /// Generate a TOML configuration template with all available options, 880 880 + /// defaults, and documentation comments. 881 881 + pub fn template() -> String { 882 882 + confique::toml::template::<TranquilConfig>(confique::toml::FormatOptions::default()) 883 883 + }

+2

crates/tranquil-infra/Cargo.toml

··· 5 5 license.workspace = true 6 6 7 7 [dependencies] 8 8 + tranquil-config = { workspace = true } 9 9 + 8 10 async-trait = { workspace = true } 9 11 bytes = { workspace = true } 10 12 futures = { workspace = true }

+4 -6

crates/tranquil-infra/src/lib.rs

··· 45 45 } 46 46 47 47 pub fn backup_retention_count() -> u32 { 48 48 + tranquil_config::try_get() 49 49 + .map(|c| c.backup.retention_count) 48 48 - std::env::var("BACKUP_RETENTION_COUNT") 49 49 - .ok() 50 50 - .and_then(|v| v.parse().ok()) 51 50 .unwrap_or(7) 52 51 } 53 52 54 53 pub fn backup_interval_secs() -> u64 { 54 54 + tranquil_config::try_get() 55 55 + .map(|c| c.backup.interval_secs) 55 55 - std::env::var("BACKUP_INTERVAL_SECS") 56 56 - .ok() 57 57 - .and_then(|v| v.parse().ok()) 58 56 .unwrap_or(86400) 59 57 } 60 58

+2

crates/tranquil-pds/Cargo.toml

··· 6 6 7 7 [dependencies] 8 8 tranquil-types = { workspace = true } 9 9 + tranquil-config = { workspace = true } 9 10 tranquil-crypto = { workspace = true } 10 11 tranquil-storage = { workspace = true } 11 12 tranquil-cache = { workspace = true } ··· 29 30 bytes = { workspace = true } 30 31 chrono = { workspace = true } 31 32 cid = { workspace = true } 33 33 + clap = { workspace = true } 32 34 dotenvy = { workspace = true } 33 35 ed25519-dalek = { workspace = true } 34 36 futures = { workspace = true }

+1 -2

crates/tranquil-pds/src/api/admin/account/email.rs

··· 2 2 use crate::auth::{Admin, Auth}; 3 3 use crate::state::AppState; 4 4 use crate::types::Did; 5 5 - use crate::util::pds_hostname; 6 5 use axum::{ 7 6 Json, 8 7 extract::State, ··· 45 44 46 45 let email = user.email.ok_or(ApiError::NoEmail)?; 47 46 let (user_id, handle) = (user.id, user.handle); 47 47 + let hostname = &tranquil_config::get().server.hostname; 48 48 - let hostname = pds_hostname(); 49 48 let subject = input 50 49 .subject 51 50 .clone()

+1 -2

crates/tranquil-pds/src/api/admin/account/update.rs

··· 3 3 use crate::auth::{Admin, Auth}; 4 4 use crate::state::AppState; 5 5 use crate::types::{Did, Handle, PlainPassword}; 6 6 - use crate::util::pds_hostname_without_port; 7 6 use axum::{ 8 7 Json, 9 8 extract::State, ··· 70 69 { 71 70 return Err(ApiError::InvalidHandle(None)); 72 71 } 72 72 + let hostname_for_handles = tranquil_config::get().server.hostname_without_port(); 73 73 - let hostname_for_handles = pds_hostname_without_port(); 74 73 let handle = if !input_handle.contains('.') { 75 74 format!("{}.{}", input_handle, hostname_for_handles) 76 75 } else {

+8 -6

crates/tranquil-pds/src/api/delegation.rs

··· 8 8 use crate::rate_limit::{AccountCreationLimit, RateLimited}; 9 9 use crate::state::AppState; 10 10 use crate::types::{Did, Handle}; 11 11 - use crate::util::{pds_hostname, pds_hostname_without_port}; 12 11 use axum::{ 13 12 Json, 14 13 extract::{Query, State}, ··· 435 434 Err(response) => return Ok(response), 436 435 }; 437 436 437 437 + let hostname = &tranquil_config::get().server.hostname; 438 438 + let hostname_for_handles = tranquil_config::get().server.hostname_without_port(); 438 438 - let hostname = pds_hostname(); 439 439 - let hostname_for_handles = pds_hostname_without_port(); 440 439 let pds_suffix = format!(".{}", hostname_for_handles); 441 440 442 441 let handle = if !input.handle.contains('.') || input.handle.ends_with(&pds_suffix) { ··· 475 474 Err(_) => return Ok(ApiError::InvalidInviteCode.into_response()), 476 475 } 477 476 } else { 477 477 + let invite_required = tranquil_config::get().server.invite_code_required; 478 478 - let invite_required = crate::util::parse_env_bool("INVITE_CODE_REQUIRED"); 479 478 if invite_required { 480 479 return Ok(ApiError::InviteCodeRequired.into_response()); 481 480 } ··· 497 496 } 498 497 }; 499 498 499 499 + let rotation_key = tranquil_config::get() 500 500 + .secrets 501 501 + .plc_rotation_key 502 502 + .clone() 503 503 + .unwrap_or_else(|| crate::plc::signing_key_to_did_key(&signing_key)); 500 500 - let rotation_key = std::env::var("PLC_ROTATION_KEY") 501 501 - .unwrap_or_else(|_| crate::plc::signing_key_to_did_key(&signing_key)); 502 504 503 505 let genesis_result = match crate::plc::create_genesis_operation( 504 506 &signing_key,

+2 -2

crates/tranquil-pds/src/api/discord_webhook.rs

··· 12 12 13 13 use crate::comms::comms_repo; 14 14 use crate::state::AppState; 15 15 + use crate::util::discord_public_key; 15 15 - use crate::util::{discord_public_key, pds_hostname}; 16 16 17 17 #[derive(Deserialize)] 18 18 struct Interaction { ··· 185 185 user_id, 186 186 tranquil_db_traits::CommsChannel::Discord, 187 187 &discord_user_id, 188 188 + &tranquil_config::get().server.hostname, 188 188 - pds_hostname(), 189 189 ) 190 190 .await 191 191 {

+22 -15

crates/tranquil-pds/src/api/identity/account.rs

··· 6 6 use crate::rate_limit::{AccountCreationLimit, RateLimited}; 7 7 use crate::state::AppState; 8 8 use crate::types::{Did, Handle, PlainPassword}; 9 9 - use crate::util::{pds_hostname, pds_hostname_without_port}; 10 9 use crate::validation::validate_password; 11 10 use axum::{ 12 11 Json, ··· 141 140 } 142 141 } 143 142 143 143 + let hostname_for_validation = tranquil_config::get().server.hostname_without_port(); 144 144 - let hostname_for_validation = pds_hostname_without_port(); 145 144 let pds_suffix = format!(".{}", hostname_for_validation); 146 145 147 146 let validated_short_handle = if !input.handle.contains('.') ··· 233 232 }, 234 233 }) 235 234 }; 235 235 + let hostname = &tranquil_config::get().server.hostname; 236 236 + let hostname_for_handles = tranquil_config::get().server.hostname_without_port(); 236 236 - let hostname = pds_hostname(); 237 237 - let hostname_for_handles = pds_hostname_without_port(); 238 237 let pds_endpoint = format!("https://{}", hostname); 239 238 let suffix = format!(".{}", hostname_for_handles); 240 239 let handle = if input.handle.ends_with(&suffix) { ··· 326 325 ) 327 326 .into_response(); 328 327 } else { 328 328 + let rotation_key = tranquil_config::get() 329 329 + .secrets 330 330 + .plc_rotation_key 331 331 + .clone() 332 332 + .unwrap_or_else(|| signing_key_to_did_key(&signing_key)); 329 329 - let rotation_key = std::env::var("PLC_ROTATION_KEY") 330 330 - .unwrap_or_else(|_| signing_key_to_did_key(&signing_key)); 331 333 let genesis_result = match create_genesis_operation( 332 334 &signing_key, 333 335 &rotation_key, ··· 359 361 genesis_result.did 360 362 } 361 363 } else { 364 364 + let rotation_key = tranquil_config::get() 365 365 + .secrets 366 366 + .plc_rotation_key 367 367 + .clone() 368 368 + .unwrap_or_else(|| signing_key_to_did_key(&signing_key)); 362 362 - let rotation_key = std::env::var("PLC_ROTATION_KEY") 363 363 - .unwrap_or_else(|_| signing_key_to_did_key(&signing_key)); 364 369 let genesis_result = match create_genesis_operation( 365 370 &signing_key, 366 371 &rotation_key, ··· 473 478 error!("Error creating session: {:?}", e); 474 479 return ApiError::InternalError(None).into_response(); 475 480 } 481 481 + let hostname = &tranquil_config::get().server.hostname; 476 476 - let hostname = pds_hostname(); 477 482 let verification_required = if let Some(ref user_email) = email { 478 483 let token = crate::auth::verification_token::generate_migration_token( 479 484 &did_typed, user_email, ··· 543 548 return ApiError::HandleTaken.into_response(); 544 549 } 545 550 551 551 + let invite_code_required = tranquil_config::get().server.invite_code_required; 546 546 - let invite_code_required = crate::util::parse_env_bool("INVITE_CODE_REQUIRED"); 547 552 if invite_code_required 548 553 && input 549 554 .invite_code ··· 632 637 let rev_str = rev.as_ref().to_string(); 633 638 let genesis_block_cids = vec![mst_root.to_bytes(), commit_cid.to_bytes()]; 634 639 640 640 + let birthdate_pref = if tranquil_config::get().server.age_assurance_override { 641 641 + Some(json!({ 635 635 - let birthdate_pref = std::env::var("PDS_AGE_ASSURANCE_OVERRIDE").ok().map(|_| { 636 636 - json!({ 637 642 "$type": "app.bsky.actor.defs#personalDetailsPref", 638 643 "birthDate": "1998-05-06T00:00:00.000Z" 644 644 + })) 645 645 + } else { 646 646 + None 647 647 + }; 639 639 - }) 640 640 - }); 641 648 642 649 let preferred_comms_channel = verification_channel; 643 650 ··· 748 755 warn!("Failed to create default profile for {}: {}", did, e); 749 756 } 750 757 } 758 758 + let hostname = &tranquil_config::get().server.hostname; 751 751 - let hostname = pds_hostname(); 752 759 if !is_migration { 753 760 if let Some(ref recipient) = verification_recipient { 754 761 let verification_token = crate::auth::verification_token::generate_signup_token(

+10 -10

crates/tranquil-pds/src/api/identity/did.rs

··· 6 6 }; 7 7 use crate::state::AppState; 8 8 use crate::types::Handle; 9 9 + use crate::util::get_header_str; 9 9 - use crate::util::{get_header_str, pds_hostname, pds_hostname_without_port}; 10 10 use axum::{ 11 11 Json, 12 12 extract::{Path, Query, State}, ··· 122 122 } 123 123 124 124 pub async fn well_known_did(State(state): State<AppState>, headers: HeaderMap) -> Response { 125 125 + let hostname = &tranquil_config::get().server.hostname; 126 126 + let hostname_without_port = tranquil_config::get().server.hostname_without_port(); 125 125 - let hostname = pds_hostname(); 126 126 - let hostname_without_port = pds_hostname_without_port(); 127 127 let host_header = get_header_str(&headers, http::header::HOST).unwrap_or(hostname); 128 128 let host_without_port = host_header.split(':').next().unwrap_or(host_header); 129 129 if host_without_port != hostname_without_port ··· 275 275 } 276 276 277 277 pub async fn user_did_doc(State(state): State<AppState>, Path(handle): Path<String>) -> Response { 278 278 + let hostname = &tranquil_config::get().server.hostname; 279 279 + let hostname_for_handles = tranquil_config::get().server.hostname_without_port(); 278 278 - let hostname = pds_hostname(); 279 279 - let hostname_for_handles = pds_hostname_without_port(); 280 280 let current_handle = format!("{}.{}", handle, hostname_for_handles); 281 281 let current_handle_typed: Handle = match current_handle.parse() { 282 282 Ok(h) => h, ··· 571 571 ApiError::AuthenticationFailed(Some("OAuth tokens cannot get DID credentials".into())) 572 572 })?; 573 573 574 574 + let hostname = &tranquil_config::get().server.hostname; 574 574 - let hostname = pds_hostname(); 575 575 let pds_endpoint = format!("https://{}", hostname); 576 576 let signing_key = k256::ecdsa::SigningKey::from_slice(&key_bytes) 577 577 .map_err(|_| ApiError::InternalError(None))?; ··· 579 579 let rotation_keys = if auth.did.starts_with("did:web:") { 580 580 vec![] 581 581 } else { 582 582 + let server_rotation_key = match &tranquil_config::get().secrets.plc_rotation_key { 583 583 + Some(key) => key.clone(), 584 584 + None => { 582 582 - let server_rotation_key = match std::env::var("PLC_ROTATION_KEY") { 583 583 - Ok(key) => key, 584 584 - Err(_) => { 585 585 warn!( 586 586 "PLC_ROTATION_KEY not set, falling back to user's signing key for rotation key recommendation" 587 587 ); ··· 675 675 "Inappropriate language in handle".into(), 676 676 ))); 677 677 } 678 678 + let hostname_for_handles = tranquil_config::get().server.hostname_without_port(); 678 678 - let hostname_for_handles = pds_hostname_without_port(); 679 679 let suffix = format!(".{}", hostname_for_handles); 680 680 let is_service_domain = 681 681 crate::handle::is_service_domain_handle(&new_handle, hostname_for_handles);

+1 -2

crates/tranquil-pds/src/api/identity/plc/request.rs

··· 2 2 use crate::api::error::{ApiError, DbResultExt}; 3 3 use crate::auth::{Auth, Permissive}; 4 4 use crate::state::AppState; 5 5 - use crate::util::pds_hostname; 6 5 use axum::{ 7 6 extract::State, 8 7 response::{IntoResponse, Response}, ··· 41 40 .await 42 41 .log_db_err("creating PLC token")?; 43 42 43 43 + let hostname = &tranquil_config::get().server.hostname; 44 44 - let hostname = pds_hostname(); 45 44 if let Err(e) = crate::comms::comms_repo::enqueue_plc_operation( 46 45 state.user_repo.as_ref(), 47 46 state.infra_repo.as_ref(),

+6 -4

crates/tranquil-pds/src/api/identity/plc/submit.rs

··· 4 4 use crate::circuit_breaker::with_circuit_breaker; 5 5 use crate::plc::{PlcClient, signing_key_to_did_key, validate_plc_operation}; 6 6 use crate::state::AppState; 7 7 - use crate::util::pds_hostname; 8 7 use axum::{ 9 8 Json, 10 9 extract::State, ··· 42 41 .map_err(|e| ApiError::InvalidRequest(format!("Invalid operation: {}", e)))?; 43 42 44 43 let op = &input.operation; 44 44 + let hostname = &tranquil_config::get().server.hostname; 45 45 - let hostname = pds_hostname(); 46 45 let public_url = format!("https://{}", hostname); 47 46 let user = state 48 47 .user_repo ··· 70 69 })?; 71 70 72 71 let user_did_key = signing_key_to_did_key(&signing_key); 72 72 + let server_rotation_key = tranquil_config::get() 73 73 + .secrets 74 74 + .plc_rotation_key 75 75 + .clone() 76 76 + .unwrap_or_else(|| user_did_key.clone()); 73 73 - let server_rotation_key = 74 74 - std::env::var("PLC_ROTATION_KEY").unwrap_or_else(|_| user_did_key.clone()); 75 77 if let Some(rotation_keys) = op.get("rotationKeys").and_then(|v| v.as_array()) { 76 78 let has_server_key = rotation_keys 77 79 .iter()

+3 -2

crates/tranquil-pds/src/api/moderation/mod.rs

··· 69 69 } 70 70 71 71 fn get_report_service_config() -> Option<ReportServiceConfig> { 72 72 + let cfg = tranquil_config::get(); 73 73 + let url = cfg.moderation.report_service_url.clone()?; 74 74 + let did = cfg.moderation.report_service_did.clone()?; 72 72 - let url = std::env::var("REPORT_SERVICE_URL").ok()?; 73 73 - let did = std::env::var("REPORT_SERVICE_DID").ok()?; 74 75 if url.is_empty() || did.is_empty() { 75 76 return None; 76 77 }

+2 -3

crates/tranquil-pds/src/api/notification_prefs.rs

··· 1 1 use crate::api::error::ApiError; 2 2 use crate::auth::{Active, Auth}; 3 3 use crate::state::AppState; 4 4 - use crate::util::pds_hostname; 5 4 use axum::{ 6 5 Json, 7 6 extract::State, ··· 148 147 149 148 match channel { 150 149 CommsChannel::Email => { 150 150 + let hostname = &tranquil_config::get().server.hostname; 151 151 - let hostname = pds_hostname(); 152 151 let handle_str = handle.unwrap_or("user"); 153 152 crate::comms::comms_repo::enqueue_email_update( 154 153 state.infra_repo.as_ref(), ··· 167 166 })?; 168 167 } 169 168 _ => { 169 169 + let hostname = &tranquil_config::get().server.hostname; 170 170 - let hostname = pds_hostname(); 171 170 let encoded_token = urlencoding::encode(&formatted_token); 172 171 let encoded_identifier = urlencoding::encode(identifier); 173 172 let verify_link = format!(

+1 -1

crates/tranquil-pds/src/api/proxy.rs

··· 168 168 } 169 169 170 170 // If the age assurance override is set and this is an age assurance call then we dont want to proxy even if the client requests it 171 171 + if tranquil_config::get().server.age_assurance_override 171 171 - if std::env::var("PDS_AGE_ASSURANCE_OVERRIDE").is_ok() 172 172 && (path.ends_with("app.bsky.ageassurance.getState") 173 173 || path.ends_with("app.bsky.unspecced.getAgeAssuranceState")) 174 174 {

+1 -1

crates/tranquil-pds/src/api/proxy_client.rs

··· 63 63 let parsed = Url::parse(url).map_err(|_| SsrfError::InvalidUrl)?; 64 64 let scheme = parsed.scheme(); 65 65 if scheme != "https" { 66 66 + let allow_http = tranquil_config::get().server.allow_http_proxy 66 66 - let allow_http = std::env::var("ALLOW_HTTP_PROXY").is_ok() 67 67 || url.starts_with("http://127.0.0.1") 68 68 || url.starts_with("http://localhost"); 69 69 if !allow_http {

+2 -2

crates/tranquil-pds/src/api/repo/blob.rs

··· 3 3 use crate::delegation::DelegationActionType; 4 4 use crate::state::AppState; 5 5 use crate::types::{CidLink, Did}; 6 6 + use crate::util::get_header_str; 6 6 - use crate::util::{get_header_str, get_max_blob_size}; 7 7 use axum::body::Body; 8 8 use axum::{ 9 9 Json, ··· 89 89 .ok_or(ApiError::InternalError(None))?; 90 90 91 91 let temp_key = format!("temp/{}", uuid::Uuid::new_v4()); 92 92 + let max_size = tranquil_config::get().server.max_blob_size; 92 92 - let max_size = u64::try_from(get_max_blob_size()).unwrap_or(u64::MAX); 93 93 94 94 let body_stream = body.into_data_stream(); 95 95 let mapped_stream =

+5 -16

crates/tranquil-pds/src/api/repo/import.rs

··· 18 18 use tracing::{debug, error, info, warn}; 19 19 use tranquil_types::{AtUri, CidLink}; 20 20 21 21 - const DEFAULT_MAX_IMPORT_SIZE: usize = 1024 * 1024 * 1024; 22 22 - const DEFAULT_MAX_BLOCKS: usize = 500000; 23 23 - 24 21 pub async fn import_repo( 25 22 State(state): State<AppState>, 26 23 auth: Auth<NotTakendown>, 27 24 body: Bytes, 28 25 ) -> Result<Response, ApiError> { 26 26 + let accepting_imports = tranquil_config::get().import.accepting; 29 29 - let accepting_imports = std::env::var("ACCEPTING_REPO_IMPORTS") 30 30 - .map(|v| v != "false" && v != "0") 31 31 - .unwrap_or(true); 32 27 if !accepting_imports { 33 28 return Err(ApiError::InvalidRequest( 34 29 "Service is not accepting repo imports".into(), 35 30 )); 36 31 } 32 32 + let max_size = tranquil_config::get().import.max_size as usize; 37 37 - let max_size: usize = std::env::var("MAX_IMPORT_SIZE") 38 38 - .ok() 39 39 - .and_then(|s| s.parse().ok()) 40 40 - .unwrap_or(DEFAULT_MAX_IMPORT_SIZE); 41 33 if body.len() > max_size { 42 34 return Err(ApiError::PayloadTooLarge(format!( 43 35 "Import size exceeds limit of {} bytes", ··· 108 100 commit_did, did 109 101 ))); 110 102 } 103 103 + let skip_verification = tranquil_config::get().import.skip_verification; 111 111 - let skip_verification = crate::util::parse_env_bool("SKIP_IMPORT_VERIFICATION"); 112 104 let is_migration = user.deactivated_at.is_some(); 113 105 if skip_verification { 114 106 warn!("Skipping all CAR verification for import (SKIP_IMPORT_VERIFICATION=true)"); ··· 196 188 } 197 189 } 198 190 } 191 191 + let max_blocks = tranquil_config::get().import.max_blocks as usize; 199 199 - let max_blocks: usize = std::env::var("MAX_IMPORT_BLOCKS") 200 200 - .ok() 201 201 - .and_then(|s| s.parse().ok()) 202 202 - .unwrap_or(DEFAULT_MAX_BLOCKS); 203 192 let _write_lock = state.repo_write_locks.lock(user_id).await; 204 193 match apply_import( 205 194 &state.repo_repo, ··· 324 313 { 325 314 warn!("Failed to sequence import event: {:?}", e); 326 315 } 316 316 + if tranquil_config::get().server.age_assurance_override { 327 327 - if std::env::var("PDS_AGE_ASSURANCE_OVERRIDE").is_ok() { 328 317 let birthdate_pref = json!({ 329 318 "$type": "app.bsky.actor.defs#personalDetailsPref", 330 319 "birthDate": "1998-05-06T00:00:00.000Z"

+1 -2

crates/tranquil-pds/src/api/repo/meta.rs

··· 1 1 use crate::api::error::ApiError; 2 2 use crate::state::AppState; 3 3 use crate::types::AtIdentifier; 4 4 - use crate::util::pds_hostname_without_port; 5 4 use axum::{ 6 5 Json, 7 6 extract::{Query, State}, ··· 19 18 State(state): State<AppState>, 20 19 Query(input): Query<DescribeRepoInput>, 21 20 ) -> Response { 21 21 + let hostname_for_handles = tranquil_config::get().server.hostname_without_port(); 22 22 - let hostname_for_handles = pds_hostname_without_port(); 23 22 let user_row = if input.repo.is_did() { 24 23 let did: crate::types::Did = match input.repo.as_str().parse() { 25 24 Ok(d) => d,

+2 -3

crates/tranquil-pds/src/api/repo/record/read.rs

··· 2 2 use crate::api::error::ApiError; 3 3 use crate::state::AppState; 4 4 use crate::types::{AtIdentifier, Nsid, Rkey}; 5 5 - use crate::util::pds_hostname_without_port; 6 5 use axum::{ 7 6 Json, 8 7 extract::{Query, State}, ··· 60 59 _headers: HeaderMap, 61 60 Query(input): Query<GetRecordInput>, 62 61 ) -> Response { 62 62 + let hostname_for_handles = tranquil_config::get().server.hostname_without_port(); 63 63 - let hostname_for_handles = pds_hostname_without_port(); 64 63 let user_id_opt = if input.repo.is_did() { 65 64 let did: crate::types::Did = match input.repo.as_str().parse() { 66 65 Ok(d) => d, ··· 159 158 State(state): State<AppState>, 160 159 Query(input): Query<ListRecordsInput>, 161 160 ) -> Response { 161 161 + let hostname_for_handles = tranquil_config::get().server.hostname_without_port(); 162 162 - let hostname_for_handles = pds_hostname_without_port(); 163 162 let user_id_opt = if input.repo.is_did() { 164 163 let did: crate::types::Did = match input.repo.as_str().parse() { 165 164 Ok(d) => d,

+3 -4

crates/tranquil-pds/src/api/server/account_status.rs

··· 5 5 use crate::plc::PlcClient; 6 6 use crate::state::AppState; 7 7 use crate::types::PlainPassword; 8 8 - use crate::util::pds_hostname; 9 8 use axum::{ 10 9 Json, 11 10 extract::State, ··· 131 130 did: &crate::types::Did, 132 131 with_retry: bool, 133 132 ) -> Result<(), ApiError> { 133 133 + let hostname = &tranquil_config::get().server.hostname; 134 134 - let hostname = pds_hostname(); 135 134 let expected_endpoint = format!("https://{}", hostname); 136 135 137 136 if did.as_str().starts_with("did:plc:") { ··· 201 200 .await 202 201 .map_err(ApiError::InvalidRequest)?; 203 202 203 203 + let server_rotation_key = tranquil_config::get().secrets.plc_rotation_key.clone(); 204 204 - let server_rotation_key = std::env::var("PLC_ROTATION_KEY").ok(); 205 204 if let Some(ref expected_rotation_key) = server_rotation_key { 206 205 let rotation_keys = doc_data 207 206 .get("rotationKeys") ··· 552 551 .create_deletion_request(&confirmation_token, session_mfa.did(), expires_at) 553 552 .await 554 553 .log_db_err("creating deletion token")?; 554 554 + let hostname = &tranquil_config::get().server.hostname; 555 555 - let hostname = pds_hostname(); 556 555 if let Err(e) = crate::comms::comms_repo::enqueue_account_deletion( 557 556 state.user_repo.as_ref(), 558 557 state.infra_repo.as_ref(),

+3 -4

crates/tranquil-pds/src/api/server/email.rs

··· 3 3 use crate::auth::{Auth, NotTakendown}; 4 4 use crate::rate_limit::{EmailUpdateLimit, RateLimited, VerificationCheckLimit}; 5 5 use crate::state::AppState; 6 6 - use crate::util::pds_hostname; 7 6 use axum::{ 8 7 Json, 9 8 extract::State, ··· 105 104 } 106 105 } 107 106 107 107 + let hostname = &tranquil_config::get().server.hostname; 108 108 - let hostname = pds_hostname(); 109 108 if let Err(e) = crate::comms::comms_repo::enqueue_short_token_email( 110 109 state.user_repo.as_ref(), 111 110 state.infra_repo.as_ref(), ··· 367 366 ); 368 367 let formatted_token = 369 368 crate::auth::verification_token::format_token_for_display(&verification_token); 369 369 + let hostname = &tranquil_config::get().server.hostname; 370 370 - let hostname = pds_hostname(); 371 370 if let Err(e) = crate::comms::comms_repo::enqueue_signup_verification( 372 371 state.user_repo.as_ref(), 373 372 state.infra_repo.as_ref(), ··· 531 530 532 531 info!(did = %did, "Email update authorized via link click"); 533 532 533 533 + let hostname = &tranquil_config::get().server.hostname; 534 534 - let hostname = pds_hostname(); 535 534 let redirect_url = format!( 536 535 "https://{}/app/verify?type=email-authorize-success", 537 536 hostname

+1 -2

crates/tranquil-pds/src/api/server/invite.rs

··· 3 3 use crate::auth::{Admin, Auth, NotTakendown}; 4 4 use crate::state::AppState; 5 5 use crate::types::Did; 6 6 - use crate::util::pds_hostname; 7 6 use axum::{ 8 7 Json, 9 8 extract::State, ··· 26 25 } 27 26 28 27 fn gen_invite_code() -> String { 28 28 + let hostname = &tranquil_config::get().server.hostname; 29 29 - let hostname = pds_hostname(); 30 29 let hostname_prefix = hostname.replace('.', "-"); 31 30 format!("{}-{}", hostname_prefix, gen_random_token()) 32 31 }

+13 -15

crates/tranquil-pds/src/api/server/meta.rs

··· 1 1 use crate::state::AppState; 2 2 + use crate::util::{discord_app_id, discord_bot_username, telegram_bot_username}; 2 2 - use crate::util::{discord_app_id, discord_bot_username, pds_hostname, telegram_bot_username}; 3 3 use axum::{Json, extract::State, http::StatusCode, response::IntoResponse}; 4 4 use serde_json::json; 5 5 6 6 fn get_available_comms_channels() -> Vec<tranquil_db_traits::CommsChannel> { 7 7 use tranquil_db_traits::CommsChannel; 8 8 + let cfg = tranquil_config::get(); 8 9 let mut channels = vec![CommsChannel::Email]; 10 10 + if cfg.discord.bot_token.is_some() { 9 9 - if std::env::var("DISCORD_BOT_TOKEN").is_ok() { 10 11 channels.push(CommsChannel::Discord); 11 12 } 13 13 + if cfg.telegram.bot_token.is_some() { 12 12 - if std::env::var("TELEGRAM_BOT_TOKEN").is_ok() { 13 14 channels.push(CommsChannel::Telegram); 14 15 } 16 16 + if cfg.signal.sender_number.is_some() { 15 15 - if std::env::var("SIGNAL_CLI_PATH").is_ok() && std::env::var("SIGNAL_SENDER_NUMBER").is_ok() { 16 17 channels.push(CommsChannel::Signal); 17 18 } 18 19 channels ··· 26 27 ) 27 28 } 28 29 pub fn is_self_hosted_did_web_enabled() -> bool { 30 30 + tranquil_config::get().server.enable_pds_hosted_did_web 29 29 - std::env::var("ENABLE_SELF_HOSTED_DID_WEB") 30 30 - .map(|v| v != "false" && v != "0") 31 31 - .unwrap_or(true) 32 31 } 33 32 34 33 pub async fn describe_server() -> impl IntoResponse { 34 34 + let cfg = tranquil_config::get(); 35 35 + let pds_hostname = &cfg.server.hostname; 36 36 + let domains = cfg.server.available_user_domain_list(); 37 37 + let invite_code_required = cfg.server.invite_code_required; 38 38 + let privacy_policy = cfg.server.privacy_policy_url.clone(); 39 39 + let terms_of_service = cfg.server.terms_of_service_url.clone(); 40 40 + let contact_email = cfg.server.contact_email.clone(); 35 35 - let pds_hostname = pds_hostname(); 36 36 - let domains_str = 37 37 - std::env::var("AVAILABLE_USER_DOMAINS").unwrap_or_else(|_| pds_hostname.to_string()); 38 38 - let domains: Vec<&str> = domains_str.split(',').map(|s| s.trim()).collect(); 39 39 - let invite_code_required = crate::util::parse_env_bool("INVITE_CODE_REQUIRED"); 40 40 - let privacy_policy = std::env::var("PRIVACY_POLICY_URL").ok(); 41 41 - let terms_of_service = std::env::var("TERMS_OF_SERVICE_URL").ok(); 42 42 - let contact_email = std::env::var("CONTACT_EMAIL").ok(); 43 41 let mut links = serde_json::Map::new(); 44 42 if let Some(pp) = privacy_policy { 45 43 links.insert("privacyPolicy".to_string(), json!(pp));

+1 -2

crates/tranquil-pds/src/api/server/migration.rs

··· 2 2 use crate::api::error::DbResultExt; 3 3 use crate::auth::{Active, Auth}; 4 4 use crate::state::AppState; 5 5 - use crate::util::pds_hostname; 6 5 use axum::{ 7 6 Json, 8 7 extract::State, ··· 147 146 } 148 147 149 148 async fn build_did_document(state: &AppState, did: &crate::types::Did) -> serde_json::Value { 149 149 + let hostname = &tranquil_config::get().server.hostname; 150 150 - let hostname = pds_hostname(); 151 150 152 151 let user = match state.user_repo.get_user_for_did_doc_build(did).await { 153 152 Ok(Some(row)) => row,

+16 -12

crates/tranquil-pds/src/api/server/passkey_account.rs

··· 24 24 use crate::rate_limit::{AccountCreationLimit, PasswordResetLimit, RateLimited}; 25 25 use crate::state::AppState; 26 26 use crate::types::{Did, Handle, PlainPassword}; 27 27 - use crate::util::{pds_hostname, pds_hostname_without_port}; 28 27 use crate::validation::validate_password; 29 28 30 29 fn generate_setup_token() -> String { ··· 113 112 .map(|d| d.starts_with("did:web:")) 114 113 .unwrap_or(false); 115 114 115 115 + let hostname = &tranquil_config::get().server.hostname; 116 116 + let hostname_for_handles = tranquil_config::get().server.hostname_without_port(); 116 116 - let hostname = pds_hostname(); 117 117 - let hostname_for_handles = pds_hostname_without_port(); 118 117 let pds_suffix = format!(".{}", hostname_for_handles); 119 118 120 119 let handle = if !input.handle.contains('.') || input.handle.ends_with(&pds_suffix) { ··· 153 152 Err(_) => return ApiError::InvalidInviteCode.into_response(), 154 153 } 155 154 } else { 155 155 + let invite_required = tranquil_config::get().server.invite_code_required; 156 156 - let invite_required = crate::util::parse_env_bool("INVITE_CODE_REQUIRED"); 157 156 if invite_required { 158 157 return ApiError::InviteCodeRequired.into_response(); 159 158 } ··· 309 308 .into_response(); 310 309 } 311 310 } else { 311 311 + let rotation_key = tranquil_config::get() 312 312 + .secrets 313 313 + .plc_rotation_key 314 314 + .clone() 315 315 + .unwrap_or_else(|| crate::plc::signing_key_to_did_key(&secret_key)); 312 312 - let rotation_key = std::env::var("PLC_ROTATION_KEY") 313 313 - .unwrap_or_else(|_| crate::plc::signing_key_to_did_key(&secret_key)); 314 316 315 317 let genesis_result = match crate::plc::create_genesis_operation( 316 318 &secret_key, ··· 401 403 }; 402 404 let genesis_block_cids = vec![mst_root.to_bytes(), commit_cid.to_bytes()]; 403 405 406 406 + let birthdate_pref = if tranquil_config::get().server.age_assurance_override { 407 407 + Some(json!({ 404 404 - let birthdate_pref = std::env::var("PDS_AGE_ASSURANCE_OVERRIDE").ok().map(|_| { 405 405 - json!({ 406 408 "$type": "app.bsky.actor.defs#personalDetailsPref", 407 409 "birthDate": "1998-05-06T00:00:00.000Z" 410 410 + })) 411 411 + } else { 412 412 + None 413 413 + }; 408 408 - }) 409 409 - }); 410 414 411 415 let handle_typed: Handle = match handle.parse() { 412 416 Ok(h) => h, ··· 820 824 _rate_limit: RateLimited<PasswordResetLimit>, 821 825 Json(input): Json<RequestPasskeyRecoveryInput>, 822 826 ) -> Response { 827 827 + let hostname_for_handles = tranquil_config::get().server.hostname_without_port(); 823 823 - let hostname_for_handles = pds_hostname_without_port(); 824 828 let identifier = input.email.trim().to_lowercase(); 825 829 let identifier = identifier.strip_prefix('@').unwrap_or(&identifier); 826 830 let normalized_handle = ··· 855 859 return ApiError::InternalError(None).into_response(); 856 860 } 857 861 862 862 + let hostname = &tranquil_config::get().server.hostname; 858 858 - let hostname = pds_hostname(); 859 863 let recovery_url = format!( 860 864 "https://{}/app/recover-passkey?did={}&token={}", 861 865 hostname,

+2 -3

crates/tranquil-pds/src/api/server/password.rs

··· 7 7 use crate::rate_limit::{PasswordResetLimit, RateLimited, ResetPasswordLimit}; 8 8 use crate::state::AppState; 9 9 use crate::types::PlainPassword; 10 10 - use crate::util::{pds_hostname, pds_hostname_without_port}; 11 10 use crate::validation::validate_password; 12 11 use axum::{ 13 12 Json, ··· 38 37 if identifier.is_empty() { 39 38 return ApiError::InvalidRequest("email or handle is required".into()).into_response(); 40 39 } 40 40 + let hostname_for_handles = tranquil_config::get().server.hostname_without_port(); 41 41 - let hostname_for_handles = pds_hostname_without_port(); 42 41 let normalized = identifier.to_lowercase(); 43 42 let normalized = normalized.strip_prefix('@').unwrap_or(&normalized); 44 43 let is_email_lookup = normalized.contains('@'); ··· 78 77 error!("DB error setting reset code: {:?}", e); 79 78 return ApiError::InternalError(None).into_response(); 80 79 } 80 80 + let hostname = &tranquil_config::get().server.hostname; 81 81 - let hostname = pds_hostname(); 82 81 if let Err(e) = crate::comms::comms_repo::enqueue_password_reset( 83 82 state.user_repo.as_ref(), 84 83 state.infra_repo.as_ref(),

+9 -10

crates/tranquil-pds/src/api/server/session.rs

··· 7 7 use crate::rate_limit::{LoginLimit, RateLimited, RefreshSessionLimit}; 8 8 use crate::state::AppState; 9 9 use crate::types::{AccountState, Did, Handle, PlainPassword}; 10 10 - use crate::util::{pds_hostname, pds_hostname_without_port}; 11 10 use axum::{ 12 11 Json, 13 12 extract::State, ··· 66 65 "create_session called with identifier: {}", 67 66 input.identifier 68 67 ); 68 68 + let pds_host = &tranquil_config::get().server.hostname; 69 69 + let hostname_for_handles = tranquil_config::get().server.hostname_without_port(); 69 69 - let pds_host = pds_hostname(); 70 70 - let hostname_for_handles = pds_hostname_without_port(); 71 70 let normalized_identifier = 71 71 + NormalizedLoginIdentifier::normalize(&input.identifier, &hostname_for_handles); 72 72 - NormalizedLoginIdentifier::normalize(&input.identifier, hostname_for_handles); 73 72 info!( 74 73 "Normalized identifier: {} -> {}", 75 74 input.identifier, normalized_identifier ··· 182 181 return ApiError::LegacyLoginBlocked.into_response(); 183 182 } 184 183 Ok(crate::auth::legacy_2fa::Legacy2faOutcome::ChallengeSent(code)) => { 184 184 + let hostname = &tranquil_config::get().server.hostname; 185 185 - let hostname = pds_hostname(); 186 185 if let Err(e) = crate::comms::comms_repo::enqueue_2fa_code( 187 186 state.user_repo.as_ref(), 188 187 state.infra_repo.as_ref(), ··· 286 285 ip = %client_ip, 287 286 "Legacy login on TOTP-enabled account - sending notification" 288 287 ); 288 288 + let hostname = &tranquil_config::get().server.hostname; 289 289 - let hostname = pds_hostname(); 290 289 if let Err(e) = crate::comms::comms_repo::enqueue_legacy_login( 291 290 state.user_repo.as_ref(), 292 291 state.infra_repo.as_ref(), ··· 341 340 let preferred_channel_verified = row 342 341 .channel_verification 343 342 .is_verified(row.preferred_comms_channel); 343 343 + let pds_hostname = &tranquil_config::get().server.hostname; 344 344 - let pds_hostname = pds_hostname(); 345 344 let handle = full_handle(&row.handle, pds_hostname); 346 345 let account_state = AccountState::from_db_fields( 347 346 row.deactivated_at, ··· 545 544 let preferred_channel_verified = u 546 545 .channel_verification 547 546 .is_verified(u.preferred_comms_channel); 547 547 + let pds_hostname = &tranquil_config::get().server.hostname; 548 548 - let pds_hostname = pds_hostname(); 549 548 let handle = full_handle(&u.handle, pds_hostname); 550 549 let account_state = 551 550 AccountState::from_db_fields(u.deactivated_at, u.takedown_ref.clone(), None, None); ··· 707 706 return ApiError::InternalError(None).into_response(); 708 707 } 709 708 709 709 + let hostname = &tranquil_config::get().server.hostname; 710 710 - let hostname = pds_hostname(); 711 710 if let Err(e) = crate::comms::comms_repo::enqueue_welcome( 712 711 state.user_repo.as_ref(), 713 712 state.infra_repo.as_ref(), ··· 777 776 let formatted_token = 778 777 crate::auth::verification_token::format_token_for_display(&verification_token); 779 778 779 779 + let hostname = &tranquil_config::get().server.hostname; 780 780 - let hostname = pds_hostname(); 781 780 if let Err(e) = crate::comms::comms_repo::enqueue_signup_verification( 782 781 state.user_repo.as_ref(), 783 782 state.infra_repo.as_ref(),

+1 -2

crates/tranquil-pds/src/api/server/totp.rs

··· 9 9 use crate::rate_limit::{TotpVerifyLimit, check_user_rate_limit_with_message}; 10 10 use crate::state::AppState; 11 11 use crate::types::PlainPassword; 12 12 - use crate::util::pds_hostname; 13 12 use axum::{ 14 13 Json, 15 14 extract::State, ··· 52 51 .log_db_err("fetching handle")? 53 52 .ok_or(ApiError::AccountNotFound)?; 54 53 54 54 + let hostname = &tranquil_config::get().server.hostname; 55 55 - let hostname = pds_hostname(); 56 55 let uri = generate_totp_uri(&secret, &handle, hostname); 57 56 58 57 let qr_code = generate_qr_png_base64(&secret, &handle, hostname).map_err(|e| {

+1 -2

crates/tranquil-pds/src/api/server/verify_email.rs

··· 5 5 use tracing::{info, warn}; 6 6 7 7 use crate::state::AppState; 8 8 - use crate::util::pds_hostname; 9 8 10 9 #[derive(Deserialize)] 11 10 #[serde(rename_all = "camelCase")] ··· 71 70 return Ok(Json(ResendMigrationVerificationOutput { sent: true })); 72 71 } 73 72 73 73 + let hostname = &tranquil_config::get().server.hostname; 74 74 - let hostname = pds_hostname(); 75 74 let token = crate::auth::verification_token::generate_migration_token(&user.did, &email); 76 75 let formatted_token = crate::auth::verification_token::format_token_for_display(&token); 77 76

+2 -3

crates/tranquil-pds/src/api/server/verify_token.rs

··· 1 1 use crate::api::error::{ApiError, DbResultExt}; 2 2 use crate::comms::comms_repo; 3 3 use crate::types::Did; 4 4 - use crate::util::pds_hostname; 5 4 use axum::{Json, extract::State}; 6 5 use serde::{Deserialize, Serialize}; 7 6 use tracing::{info, warn}; ··· 162 161 user_id, 163 162 channel, 164 163 &recipient, 164 164 + &tranquil_config::get().server.hostname, 165 165 - pds_hostname(), 166 165 ) 167 166 .await 168 167 { ··· 260 259 user.id, 261 260 channel, 262 261 &recipient, 262 262 + &tranquil_config::get().server.hostname, 263 263 - pds_hostname(), 264 263 ) 265 264 .await 266 265 {

+4 -5

crates/tranquil-pds/src/api/telegram_webhook.rs

··· 8 8 9 9 use crate::comms::comms_repo; 10 10 use crate::state::AppState; 11 11 - use crate::util::pds_hostname; 12 11 13 12 #[derive(Deserialize)] 14 13 struct TelegramUpdate { ··· 32 31 headers: HeaderMap, 33 32 body: String, 34 33 ) -> impl IntoResponse { 34 34 + let expected_secret = match &tranquil_config::get().telegram.webhook_secret { 35 35 + Some(s) => s.clone(), 36 36 + None => { 35 35 - let expected_secret = match std::env::var("TELEGRAM_WEBHOOK_SECRET") { 36 36 - Ok(s) => s, 37 37 - Err(_) => { 38 37 warn!("Telegram webhook called but TELEGRAM_WEBHOOK_SECRET is not configured"); 39 38 return StatusCode::FORBIDDEN; 40 39 } ··· 88 87 user_id, 89 88 tranquil_db_traits::CommsChannel::Telegram, 90 89 &from.id.to_string(), 90 90 + &tranquil_config::get().server.hostname, 91 91 - pds_hostname(), 92 91 ) 93 92 .await 94 93 {

+3 -6

crates/tranquil-pds/src/appview/mod.rs

··· 64 64 65 65 impl DidResolver { 66 66 pub fn new() -> Self { 67 67 + let cfg = tranquil_config::get(); 68 68 + let cache_ttl_secs = cfg.plc.did_cache_ttl_secs; 67 67 - let cache_ttl_secs: u64 = std::env::var("DID_CACHE_TTL_SECS") 68 68 - .ok() 69 69 - .and_then(|v| v.parse().ok()) 70 70 - .unwrap_or(300); 71 69 70 70 + let plc_directory_url = cfg.plc.directory_url.clone(); 72 72 - let plc_directory_url = std::env::var("PLC_DIRECTORY_URL") 73 73 - .unwrap_or_else(|_| "https://plc.directory".to_string()); 74 71 75 72 let client = Client::builder() 76 73 .timeout(Duration::from_secs(10))

+2 -4

crates/tranquil-pds/src/auth/service.rs

··· 1 1 - use crate::util::pds_hostname; 2 1 use base64::Engine as _; 3 2 use base64::engine::general_purpose::URL_SAFE_NO_PAD; 4 3 use chrono::Utc; ··· 146 145 147 146 impl ServiceTokenVerifier { 148 147 pub fn new() -> Self { 148 148 + let plc_directory_url = tranquil_config::get().plc.directory_url.clone(); 149 149 - let plc_directory_url = std::env::var("PLC_DIRECTORY_URL") 150 150 - .unwrap_or_else(|_| "https://plc.directory".to_string()); 151 149 150 150 + let pds_hostname = &tranquil_config::get().server.hostname; 152 152 - let pds_hostname = pds_hostname(); 153 151 let pds_did: Did = format!("did:web:{}", pds_hostname) 154 152 .parse() 155 153 .expect("PDS hostname produces a valid DID");

+1 -7

crates/tranquil-pds/src/auth/verification_token.rs

··· 61 61 62 62 fn derive_verification_key() -> [u8; 32] { 63 63 use hkdf::Hkdf; 64 64 + let master_key = tranquil_config::get().secrets.master_key_or_default(); 64 64 - let master_key = std::env::var("MASTER_KEY").unwrap_or_else(|_| { 65 65 - if cfg!(test) || std::env::var("TRANQUIL_PDS_ALLOW_INSECURE_SECRETS").is_ok() { 66 66 - "test-master-key-not-for-production".to_string() 67 67 - } else { 68 68 - panic!("MASTER_KEY must be set"); 69 69 - } 70 70 - }); 71 65 let hk = Hkdf::<Sha256>::new(None, master_key.as_bytes()); 72 66 let mut key = [0u8; 32]; 73 67 hk.expand(b"tranquil-pds-verification-token-v1", &mut key)

+3 -8

crates/tranquil-pds/src/comms/service.rs

··· 21 21 22 22 impl CommsService { 23 23 pub fn new(infra_repo: Arc<dyn InfraRepository>) -> Self { 24 24 + let cfg = tranquil_config::get(); 25 25 + let poll_interval_ms = cfg.notifications.poll_interval_ms; 26 26 + let batch_size = cfg.notifications.batch_size; 24 24 - let poll_interval_ms: u64 = std::env::var("NOTIFICATION_POLL_INTERVAL_MS") 25 25 - .ok() 26 26 - .and_then(|v| v.parse().ok()) 27 27 - .unwrap_or(1000); 28 28 - let batch_size: i64 = std::env::var("NOTIFICATION_BATCH_SIZE") 29 29 - .ok() 30 30 - .and_then(|v| v.parse().ok()) 31 31 - .unwrap_or(100); 32 27 Self { 33 28 infra_repo, 34 29 senders: HashMap::new(),

+4 -48

crates/tranquil-pds/src/config.rs

··· 48 48 impl AuthConfig { 49 49 pub fn init() -> &'static Self { 50 50 CONFIG.get_or_init(|| { 51 51 + let secrets = &tranquil_config::get().secrets; 51 51 - let jwt_secret = std::env::var("JWT_SECRET").unwrap_or_else(|_| { 52 52 - if cfg!(test) || std::env::var("TRANQUIL_PDS_ALLOW_INSECURE_SECRETS").is_ok() { 53 53 - "test-jwt-secret-not-for-production".to_string() 54 54 - } else { 55 55 - panic!( 56 56 - "JWT_SECRET environment variable must be set in production. \ 57 57 - Set TRANQUIL_PDS_ALLOW_INSECURE_SECRETS=1 for development/testing." 58 58 - ); 59 59 - } 60 60 - }); 61 52 53 53 + let jwt_secret = secrets.jwt_secret_or_default(); 54 54 + let dpop_secret = secrets.dpop_secret_or_default(); 62 62 - let dpop_secret = std::env::var("DPOP_SECRET").unwrap_or_else(|_| { 63 63 - if cfg!(test) || std::env::var("TRANQUIL_PDS_ALLOW_INSECURE_SECRETS").is_ok() { 64 64 - "test-dpop-secret-not-for-production".to_string() 65 65 - } else { 66 66 - panic!( 67 67 - "DPOP_SECRET environment variable must be set in production. \ 68 68 - Set TRANQUIL_PDS_ALLOW_INSECURE_SECRETS=1 for development/testing." 69 69 - ); 70 70 - } 71 71 - }); 72 72 - 73 73 - if jwt_secret.len() < 32 74 74 - && std::env::var("TRANQUIL_PDS_ALLOW_INSECURE_SECRETS").is_err() 75 75 - { 76 76 - panic!("JWT_SECRET must be at least 32 characters"); 77 77 - } 78 78 - 79 79 - if dpop_secret.len() < 32 80 80 - && std::env::var("TRANQUIL_PDS_ALLOW_INSECURE_SECRETS").is_err() 81 81 - { 82 82 - panic!("DPOP_SECRET must be at least 32 characters"); 83 83 - } 84 55 85 56 let mut hasher = Sha256::new(); 86 57 hasher.update(b"oauth-signing-key-derivation:"); ··· 114 85 let kid_hash = kid_hasher.finalize(); 115 86 let signing_key_id = URL_SAFE_NO_PAD.encode(&kid_hash[..8]); 116 87 88 88 + let master_key = secrets.master_key_or_default(); 117 117 - let master_key = std::env::var("MASTER_KEY").unwrap_or_else(|_| { 118 118 - if cfg!(test) || std::env::var("TRANQUIL_PDS_ALLOW_INSECURE_SECRETS").is_ok() { 119 119 - "test-master-key-not-for-production".to_string() 120 120 - } else { 121 121 - panic!( 122 122 - "MASTER_KEY environment variable must be set in production. \ 123 123 - Set TRANQUIL_PDS_ALLOW_INSECURE_SECRETS=1 for development/testing." 124 124 - ); 125 125 - } 126 126 - }); 127 127 - 128 128 - if master_key.len() < 32 129 129 - && std::env::var("TRANQUIL_PDS_ALLOW_INSECURE_SECRETS").is_err() 130 130 - { 131 131 - panic!("MASTER_KEY must be at least 32 characters"); 132 132 - } 133 89 134 90 let hk = Hkdf::<Sha256>::new(None, master_key.as_bytes()); 135 91 let mut key_encryption_key = [0u8; 32];

+3 -9

crates/tranquil-pds/src/crawlers.rs

··· 1 1 use crate::circuit_breaker::CircuitBreaker; 2 2 use crate::sync::firehose::SequencedEvent; 3 3 - use crate::util::pds_hostname; 4 3 use reqwest::Client; 5 4 use std::sync::Arc; 6 5 use std::sync::atomic::{AtomicU64, Ordering}; ··· 42 41 self 43 42 } 44 43 44 44 + pub fn from_config(cfg: &tranquil_config::TranquilConfig) -> Option<Self> { 45 45 + let hostname = &cfg.server.hostname; 45 45 - pub fn from_env() -> Option<Self> { 46 46 - let hostname = pds_hostname(); 47 46 if hostname == "localhost" { 48 47 return None; 49 48 } 50 49 50 50 + let crawler_urls = cfg.firehose.crawler_list(); 51 51 - let crawler_urls: Vec<String> = std::env::var("CRAWLERS") 52 52 - .unwrap_or_default() 53 53 - .split(',') 54 54 - .filter(|s| !s.is_empty()) 55 55 - .map(|s| s.trim().to_string()) 56 56 - .collect(); 57 51 58 52 if crawler_urls.is_empty() { 59 53 return None;

+2 -4

crates/tranquil-pds/src/handle/mod.rs

··· 87 87 } 88 88 } 89 89 90 90 + pub fn is_service_domain_handle(handle: &str, _hostname: &str) -> bool { 90 90 - pub fn is_service_domain_handle(handle: &str, hostname: &str) -> bool { 91 91 if !handle.contains('.') { 92 92 return true; 93 93 } 94 94 + let service_domains = tranquil_config::get().server.user_handle_domain_list(); 94 94 - let service_domains: Vec<String> = std::env::var("PDS_SERVICE_HANDLE_DOMAINS") 95 95 - .map(|s| s.split(',').map(|d| d.trim().to_string()).collect()) 96 96 - .unwrap_or_else(|_| vec![hostname.to_string()]); 97 95 service_domains 98 96 .iter() 99 97 .any(|domain| handle.ends_with(&format!(".{}", domain)) || handle == domain)

+3 -1

crates/tranquil-pds/src/lib.rs

··· 658 658 post(api::discord_webhook::handle_discord_webhook) 659 659 .layer(DefaultBodyLimit::max(64 * 1024)), 660 660 ) 661 661 + .layer(DefaultBodyLimit::max( 662 662 + tranquil_config::get().server.max_blob_size as usize, 663 663 + )) 661 661 - .layer(DefaultBodyLimit::max(util::get_max_blob_size())) 662 664 .layer(axum::middleware::map_response(rewrite_422_to_400)) 663 665 .layer(middleware::from_fn(metrics::metrics_middleware)) 664 666 .layer(

+92 -22

crates/tranquil-pds/src/main.rs

··· 1 1 + use clap::{Parser, Subcommand}; 1 2 use std::net::SocketAddr; 3 3 + use std::path::PathBuf; 2 4 use std::process::ExitCode; 3 5 use std::sync::Arc; 4 6 use tokio_util::sync::CancellationToken; ··· 18 20 }; 19 21 use tranquil_pds::state::AppState; 20 22 23 23 + #[derive(Parser)] 24 24 + #[command(name = "tranquil-pds", version = BUILD_VERSION, about = "Tranquil AT Protocol PDS")] 25 25 + struct Cli { 26 26 + /// Path to a TOML configuration file (also settable via TRANQUIL_PDS_CONFIG env var) 27 27 + #[arg(short, long, value_name = "FILE", env = "TRANQUIL_PDS_CONFIG")] 28 28 + config: Option<PathBuf>, 29 29 + 30 30 + #[command(subcommand)] 31 31 + command: Option<Command>, 32 32 + } 33 33 + 34 34 + #[derive(Subcommand)] 35 35 + enum Command { 36 36 + /// Validate the configuration and exit 37 37 + Validate { 38 38 + /// Skip validation of secrets and database URL (useful when secrets 39 39 + /// are provided at runtime via environment variables / secret files) 40 40 + #[arg(long)] 41 41 + ignore_secrets: bool, 42 42 + }, 43 43 + /// Print a TOML configuration template to stdout 44 44 + ConfigTemplate, 45 45 + } 46 46 + 21 47 #[tokio::main] 22 48 async fn main() -> ExitCode { 23 49 dotenvy::dotenv().ok(); 50 50 + 51 51 + let cli = Cli::parse(); 52 52 + 53 53 + // Handle subcommands that don't need full startup 54 54 + if let Some(command) = &cli.command { 55 55 + return match command { 56 56 + Command::ConfigTemplate => { 57 57 + print!("{}", tranquil_config::template()); 58 58 + ExitCode::SUCCESS 59 59 + } 60 60 + Command::Validate { ignore_secrets } => { 61 61 + let config = match tranquil_config::load(cli.config.as_ref()) { 62 62 + Ok(c) => c, 63 63 + Err(e) => { 64 64 + eprintln!("Failed to load configuration: {e:#}"); 65 65 + return ExitCode::FAILURE; 66 66 + } 67 67 + }; 68 68 + match config.validate(*ignore_secrets) { 69 69 + Ok(()) => { 70 70 + println!("Configuration is valid."); 71 71 + ExitCode::SUCCESS 72 72 + } 73 73 + Err(e) => { 74 74 + eprint!("{e}"); 75 75 + ExitCode::FAILURE 76 76 + } 77 77 + } 78 78 + } 79 79 + }; 80 80 + } 81 81 + 24 82 tracing_subscriber::fmt::init(); 83 83 + 84 84 + let config = match tranquil_config::load(cli.config.as_ref()) { 85 85 + Ok(c) => c, 86 86 + Err(e) => { 87 87 + error!("Failed to load configuration: {e:#}"); 88 88 + return ExitCode::FAILURE; 89 89 + } 90 90 + }; 91 91 + 92 92 + if let Err(e) = config.validate(false) { 93 93 + error!("{e}"); 94 94 + return ExitCode::FAILURE; 95 95 + } 96 96 + 97 97 + tranquil_config::init(config); 98 98 + 25 99 tranquil_pds::metrics::init_metrics(); 26 100 27 101 match run().await { ··· 66 140 let mut comms_service = CommsService::new(state.infra_repo.clone()); 67 141 let mut deferred_discord_endpoint: Option<(DiscordSender, String, String)> = None; 68 142 143 143 + let cfg = tranquil_config::get(); 144 144 + 145 145 + if let Some(email_sender) = EmailSender::from_config(cfg) { 69 69 - if let Some(email_sender) = EmailSender::from_env() { 70 146 info!("Email comms enabled"); 71 147 comms_service = comms_service.register_sender(email_sender); 72 148 } else { 73 149 warn!("Email comms disabled (MAIL_FROM_ADDRESS not set)"); 74 150 } 75 151 152 152 + if let Some(discord_sender) = DiscordSender::from_config(cfg) { 76 76 - if let Some(discord_sender) = DiscordSender::from_env() { 77 153 info!("Discord comms enabled"); 78 154 match discord_sender.resolve_bot_username().await { 79 155 Ok(username) => { ··· 96 172 Some(public_key) => { 97 173 tranquil_pds::util::set_discord_public_key(public_key); 98 174 info!("Discord Ed25519 public key loaded"); 175 175 + let hostname = &tranquil_config::get().server.hostname; 99 99 - let hostname = std::env::var("PDS_HOSTNAME") 100 100 - .unwrap_or_else(|_| "localhost".to_string()); 101 176 let webhook_url = format!("https://{}/webhook/discord", hostname); 102 177 match discord_sender.register_slash_command(&app_id).await { 103 178 Ok(()) => info!("Discord /start slash command registered"), ··· 118 193 comms_service = comms_service.register_sender(discord_sender); 119 194 } 120 195 196 196 + if let Some(telegram_sender) = TelegramSender::from_config(cfg) { 197 197 + // Safe to unwrap: validated in TranquilConfig::validate() 198 198 + let secret_token = tranquil_config::get() 199 199 + .telegram 200 200 + .webhook_secret 201 201 + .clone() 202 202 + .expect("telegram.webhook_secret checked during config validation"); 121 121 - if let Some(telegram_sender) = TelegramSender::from_env() { 122 122 - let secret_token = match std::env::var("TELEGRAM_WEBHOOK_SECRET") { 123 123 - Ok(s) => s, 124 124 - Err(_) => { 125 125 - return Err( 126 126 - "TELEGRAM_BOT_TOKEN is set but TELEGRAM_WEBHOOK_SECRET is missing. Both are required for secure Telegram integration.".into() 127 127 - ); 128 128 - } 129 129 - }; 130 203 info!("Telegram comms enabled"); 131 204 match telegram_sender.resolve_bot_username().await { 132 205 Ok(username) => { 133 206 info!(bot_username = %username, "Resolved Telegram bot username"); 134 207 tranquil_pds::util::set_telegram_bot_username(username); 208 208 + let hostname = tranquil_config::get().server.hostname.clone(); 135 135 - let hostname = 136 136 - std::env::var("PDS_HOSTNAME").unwrap_or_else(|_| "localhost".to_string()); 137 209 let webhook_url = format!("https://{}/webhook/telegram", hostname); 138 210 match telegram_sender 139 211 .set_webhook(&webhook_url, Some(&secret_token)) ··· 150 222 comms_service = comms_service.register_sender(telegram_sender); 151 223 } 152 224 225 225 + if let Some(signal_sender) = SignalSender::from_config(cfg) { 153 153 - if let Some(signal_sender) = SignalSender::from_env() { 154 226 info!("Signal comms enabled"); 155 227 comms_service = comms_service.register_sender(signal_sender); 156 228 } 157 229 158 230 let comms_handle = tokio::spawn(comms_service.run(shutdown.clone())); 159 231 232 232 + let crawlers_handle = if let Some(crawlers) = Crawlers::from_config(cfg) { 160 160 - let crawlers_handle = if let Some(crawlers) = Crawlers::from_env() { 161 233 let crawlers = Arc::new( 162 234 crawlers.with_circuit_breaker(state.circuit_breakers.relay_notification.clone()), 163 235 ); ··· 197 269 198 270 let app = tranquil_pds::app(state); 199 271 272 272 + let cfg = tranquil_config::get(); 273 273 + let host = &cfg.server.host; 274 274 + let port = cfg.server.port; 200 200 - let host = std::env::var("SERVER_HOST").unwrap_or_else(|_| "127.0.0.1".to_string()); 201 201 - let port: u16 = std::env::var("SERVER_PORT") 202 202 - .ok() 203 203 - .and_then(|p| p.parse().ok()) 204 204 - .unwrap_or(3000); 205 275 206 276 let addr: SocketAddr = format!("{}:{}", host, port) 207 277 .parse()

+1 -8

crates/tranquil-pds/src/moderation/mod.rs

··· 34 34 } 35 35 36 36 fn get_extra_banned_words() -> &'static Vec<String> { 37 37 + EXTRA_BANNED_WORDS.get_or_init(|| tranquil_config::get().server.banned_word_list()) 37 37 - EXTRA_BANNED_WORDS.get_or_init(|| { 38 38 - std::env::var("PDS_BANNED_WORDS") 39 39 - .unwrap_or_default() 40 40 - .split(',') 41 41 - .map(|s| s.trim().to_lowercase()) 42 42 - .filter(|s| !s.is_empty()) 43 43 - .collect() 44 44 - }) 45 38 } 46 39 47 40 fn strip_trailing_digits(s: &str) -> &str {

+18 -18

crates/tranquil-pds/src/oauth/endpoints/authorize.rs

··· 10 10 }; 11 11 use crate::state::AppState; 12 12 use crate::types::{Did, Handle, PlainPassword}; 13 13 + use crate::util::extract_client_ip; 13 13 - use crate::util::{extract_client_ip, pds_hostname, pds_hostname_without_port}; 14 14 use axum::{ 15 15 Json, 16 16 extract::{Query, State}, ··· 253 253 254 254 if let Some(ref login_hint) = request_data.parameters.login_hint { 255 255 tracing::info!(login_hint = %login_hint, "Checking login_hint for delegation"); 256 256 + let hostname_for_handles = tranquil_config::get().server.hostname_without_port(); 257 257 + let normalized = NormalizedLoginIdentifier::normalize(login_hint, &hostname_for_handles); 256 256 - let hostname_for_handles = pds_hostname_without_port(); 257 257 - let normalized = NormalizedLoginIdentifier::normalize(login_hint, hostname_for_handles); 258 258 tracing::info!(normalized = %normalized, "Normalized login_hint"); 259 259 260 260 match state ··· 526 526 url_encode(error_msg) 527 527 )) 528 528 }; 529 529 + let hostname_for_handles = tranquil_config::get().server.hostname_without_port(); 529 529 - let hostname_for_handles = pds_hostname_without_port(); 530 530 let normalized_username = 531 531 + NormalizedLoginIdentifier::normalize(&form.username, &hostname_for_handles); 531 531 - NormalizedLoginIdentifier::normalize(&form.username, hostname_for_handles); 532 532 tracing::debug!( 533 533 original_username = %form.username, 534 534 normalized_username = %normalized_username, 535 535 + pds_hostname = %tranquil_config::get().server.hostname, 535 535 - pds_hostname = %pds_hostname(), 536 536 "Normalized username for lookup" 537 537 ); 538 538 let user = match state ··· 677 677 .await 678 678 { 679 679 Ok(challenge) => { 680 680 + let hostname = &tranquil_config::get().server.hostname; 680 680 - let hostname = pds_hostname(); 681 681 if let Err(e) = enqueue_2fa_code( 682 682 state.user_repo.as_ref(), 683 683 state.infra_repo.as_ref(), ··· 992 992 .await 993 993 { 994 994 Ok(challenge) => { 995 995 + let hostname = &tranquil_config::get().server.hostname; 995 995 - let hostname = pds_hostname(); 996 996 if let Err(e) = enqueue_2fa_code( 997 997 state.user_repo.as_ref(), 998 998 state.infra_repo.as_ref(), ··· 1116 1116 '?' 1117 1117 }; 1118 1118 redirect_url.push(separator); 1119 1119 + let pds_host = &tranquil_config::get().server.hostname; 1119 1119 - let pds_host = pds_hostname(); 1120 1120 redirect_url.push_str(&format!( 1121 1121 "iss={}", 1122 1122 url_encode(&format!("https://{}", pds_host)) ··· 1134 1134 state: Option<&str>, 1135 1135 response_mode: Option<&str>, 1136 1136 ) -> String { 1137 1137 + let pds_host = &tranquil_config::get().server.hostname; 1137 1137 - let pds_host = pds_hostname(); 1138 1138 let mut url = format!( 1139 1139 "https://{}/oauth/authorize/redirect?redirect_uri={}&code={}", 1140 1140 pds_host, ··· 1991 1991 State(state): State<AppState>, 1992 1992 Query(query): Query<CheckPasskeysQuery>, 1993 1993 ) -> Response { 1994 1994 + let hostname_for_handles = tranquil_config::get().server.hostname_without_port(); 1994 1994 - let hostname_for_handles = pds_hostname_without_port(); 1995 1995 let bare_identifier = 1996 1996 + BareLoginIdentifier::from_identifier(&query.identifier, &hostname_for_handles); 1996 1996 - BareLoginIdentifier::from_identifier(&query.identifier, hostname_for_handles); 1997 1997 1998 1998 let user = state 1999 1999 .user_repo ··· 2023 2023 State(state): State<AppState>, 2024 2024 Query(query): Query<CheckPasskeysQuery>, 2025 2025 ) -> Response { 2026 2026 + let hostname_for_handles = tranquil_config::get().server.hostname_without_port(); 2026 2026 - let hostname_for_handles = pds_hostname_without_port(); 2027 2027 let normalized_identifier = 2028 2028 + NormalizedLoginIdentifier::normalize(&query.identifier, &hostname_for_handles); 2028 2028 - NormalizedLoginIdentifier::normalize(&query.identifier, hostname_for_handles); 2029 2029 2030 2030 let user = state 2031 2031 .user_repo ··· 2131 2131 .into_response(); 2132 2132 } 2133 2133 2134 2134 + let hostname_for_handles = tranquil_config::get().server.hostname_without_port(); 2134 2134 - let hostname_for_handles = pds_hostname_without_port(); 2135 2135 let normalized_username = 2136 2136 + NormalizedLoginIdentifier::normalize(&form.identifier, &hostname_for_handles); 2136 2136 - NormalizedLoginIdentifier::normalize(&form.identifier, hostname_for_handles); 2137 2137 2138 2138 let user = match state 2139 2139 .user_repo ··· 2602 2602 .await 2603 2603 { 2604 2604 Ok(challenge) => { 2605 2605 + let hostname = &tranquil_config::get().server.hostname; 2605 2605 - let hostname = pds_hostname(); 2606 2606 if let Err(e) = enqueue_2fa_code( 2607 2607 state.user_repo.as_ref(), 2608 2608 state.infra_repo.as_ref(), ··· 2881 2881 headers: HeaderMap, 2882 2882 Json(form): Json<AuthorizePasskeySubmit>, 2883 2883 ) -> Response { 2884 2884 + let pds_hostname = &tranquil_config::get().server.hostname; 2884 2884 - let pds_hostname = pds_hostname(); 2885 2885 let passkey_finish_request_id = RequestId::from(form.request_uri.clone()); 2886 2886 2887 2887 let request_data = match state

+2 -3

crates/tranquil-pds/src/oauth/endpoints/metadata.rs

··· 1 1 use crate::oauth::jwks::{JwkSet, create_jwk_set}; 2 2 use crate::state::AppState; 3 3 - use crate::util::pds_hostname; 4 3 use axum::{Json, extract::State}; 5 4 use serde::{Deserialize, Serialize}; 6 5 ··· 58 57 pub async fn oauth_protected_resource( 59 58 State(_state): State<AppState>, 60 59 ) -> Json<ProtectedResourceMetadata> { 60 60 + let pds_hostname = &tranquil_config::get().server.hostname; 61 61 - let pds_hostname = pds_hostname(); 62 61 let public_url = format!("https://{}", pds_hostname); 63 62 Json(ProtectedResourceMetadata { 64 63 resource: public_url.clone(), ··· 72 71 pub async fn oauth_authorization_server( 73 72 State(_state): State<AppState>, 74 73 ) -> Json<AuthorizationServerMetadata> { 74 74 + let pds_hostname = &tranquil_config::get().server.hostname; 75 75 - let pds_hostname = pds_hostname(); 76 75 let issuer = format!("https://{}", pds_hostname); 77 76 Json(AuthorizationServerMetadata { 78 77 issuer: issuer.clone(),

+2 -3

crates/tranquil-pds/src/oauth/endpoints/token/grants.rs

··· 12 12 verify_client_auth, 13 13 }; 14 14 use crate::state::AppState; 15 15 - use crate::util::pds_hostname; 16 15 use axum::Json; 17 16 use axum::http::{HeaderMap, Method}; 18 17 use chrono::{Duration, Utc}; ··· 101 100 let dpop_jkt = if let Some(proof) = &dpop_proof { 102 101 let config = AuthConfig::get(); 103 102 let verifier = DPoPVerifier::new(config.dpop_secret().as_bytes()); 103 103 + let pds_hostname = &tranquil_config::get().server.hostname; 104 104 - let pds_hostname = pds_hostname(); 105 104 let token_endpoint = format!("https://{}/oauth/token", pds_hostname); 106 105 let result = verifier.verify_proof(proof, Method::POST.as_str(), &token_endpoint, None)?; 107 106 if !state ··· 348 347 let dpop_jkt = if let Some(proof) = &dpop_proof { 349 348 let config = AuthConfig::get(); 350 349 let verifier = DPoPVerifier::new(config.dpop_secret().as_bytes()); 350 350 + let pds_hostname = &tranquil_config::get().server.hostname; 351 351 - let pds_hostname = pds_hostname(); 352 351 let token_endpoint = format!("https://{}/oauth/token", pds_hostname); 353 352 let result = verifier.verify_proof(proof, Method::POST.as_str(), &token_endpoint, None)?; 354 353 if !state

+1 -2

crates/tranquil-pds/src/oauth/endpoints/token/helpers.rs

··· 1 1 use crate::config::AuthConfig; 2 2 use crate::oauth::OAuthError; 3 3 - use crate::util::pds_hostname; 4 3 use base64::Engine; 5 4 use base64::engine::general_purpose::URL_SAFE_NO_PAD; 6 5 use chrono::Utc; ··· 52 51 ) -> Result<String, OAuthError> { 53 52 use serde_json::json; 54 53 let jti = uuid::Uuid::new_v4().to_string(); 54 54 + let pds_hostname = &tranquil_config::get().server.hostname; 55 55 - let pds_hostname = pds_hostname(); 56 55 let issuer = format!("https://{}", pds_hostname); 57 56 let now = Utc::now().timestamp(); 58 57 let exp = now + ACCESS_TOKEN_EXPIRY_SECONDS;

+1 -2

crates/tranquil-pds/src/oauth/endpoints/token/introspect.rs

··· 2 2 use crate::oauth::OAuthError; 3 3 use crate::rate_limit::{OAuthIntrospectLimit, OAuthRateLimited}; 4 4 use crate::state::AppState; 5 5 - use crate::util::pds_hostname; 6 5 use axum::extract::State; 7 6 use axum::http::StatusCode; 8 7 use axum::{Form, Json}; ··· 112 111 if token_data.expires_at < Utc::now() { 113 112 return Ok(Json(inactive_response)); 114 113 } 114 114 + let pds_hostname = &tranquil_config::get().server.hostname; 115 115 - let pds_hostname = pds_hostname(); 116 115 let issuer = format!("https://{}", pds_hostname); 117 116 Ok(Json(IntrospectResponse { 118 117 active: true,

+4 -12

crates/tranquil-pds/src/plc/mod.rs

··· 124 124 } 125 125 126 126 pub fn with_cache(base_url: Option<String>, cache: Option<Arc<dyn Cache>>) -> Self { 127 127 + let cfg = tranquil_config::get(); 128 128 + let base_url = base_url.unwrap_or_else(|| cfg.plc.directory_url.clone()); 129 129 + let timeout_secs = cfg.plc.timeout_secs; 130 130 + let connect_timeout_secs = cfg.plc.connect_timeout_secs; 127 127 - let base_url = base_url.unwrap_or_else(|| { 128 128 - std::env::var("PLC_DIRECTORY_URL") 129 129 - .unwrap_or_else(|_| "https://plc.directory".to_string()) 130 130 - }); 131 131 - let timeout_secs: u64 = std::env::var("PLC_TIMEOUT_SECS") 132 132 - .ok() 133 133 - .and_then(|v| v.parse().ok()) 134 134 - .unwrap_or(10); 135 135 - let connect_timeout_secs: u64 = std::env::var("PLC_CONNECT_TIMEOUT_SECS") 136 136 - .ok() 137 137 - .and_then(|v| v.parse().ok()) 138 138 - .unwrap_or(5); 139 131 let client = Client::builder() 140 132 .timeout(Duration::from_secs(timeout_secs)) 141 133 .connect_timeout(Duration::from_secs(connect_timeout_secs))

+2 -6

crates/tranquil-pds/src/scheduled.rs

··· 438 438 sso_repo: Arc<dyn SsoRepository>, 439 439 shutdown: CancellationToken, 440 440 ) { 441 441 + let check_interval = 442 442 + Duration::from_secs(tranquil_config::get().scheduled.delete_check_interval_secs); 441 441 - let check_interval = Duration::from_secs( 442 442 - std::env::var("SCHEDULED_DELETE_CHECK_INTERVAL_SECS") 443 443 - .ok() 444 444 - .and_then(|s| s.parse().ok()) 445 445 - .unwrap_or(3600), 446 446 - ); 447 443 448 444 info!( 449 445 check_interval_secs = check_interval.as_secs(),

+87 -73

crates/tranquil-pds/src/sso/config.rs

··· 1 1 - use crate::util::pds_hostname; 2 1 use std::sync::OnceLock; 3 2 use tranquil_db_traits::SsoProviderType; 4 3 ··· 34 33 impl SsoConfig { 35 34 pub fn init() -> &'static Self { 36 35 SSO_CONFIG.get_or_init(|| { 36 36 + let sso = &tranquil_config::get().sso; 37 37 + let config = SsoConfig { 38 38 + github: Self::provider_from_config( 39 39 + sso.github.enabled, 40 40 + sso.github.client_id.as_deref(), 41 41 + sso.github.client_secret.as_deref(), 42 42 + None, 43 43 + sso.github.display_name.as_deref(), 44 44 + "GITHUB", 45 45 + false, 46 46 + ), 47 47 + discord: Self::provider_from_config( 48 48 + sso.discord.enabled, 49 49 + sso.discord.client_id.as_deref(), 50 50 + sso.discord.client_secret.as_deref(), 51 51 + None, 52 52 + sso.discord.display_name.as_deref(), 53 53 + "DISCORD", 54 54 + false, 55 55 + ), 56 56 + google: Self::provider_from_config( 57 57 + sso.google.enabled, 58 58 + sso.google.client_id.as_deref(), 59 59 + sso.google.client_secret.as_deref(), 60 60 + None, 61 61 + sso.google.display_name.as_deref(), 62 62 + "GOOGLE", 63 63 + false, 64 64 + ), 65 65 + gitlab: Self::provider_from_config( 66 66 + sso.gitlab.enabled, 67 67 + sso.gitlab.client_id.as_deref(), 68 68 + sso.gitlab.client_secret.as_deref(), 69 69 + sso.gitlab.issuer.as_deref(), 70 70 + sso.gitlab.display_name.as_deref(), 71 71 + "GITLAB", 72 72 + true, 73 73 + ), 74 74 + oidc: Self::provider_from_config( 75 75 + sso.oidc.enabled, 76 76 + sso.oidc.client_id.as_deref(), 77 77 + sso.oidc.client_secret.as_deref(), 78 78 + sso.oidc.issuer.as_deref(), 79 79 + sso.oidc.display_name.as_deref(), 80 80 + "OIDC", 81 81 + true, 82 82 + ), 83 83 + apple: Self::apple_from_config(&sso.apple), 37 37 - let github = Self::load_provider("GITHUB", false); 38 38 - let discord = Self::load_provider("DISCORD", false); 39 39 - let google = Self::load_provider("GOOGLE", false); 40 40 - let gitlab = Self::load_provider("GITLAB", true); 41 41 - let oidc = Self::load_provider("OIDC", true); 42 42 - let apple = Self::load_apple_provider(); 43 43 - 44 44 - let config = SsoConfig { 45 45 - github, 46 46 - discord, 47 47 - google, 48 48 - gitlab, 49 49 - oidc, 50 50 - apple, 51 84 }; 52 85 53 86 if config.is_any_enabled() { 87 87 + let hostname = &tranquil_config::get().server.hostname; 54 54 - let hostname = pds_hostname(); 55 88 if hostname.is_empty() || hostname == "localhost" { 56 89 panic!( 57 90 "PDS_HOSTNAME must be set to a valid hostname when SSO is enabled. \ ··· 72 105 }) 73 106 } 74 107 108 108 + fn provider_from_config( 109 109 + enabled: bool, 110 110 + client_id: Option<&str>, 111 111 + client_secret: Option<&str>, 112 112 + issuer: Option<&str>, 113 113 + display_name: Option<&str>, 114 114 + name: &str, 115 115 + needs_issuer: bool, 116 116 + ) -> Option<ProviderConfig> { 75 75 - pub fn get_redirect_uri() -> &'static str { 76 76 - SSO_REDIRECT_URI 77 77 - .get() 78 78 - .map(|s| s.as_str()) 79 79 - .expect("SSO redirect URI not initialized - call SsoConfig::init() first") 80 80 - } 81 81 - 82 82 - fn load_provider(name: &str, needs_issuer: bool) -> Option<ProviderConfig> { 83 83 - let enabled = crate::util::parse_env_bool(&format!("SSO_{}_ENABLED", name)); 84 84 - 85 117 if !enabled { 86 118 return None; 87 119 } 120 120 + let client_id = client_id.filter(|s| !s.is_empty())?; 121 121 + let client_secret = client_secret.filter(|s| !s.is_empty())?; 88 122 123 123 + if needs_issuer { 124 124 + let issuer_val = issuer.filter(|s| !s.is_empty()); 125 125 + if issuer_val.is_none() { 89 89 - let client_id = std::env::var(format!("SSO_{}_CLIENT_ID", name)).ok()?; 90 90 - let client_secret = std::env::var(format!("SSO_{}_CLIENT_SECRET", name)).ok()?; 91 91 - 92 92 - if client_id.is_empty() || client_secret.is_empty() { 93 93 - tracing::warn!( 94 94 - "SSO_{} enabled but missing client_id or client_secret", 95 95 - name 96 96 - ); 97 97 - return None; 98 98 - } 99 99 - 100 100 - let issuer = if needs_issuer { 101 101 - let issuer_val = std::env::var(format!("SSO_{}_ISSUER", name)).ok(); 102 102 - if issuer_val.is_none() || issuer_val.as_ref().map(|s| s.is_empty()).unwrap_or(true) { 103 126 tracing::warn!("SSO_{} requires ISSUER but none provided", name); 104 127 return None; 105 128 } 129 129 + } 106 106 - issuer_val 107 107 - } else { 108 108 - None 109 109 - }; 110 110 - 111 111 - let display_name = std::env::var(format!("SSO_{}_NAME", name)).ok(); 112 130 113 131 Some(ProviderConfig { 132 132 + client_id: client_id.to_string(), 133 133 + client_secret: client_secret.to_string(), 134 134 + issuer: issuer.map(|s| s.to_string()), 135 135 + display_name: display_name.map(|s| s.to_string()), 114 114 - client_id, 115 115 - client_secret, 116 116 - issuer, 117 117 - display_name, 118 136 }) 119 137 } 120 138 139 139 + fn apple_from_config(cfg: &tranquil_config::SsoAppleConfig) -> Option<AppleProviderConfig> { 140 140 + if !cfg.enabled { 121 121 - fn load_apple_provider() -> Option<AppleProviderConfig> { 122 122 - let enabled = crate::util::parse_env_bool("SSO_APPLE_ENABLED"); 123 123 - 124 124 - if !enabled { 125 141 return None; 126 142 } 143 143 + let client_id = cfg.client_id.as_deref().filter(|s| !s.is_empty())?; 144 144 + let team_id = cfg.team_id.as_deref().filter(|s| !s.is_empty())?; 145 145 + let key_id = cfg.key_id.as_deref().filter(|s| !s.is_empty())?; 146 146 + let private_key_pem = cfg.private_key.as_deref().filter(|s| !s.is_empty())?; 127 147 148 148 + if team_id.len() != 10 { 128 128 - let client_id = std::env::var("SSO_APPLE_CLIENT_ID").ok()?; 129 129 - let team_id = std::env::var("SSO_APPLE_TEAM_ID").ok()?; 130 130 - let key_id = std::env::var("SSO_APPLE_KEY_ID").ok()?; 131 131 - let private_key_pem = std::env::var("SSO_APPLE_PRIVATE_KEY").ok()?; 132 132 - 133 133 - if client_id.is_empty() { 134 134 - tracing::warn!("SSO_APPLE enabled but missing CLIENT_ID"); 135 135 - return None; 136 136 - } 137 137 - if team_id.is_empty() || team_id.len() != 10 { 138 149 tracing::warn!("SSO_APPLE enabled but TEAM_ID is invalid (must be 10 characters)"); 139 150 return None; 140 151 } 152 152 + if !private_key_pem.contains("PRIVATE KEY") { 141 141 - if key_id.is_empty() { 142 142 - tracing::warn!("SSO_APPLE enabled but missing KEY_ID"); 143 143 - return None; 144 144 - } 145 145 - if private_key_pem.is_empty() || !private_key_pem.contains("PRIVATE KEY") { 146 153 tracing::warn!("SSO_APPLE enabled but PRIVATE_KEY is invalid"); 147 154 return None; 148 155 } 149 156 150 157 Some(AppleProviderConfig { 158 158 + client_id: client_id.to_string(), 159 159 + team_id: team_id.to_string(), 160 160 + key_id: key_id.to_string(), 161 161 + private_key_pem: private_key_pem.to_string(), 151 151 - client_id, 152 152 - team_id, 153 153 - key_id, 154 154 - private_key_pem, 155 162 }) 163 163 + } 164 164 + 165 165 + pub fn get_redirect_uri() -> &'static str { 166 166 + SSO_REDIRECT_URI 167 167 + .get() 168 168 + .map(|s| s.as_str()) 169 169 + .expect("SSO redirect URI not initialized - call SsoConfig::init() first") 156 170 } 157 171 158 172 pub fn get() -> &'static Self {

+16 -12

crates/tranquil-pds/src/sso/endpoints.rs

··· 18 18 check_user_rate_limit_with_message, 19 19 }; 20 20 use crate::state::AppState; 21 21 - use crate::util::{pds_hostname, pds_hostname_without_port}; 22 21 23 22 fn generate_state() -> String { 24 23 use rand::RngCore; ··· 773 772 } 774 773 }; 775 774 775 775 + let hostname_for_handles = tranquil_config::get().server.hostname_without_port(); 776 776 - let hostname_for_handles = pds_hostname_without_port(); 777 776 let full_handle = format!("{}.{}", validated, hostname_for_handles); 778 777 let handle_typed: crate::types::Handle = match full_handle.parse() { 779 778 Ok(h) => h, ··· 856 855 .await? 857 856 .ok_or(ApiError::SsoSessionExpired)?; 858 857 858 858 + let hostname = &tranquil_config::get().server.hostname; 859 859 + let hostname_for_handles = tranquil_config::get().server.hostname_without_port(); 859 859 - let hostname = pds_hostname(); 860 860 - let hostname_for_handles = pds_hostname_without_port(); 861 860 862 861 let handle = match crate::api::validation::validate_short_handle(&input.handle) { 863 862 Ok(h) => format!("{}.{}", h, hostname_for_handles), ··· 948 947 Err(_) => return Err(ApiError::InvalidInviteCode), 949 948 } 950 949 } else { 950 950 + let invite_required = tranquil_config::get().server.invite_code_required; 951 951 - let invite_required = crate::util::parse_env_bool("INVITE_CODE_REQUIRED"); 952 951 if invite_required { 953 952 return Err(ApiError::InviteCodeRequired); 954 953 } ··· 1006 1005 d.to_string() 1007 1006 } 1008 1007 _ => { 1008 1008 + let rotation_key = tranquil_config::get() 1009 1009 + .secrets 1010 1010 + .plc_rotation_key 1011 1011 + .clone() 1012 1012 + .unwrap_or_else(|| crate::plc::signing_key_to_did_key(&signing_key)); 1009 1009 - let rotation_key = std::env::var("PLC_ROTATION_KEY") 1010 1010 - .unwrap_or_else(|_| crate::plc::signing_key_to_did_key(&signing_key)); 1011 1013 1012 1014 let genesis_result = match crate::plc::create_genesis_operation( 1013 1015 &signing_key, ··· 1085 1087 1086 1088 let genesis_block_cids = vec![mst_root.to_bytes(), commit_cid.to_bytes()]; 1087 1089 1090 1090 + let birthdate_pref = if tranquil_config::get().server.age_assurance_override { 1091 1091 + Some(json!({ 1088 1088 - let birthdate_pref = std::env::var("PDS_AGE_ASSURANCE_OVERRIDE").ok().map(|_| { 1089 1089 - json!({ 1090 1092 "$type": "app.bsky.actor.defs#personalDetailsPref", 1091 1093 "birthDate": "1998-05-06T00:00:00.000Z" 1094 1094 + })) 1095 1095 + } else { 1096 1096 + None 1097 1097 + }; 1092 1092 - }) 1093 1093 - }); 1094 1098 1095 1099 let create_input = tranquil_db_traits::CreateSsoAccountInput { 1096 1100 handle: handle_typed.clone(), ··· 1299 1303 return Err(ApiError::InternalError(None)); 1300 1304 } 1301 1305 1306 1306 + let hostname = &tranquil_config::get().server.hostname; 1302 1302 - let hostname = pds_hostname(); 1303 1307 if let Err(e) = crate::comms::comms_repo::enqueue_welcome( 1304 1308 state.user_repo.as_ref(), 1305 1309 state.infra_repo.as_ref(),

+12 -28

crates/tranquil-pds/src/state.rs

··· 1 1 use crate::appview::DidResolver; 2 2 use crate::auth::webauthn::WebAuthnConfig; 3 3 + use crate::cache::{create_cache, Cache, DistributedRateLimiter}; 3 3 - use crate::cache::{Cache, DistributedRateLimiter, create_cache}; 4 4 use crate::circuit_breaker::CircuitBreakers; 5 5 use crate::config::AuthConfig; 6 6 use crate::rate_limit::RateLimiters; 7 7 use crate::repo::PostgresBlockStore; 8 8 use crate::repo_write_lock::RepoWriteLocks; 9 9 use crate::sso::{SsoConfig, SsoManager}; 10 10 + use crate::storage::{create_backup_storage, create_blob_storage, BackupStorage, BlobStorage}; 10 10 - use crate::storage::{BackupStorage, BlobStorage, create_backup_storage, create_blob_storage}; 11 11 use crate::sync::firehose::SequencedEvent; 12 12 - use crate::util::pds_hostname; 13 12 use sqlx::PgPool; 14 13 use std::error::Error; 15 15 - use std::sync::Arc; 16 14 use std::sync::atomic::{AtomicBool, Ordering}; 15 15 + use std::sync::Arc; 17 16 use tokio::sync::broadcast; 18 17 use tokio_util::sync::CancellationToken; 19 18 use tranquil_db::{ ··· 25 24 static RATE_LIMITING_DISABLED: AtomicBool = AtomicBool::new(false); 26 25 27 26 pub fn init_rate_limit_override() { 27 27 + let disabled = tranquil_config::get().server.disable_rate_limiting; 28 28 - let disabled = std::env::var("DISABLE_RATE_LIMITING").is_ok(); 29 28 RATE_LIMITING_DISABLED.store(disabled, Ordering::Relaxed); 30 29 if disabled { 30 30 + tracing::warn!("rate limiting is DISABLED via configuration"); 31 31 - tracing::warn!("rate limiting is DISABLED via DISABLE_RATE_LIMITING env var"); 32 31 } 33 32 } 34 33 ··· 205 204 206 205 impl AppState { 207 206 pub async fn new(shutdown: CancellationToken) -> Result<Self, Box<dyn Error>> { 207 207 + let cfg = tranquil_config::get(); 208 208 + let database_url = &cfg.database.url; 209 209 + let max_connections = cfg.database.max_connections; 210 210 + let min_connections = cfg.database.min_connections; 211 211 + let acquire_timeout_secs = cfg.database.acquire_timeout_secs; 208 208 - let database_url = std::env::var("DATABASE_URL") 209 209 - .map_err(|_| "DATABASE_URL environment variable must be set")?; 210 210 - 211 211 - let max_connections: u32 = std::env::var("DATABASE_MAX_CONNECTIONS") 212 212 - .ok() 213 213 - .and_then(|v| v.parse().ok()) 214 214 - .unwrap_or(100); 215 215 - 216 216 - let min_connections: u32 = std::env::var("DATABASE_MIN_CONNECTIONS") 217 217 - .ok() 218 218 - .and_then(|v| v.parse().ok()) 219 219 - .unwrap_or(10); 220 220 - 221 221 - let acquire_timeout_secs: u64 = std::env::var("DATABASE_ACQUIRE_TIMEOUT_SECS") 222 222 - .ok() 223 223 - .and_then(|v| v.parse().ok()) 224 224 - .unwrap_or(10); 225 212 226 213 tracing::info!( 227 214 "Configuring database pool: max={}, min={}, acquire_timeout={}s", ··· 257 244 let blob_store = create_blob_storage().await; 258 245 let backup_storage = create_backup_storage().await; 259 246 247 247 + let firehose_buffer_size = tranquil_config::get().firehose.buffer_size; 260 260 - let firehose_buffer_size: usize = std::env::var("FIREHOSE_BUFFER_SIZE") 261 261 - .ok() 262 262 - .and_then(|v| v.parse().ok()) 263 263 - .unwrap_or(10000); 264 248 265 249 let (firehose_tx, _) = broadcast::channel(firehose_buffer_size); 266 250 let rate_limiters = Arc::new(RateLimiters::new()); ··· 271 255 let sso_config = SsoConfig::init(); 272 256 let sso_manager = SsoManager::from_config(sso_config); 273 257 let webauthn_config = Arc::new( 258 258 + WebAuthnConfig::new(&tranquil_config::get().server.hostname) 274 274 - WebAuthnConfig::new(pds_hostname()) 275 259 .expect("Failed to create WebAuthn config at startup"), 276 260 ); 277 261

+2 -8

crates/tranquil-pds/src/sync/subscribe_repos.rs

··· 59 59 } 60 60 61 61 fn get_backfill_hours() -> i64 { 62 62 + tranquil_config::get().firehose.backfill_hours 62 62 - std::env::var("FIREHOSE_BACKFILL_HOURS") 63 63 - .ok() 64 64 - .and_then(|v| v.parse().ok()) 65 65 - .unwrap_or(72) 66 63 } 67 64 68 65 async fn handle_socket_inner( ··· 204 201 } 205 202 } 206 203 } 204 204 + let max_lag_before_disconnect: u64 = tranquil_config::get().firehose.max_lag; 207 207 - let max_lag_before_disconnect: u64 = std::env::var("FIREHOSE_MAX_LAG") 208 208 - .ok() 209 209 - .and_then(|v| v.parse().ok()) 210 210 - .unwrap_or(5000); 211 205 loop { 212 206 tokio::select! { 213 207 result = rx.recv() => {

+1 -2

crates/tranquil-pds/src/sync/verify.rs

··· 145 145 } 146 146 147 147 async fn resolve_plc_did(&self, did: &str) -> Result<DidDocument<'static>, VerifyError> { 148 148 + let plc_url = tranquil_config::get().plc.directory_url.clone(); 148 148 - let plc_url = std::env::var("PLC_DIRECTORY_URL") 149 149 - .unwrap_or_else(|_| "https://plc.directory".to_string()); 150 149 let url = format!("{}/{}", plc_url, urlencoding::encode(did)); 151 150 let response = self 152 151 .http_client

+5 -31

crates/tranquil-pds/src/util.rs

··· 9 9 use std::sync::OnceLock; 10 10 11 11 const BASE32_ALPHABET: &str = "abcdefghijklmnopqrstuvwxyz234567"; 12 12 - const DEFAULT_MAX_BLOB_SIZE: usize = 10 * 1024 * 1024 * 1024; 13 12 14 14 - static MAX_BLOB_SIZE: OnceLock<usize> = OnceLock::new(); 15 15 - static PDS_HOSTNAME: OnceLock<String> = OnceLock::new(); 16 16 - static PDS_HOSTNAME_WITHOUT_PORT: OnceLock<String> = OnceLock::new(); 17 13 static DISCORD_BOT_USERNAME: OnceLock<String> = OnceLock::new(); 18 14 static DISCORD_PUBLIC_KEY: OnceLock<ed25519_dalek::VerifyingKey> = OnceLock::new(); 19 15 static DISCORD_APP_ID: OnceLock<String> = OnceLock::new(); 20 16 static TELEGRAM_BOT_USERNAME: OnceLock<String> = OnceLock::new(); 21 21 - 22 22 - pub fn get_max_blob_size() -> usize { 23 23 - *MAX_BLOB_SIZE.get_or_init(|| { 24 24 - std::env::var("MAX_BLOB_SIZE") 25 25 - .ok() 26 26 - .and_then(|s| s.parse().ok()) 27 27 - .unwrap_or(DEFAULT_MAX_BLOB_SIZE) 28 28 - }) 29 29 - } 30 17 31 18 pub fn generate_token_code() -> String { 32 19 generate_token_code_parts(2, 5) ··· 109 96 .unwrap_or_else(|| "unknown".to_string()) 110 97 } 111 98 112 112 - pub fn pds_hostname() -> &'static str { 113 113 - PDS_HOSTNAME 114 114 - .get_or_init(|| std::env::var("PDS_HOSTNAME").unwrap_or_else(|_| "localhost".to_string())) 115 115 - } 116 116 - 117 117 - pub fn pds_hostname_without_port() -> &'static str { 118 118 - PDS_HOSTNAME_WITHOUT_PORT.get_or_init(|| { 119 119 - let hostname = pds_hostname(); 120 120 - hostname.split(':').next().unwrap_or(hostname).to_string() 121 121 - }) 122 122 - } 123 123 - 124 99 pub fn set_discord_bot_username(username: String) { 125 100 DISCORD_BOT_USERNAME.set(username).ok(); 126 101 } ··· 154 129 } 155 130 156 131 pub fn parse_env_bool(key: &str) -> bool { 132 132 + // Check the config system first, then fall back to env var for dynamic 133 133 + // SSO keys that are not in the static config struct. 157 134 std::env::var(key) 158 135 .map(|v| v == "true" || v == "1") 159 136 .unwrap_or(false) 160 160 - } 161 161 - 162 162 - pub fn pds_public_url() -> String { 163 163 - format!("https://{}", pds_hostname()) 164 137 } 165 138 166 139 pub fn build_full_url(path: &str) -> String { 140 140 + let cfg = tranquil_config::get(); 167 141 let normalized_path = if !path.starts_with("/xrpc/") 168 142 && (path.starts_with("/com.atproto.") 169 143 || path.starts_with("/app.bsky.") 170 144 || path.starts_with("/_")) 171 145 { 146 146 + format!("/xrpc{path}") 172 172 - format!("/xrpc{}", path) 173 147 } else { 174 148 path.to_string() 175 149 }; 150 150 + format!("{}{normalized_path}", cfg.server.public_url()) 176 176 - format!("{}{}", pds_public_url(), normalized_path) 177 151 } 178 152 179 153 pub fn json_to_ipld(value: &JsonValue) -> Ipld {

+1

crates/tranquil-ripple/Cargo.toml

··· 5 5 license.workspace = true 6 6 7 7 [dependencies] 8 8 + tranquil-config = { workspace = true } 8 9 tranquil-infra = { workspace = true } 9 10 10 11 async-trait = { workspace = true }

+23 -42

crates/tranquil-ripple/src/config.rs

··· 15 15 pub cache_max_bytes: usize, 16 16 } 17 17 18 18 - fn parse_env_with_warning<T: std::str::FromStr>(var_name: &str, raw: &str) -> Option<T> { 19 19 - match raw.parse::<T>() { 20 20 - Ok(v) => Some(v), 21 21 - Err(_) => { 22 22 - tracing::warn!( 23 23 - var = var_name, 24 24 - value = raw, 25 25 - "invalid env var value, using default" 26 26 - ); 27 27 - None 28 28 - } 29 29 - } 30 30 - } 31 31 - 32 18 impl RippleConfig { 19 19 + pub fn from_config() -> Result<Self, RippleConfigError> { 20 20 + let ripple = &tranquil_config::get().cache.ripple; 21 21 + 22 22 + let bind_addr: SocketAddr = ripple 23 23 + .bind_addr 33 33 - pub fn from_env() -> Result<Self, RippleConfigError> { 34 34 - let bind_addr: SocketAddr = std::env::var("RIPPLE_BIND") 35 35 - .unwrap_or_else(|_| "0.0.0.0:0".into()) 36 24 .parse() 37 25 .map_err(|e| RippleConfigError::InvalidAddr(format!("{e}")))?; 38 26 27 27 + let seed_peers: Vec<SocketAddr> = ripple 28 28 + .peers 29 29 + .as_deref() 30 30 + .unwrap_or(&[]) 31 31 + .iter() 39 39 - let seed_peers: Vec<SocketAddr> = std::env::var("RIPPLE_PEERS") 40 40 - .unwrap_or_default() 41 41 - .split(',') 42 32 .filter(|s| !s.trim().is_empty()) 43 33 .map(|s| { 44 34 s.trim() ··· 47 37 }) 48 38 .collect::<Result<Vec<_>, _>>()?; 49 39 40 40 + let machine_id = ripple.machine_id.unwrap_or_else(|| { 41 41 + let host_str = std::fs::read_to_string("/etc/hostname") 42 42 + .map(|s| s.trim().to_string()) 43 43 + .unwrap_or_else(|_| format!("pid-{}", std::process::id())); 44 44 + let input = format!("{host_str}:{bind_addr}:{}", std::process::id()); 45 45 + fnv1a(input.as_bytes()) 46 46 + }); 50 50 - let machine_id: u64 = std::env::var("RIPPLE_MACHINE_ID") 51 51 - .ok() 52 52 - .and_then(|v| parse_env_with_warning::<u64>("RIPPLE_MACHINE_ID", &v)) 53 53 - .unwrap_or_else(|| { 54 54 - let host_str = std::fs::read_to_string("/etc/hostname") 55 55 - .map(|s| s.trim().to_string()) 56 56 - .unwrap_or_else(|_| format!("pid-{}", std::process::id())); 57 57 - let input = format!("{host_str}:{bind_addr}:{}", std::process::id()); 58 58 - fnv1a(input.as_bytes()) 59 59 - }); 60 47 48 48 + let gossip_interval_ms = ripple.gossip_interval_ms.max(50); 61 61 - let gossip_interval_ms: u64 = std::env::var("RIPPLE_GOSSIP_INTERVAL_MS") 62 62 - .ok() 63 63 - .and_then(|v| parse_env_with_warning::<u64>("RIPPLE_GOSSIP_INTERVAL_MS", &v)) 64 64 - .unwrap_or(200) 65 65 - .max(50); 66 49 50 50 + let cache_max_bytes = ripple 51 51 + .cache_max_mb 52 52 + .clamp(1, 16_384) 53 53 + .saturating_mul(1024) 54 54 + .saturating_mul(1024); 67 67 - let cache_max_mb: usize = std::env::var("RIPPLE_CACHE_MAX_MB") 68 68 - .ok() 69 69 - .and_then(|v| parse_env_with_warning::<usize>("RIPPLE_CACHE_MAX_MB", &v)) 70 70 - .unwrap_or(256) 71 71 - .clamp(1, 16_384); 72 72 - 73 73 - let cache_max_bytes = cache_max_mb.saturating_mul(1024).saturating_mul(1024); 74 55 75 56 Ok(Self { 76 57 bind_addr,

+1

crates/tranquil-storage/Cargo.toml

··· 9 9 s3 = ["dep:aws-config", "dep:aws-sdk-s3"] 10 10 11 11 [dependencies] 12 12 + tranquil-config = { workspace = true } 12 13 tranquil-infra = { workspace = true } 13 14 14 15 async-trait = { workspace = true }

+34 -34

crates/tranquil-storage/src/lib.rs

··· 121 121 122 122 impl S3BlobStorage { 123 123 pub async fn new() -> Self { 124 124 + let cfg = tranquil_config::get(); 125 125 + let bucket = cfg 126 126 + .storage 127 127 + .s3_bucket 128 128 + .clone() 129 129 + .expect("storage.s3_bucket (S3_BUCKET) must be set"); 124 124 - let bucket = std::env::var("S3_BUCKET").expect("S3_BUCKET must be set"); 125 130 let client = create_s3_client().await; 126 131 Self { client, bucket } 127 132 } ··· 140 145 .load() 141 146 .await; 142 147 148 148 + tranquil_config::get() 149 149 + .storage 150 150 + .s3_endpoint 151 151 + .as_deref() 152 152 + .map_or_else( 153 153 + || Client::new(&config), 154 154 + |endpoint| { 155 155 + let s3_config = aws_sdk_s3::config::Builder::from(&config) 156 156 + .endpoint_url(endpoint) 157 157 + .force_path_style(true) 158 158 + .build(); 159 159 + Client::from_conf(s3_config) 160 160 + }, 161 161 + ) 143 143 - std::env::var("S3_ENDPOINT").ok().map_or_else( 144 144 - || Client::new(&config), 145 145 - |endpoint| { 146 146 - let s3_config = aws_sdk_s3::config::Builder::from(&config) 147 147 - .endpoint_url(endpoint) 148 148 - .force_path_style(true) 149 149 - .build(); 150 150 - Client::from_conf(s3_config) 151 151 - }, 152 152 - ) 153 162 } 154 163 155 164 pub struct S3BackupStorage { ··· 159 168 160 169 impl S3BackupStorage { 161 170 pub async fn new() -> Option<Self> { 171 171 + let bucket = tranquil_config::get().backup.s3_bucket.clone()?; 162 162 - let bucket = std::env::var("BACKUP_S3_BUCKET").ok()?; 163 172 let client = create_s3_client().await; 164 173 Some(Self { client, bucket }) 165 174 } ··· 499 508 }) 500 509 } 501 510 502 502 - pub async fn from_env() -> Result<Self, StorageError> { 503 503 - let path = std::env::var("BLOB_STORAGE_PATH") 504 504 - .map_err(|_| StorageError::Other("BLOB_STORAGE_PATH not set".into()))?; 505 505 - Self::new(path).await 506 506 - } 507 507 - 508 511 fn resolve_path(&self, key: &str) -> Result<PathBuf, StorageError> { 509 512 validate_key(key)?; 510 513 Ok(split_cid_path(key).map_or_else( ··· 649 652 }) 650 653 } 651 654 652 652 - pub async fn from_env() -> Result<Self, StorageError> { 653 653 - let path = std::env::var("BACKUP_STORAGE_PATH") 654 654 - .map_err(|_| StorageError::Other("BACKUP_STORAGE_PATH not set".into()))?; 655 655 - Self::new(path).await 656 656 - } 657 657 - 658 655 fn resolve_path(&self, key: &str) -> Result<PathBuf, StorageError> { 659 656 validate_key(key)?; 660 657 Ok(self.base_path.join(key)) ··· 701 698 } 702 699 703 700 pub async fn create_blob_storage() -> Arc<dyn BlobStorage> { 701 701 + let cfg = tranquil_config::get(); 702 702 + let backend = &cfg.storage.backend; 704 704 - let backend = std::env::var("BLOB_STORAGE_BACKEND").unwrap_or_else(|_| "filesystem".into()); 705 703 706 704 match backend.as_str() { 707 705 #[cfg(feature = "s3")] ··· 718 716 } 719 717 _ => { 720 718 tracing::info!("Initializing filesystem blob storage"); 719 719 + let path = cfg.storage.path.clone(); 720 720 + FilesystemBlobStorage::new(path) 721 721 - FilesystemBlobStorage::from_env() 722 721 .await 723 722 .unwrap_or_else(|e| { 724 723 panic!( ··· 733 732 } 734 733 735 734 pub async fn create_backup_storage() -> Option<Arc<dyn BackupStorage>> { 735 735 + let cfg = tranquil_config::get(); 736 736 - let enabled = std::env::var("BACKUP_ENABLED") 737 737 - .map(|v| v != "false" && v != "0") 738 738 - .unwrap_or(true); 739 736 737 737 + if !cfg.backup.enabled { 738 738 + tracing::info!("Backup storage disabled via config"); 740 740 - if !enabled { 741 741 - tracing::info!("Backup storage disabled via BACKUP_ENABLED=false"); 742 739 return None; 743 740 } 744 741 742 742 + let backend = &cfg.backup.backend; 745 745 - let backend = std::env::var("BACKUP_STORAGE_BACKEND").unwrap_or_else(|_| "filesystem".into()); 746 743 747 744 match backend.as_str() { 748 745 #[cfg(feature = "s3")] ··· 767 764 ); 768 765 None 769 766 } 767 767 + _ => { 768 768 + let path = cfg.backup.path.clone(); 769 769 + FilesystemBackupStorage::new(path).await.map_or_else( 770 770 - _ => FilesystemBackupStorage::from_env().await.map_or_else( 771 770 |e| { 772 771 tracing::error!( 773 772 "Failed to initialize filesystem backup storage: {}. \ ··· 781 780 tracing::info!("Initialized filesystem backup storage"); 782 781 Some(Arc::new(storage) as Arc<dyn BackupStorage>) 783 782 }, 783 783 + ) 784 784 + } 784 784 - ), 785 785 } 786 786 } 787 787

default.nix

This file has not been changed.

+1

docker-compose.prod.yaml

··· 17 17 MASTER_KEY: "${MASTER_KEY:?MASTER_KEY is required (min 32 chars)}" 18 18 CRAWLERS: "${CRAWLERS:-https://bsky.network}" 19 19 volumes: 20 20 + - ./config.toml:/etc/tranquil-pds/config.toml:ro 20 21 - blob_data:/var/lib/tranquil/blobs 21 22 - backup_data:/var/lib/tranquil/backups 22 23 depends_on:

+1

docker-compose.yaml

··· 11 11 environment: 12 12 DATABASE_URL: postgres://postgres:postgres@db:5432/pds 13 13 volumes: 14 14 + - ./config.toml:/etc/tranquil-pds/config.toml:ro 14 15 - blob_data:/var/lib/tranquil/blobs 15 16 - backup_data:/var/lib/tranquil/backups 16 17 depends_on:

+59 -63

docs/install-containers.md

··· 1 1 + # Tranquil PDS containerized production deployment 1 1 - # Tranquil PDS Containerized Production Deployment 2 2 3 3 This guide covers deploying Tranquil PDS using containers with podman. 4 4 ··· 7 7 8 8 ## Prerequisites 9 9 10 10 + - A server :p 10 10 - - A VPS with at least 2GB RAM 11 11 - Disk space for blobs (depends on usage; plan for ~1GB per active user as a baseline) 12 12 - A domain name pointing to your server's IP 13 13 - A **wildcard TLS certificate** for `*.pds.example.com` (user handles are served as subdomains) 14 14 + - Root/sudo/doas access 14 14 - - Root or sudo access 15 15 16 16 + ## Quickstart (docker/podman compose) 16 16 - ## Quick Start (Docker/Podman Compose) 17 17 18 18 If you just want to get running quickly: 19 19 20 20 ```sh 21 21 + cp example.toml config.toml 21 21 - cp .env.example .env 22 22 ``` 23 23 24 24 + Edit `config.toml` with your values. Generate secrets with `openssl rand -base64 48`. 24 24 - Edit `.env` with your values. Generate secrets with `openssl rand -base64 48`. 25 25 26 26 Build and start: 27 27 ```sh ··· 38 38 ln -sf live/pds.example.com/privkey.pem certs/privkey.pem 39 39 podman-compose -f docker-compose.prod.yaml restart nginx 40 40 ``` 41 41 + 42 42 + The end!!! 43 43 + 44 44 + Or wait, you want more? Perhaps a deployment that comes back on server restart? 41 45 42 46 For production setups with proper service management, continue to either the Debian or Alpine section below. 43 47 48 48 + ## Standalone containers (no compose) 44 44 - ## Standalone Containers (No Compose) 45 49 46 50 If you already have postgres running on the host (eg. from the [Debian install guide](install-debian.md)), you can run just the app containers. 47 51 ··· 55 59 ```sh 56 60 podman run -d --name tranquil-pds \ 57 61 --network=host \ 62 62 + -v /etc/tranquil-pds/config.toml:/etc/tranquil-pds/config.toml:ro,Z \ 58 58 - --env-file /etc/tranquil-pds/tranquil-pds.env \ 59 63 -v /var/lib/tranquil:/var/lib/tranquil:Z \ 60 64 tranquil-pds:latest 61 65 ``` ··· 91 95 92 96 --- 93 97 98 98 + # Debian with systemd quadlets 94 94 - # Debian 13+ with Systemd Quadlets 95 99 100 100 + Quadlets are a nice way to run podman containers under systemd. 96 96 - Quadlets are the modern way to run podman containers under systemd. 97 101 102 102 + ## Install podman 98 98 - ## Install Podman 99 103 100 104 ```bash 101 105 apt update 102 106 apt install -y podman 103 107 ``` 104 108 109 109 + ## Create the directory structure 105 105 - ## Create Directory Structure 106 110 107 111 ```bash 108 112 mkdir -p /etc/containers/systemd 109 113 mkdir -p /srv/tranquil-pds/{postgres,blobs,backups,certs,acme,config} 110 114 ``` 111 115 116 116 + ## Create a configuration file 112 112 - ## Create Environment File 113 117 114 118 ```bash 119 119 + cp /opt/tranquil-pds/example.toml /srv/tranquil-pds/config/config.toml 120 120 + chmod 600 /srv/tranquil-pds/config/config.toml 115 115 - cp /opt/tranquil-pds/.env.example /srv/tranquil-pds/config/tranquil-pds.env 116 116 - chmod 600 /srv/tranquil-pds/config/tranquil-pds.env 117 121 ``` 118 122 123 123 + Edit `/srv/tranquil-pds/config/config.toml` and fill in your values. Generate secrets with: 119 119 - Edit `/srv/tranquil-pds/config/tranquil-pds.env` and fill in your values. Generate secrets with: 120 124 ```bash 121 125 openssl rand -base64 48 122 126 ``` 123 127 128 128 + > **Note:** Every config option can also be set via environment variables 129 129 + > (see comments in `example.toml`). Environment variables always take 130 130 + > precedence over the config file. 124 124 - For quadlets, also add `DATABASE_URL` with the full connection string (systemd doesn't support variable expansion). 125 131 132 132 + ## Install quadlet definitions 126 126 - ## Install Quadlet Definitions 127 133 128 134 Copy the quadlet files from the repository: 129 135 ```bash ··· 136 142 137 143 Optional quadlets for valkey and minio are also available in `deploy/quadlets/` if you need them. 138 144 145 145 + ## Create nginx configuration 139 139 - Note: Systemd doesn't support shell-style variable expansion in `Environment=` lines. The quadlet files expect DATABASE_URL to be set in the environment file. 140 140 - 141 141 - ## Create nginx Configuration 142 146 143 147 ```bash 144 148 cp /opt/tranquil-pds/nginx.frontend.conf /srv/tranquil-pds/config/nginx.conf 145 149 ``` 146 150 151 151 + ## Clone and build images 147 147 - ## Clone and Build Images 148 152 149 153 ```bash 150 154 cd /opt ··· 154 158 podman build -t tranquil-pds-frontend:latest ./frontend 155 159 ``` 156 160 161 161 + ## Create podman secrets 157 157 - ## Create Podman Secrets 158 162 159 163 ```bash 160 160 - source /srv/tranquil-pds/config/tranquil-pds.env 161 164 echo "$DB_PASSWORD" | podman secret create tranquil-pds-db-password - 162 165 ``` 163 166 167 167 + ## Start services and initialize 164 164 - ## Start Services and Initialize 165 168 166 169 ```bash 167 170 systemctl daemon-reload ··· 169 172 sleep 10 170 173 ``` 171 174 175 175 + ## Obtain a wildcard SSL cert 172 172 - Run migrations: 173 173 - ```bash 174 174 - cargo install sqlx-cli --no-default-features --features postgres 175 175 - DATABASE_URL="postgres://tranquil_pds:your-db-password@localhost:5432/pds" sqlx migrate run --source /opt/tranquil-pds/migrations 176 176 - ``` 177 177 - 178 178 - ## Obtain Wildcard SSL Certificate 179 176 180 177 User handles are served as subdomains (eg. `alice.pds.example.com`), so you need a wildcard certificate. Wildcard certs require DNS-01 validation. 181 178 ··· 209 206 systemctl restart tranquil-pds-nginx 210 207 ``` 211 208 209 209 + ## Enable all services 212 212 - ## Enable All Services 213 210 214 211 ```bash 215 212 systemctl enable tranquil-pds-db tranquil-pds-app tranquil-pds-frontend tranquil-pds-nginx 216 213 ``` 217 214 215 215 + ## Configure firewall if you're into that sort of thing 218 218 - ## Configure Firewall 219 216 220 217 ```bash 221 218 apt install -y ufw ··· 225 222 ufw enable 226 223 ``` 227 224 225 225 + ## Cert renewal 228 228 - ## Certificate Renewal 229 226 230 227 Add to root's crontab (`crontab -e`): 231 228 ``` ··· 234 231 235 232 --- 236 233 234 234 + # Alpine with OpenRC 237 237 - # Alpine 3.23+ with OpenRC 238 235 236 236 + Alpine uses OpenRC, not systemd. So instead of quadlets we'll use podman-compose with an OpenRC service wrapper. 239 239 - Alpine uses OpenRC, not systemd. We'll use podman-compose with an OpenRC service wrapper. 240 237 238 238 + ## Install podman 241 241 - ## Install Podman 242 239 243 240 ```sh 244 241 apk update ··· 253 250 rc-service podman start 254 251 ``` 255 252 253 253 + ## Create the directory structure 256 256 - ## Create Directory Structure 257 254 258 255 ```sh 259 256 mkdir -p /srv/tranquil-pds/{data,config} 260 257 mkdir -p /srv/tranquil-pds/data/{postgres,blobs,backups,certs,acme} 261 258 ``` 262 259 260 260 + ## Clone the repo and build images 263 263 - ## Clone Repository and Build Images 264 261 265 262 ```sh 266 263 cd /opt ··· 270 267 podman build -t tranquil-pds-frontend:latest ./frontend 271 268 ``` 272 269 270 270 + ## Create a configuration file 273 273 - ## Create Environment File 274 271 275 272 ```sh 273 273 + cp /opt/tranquil-pds/example.toml /srv/tranquil-pds/config/config.toml 274 274 + chmod 600 /srv/tranquil-pds/config/config.toml 276 276 - cp /opt/tranquil-pds/.env.example /srv/tranquil-pds/config/tranquil-pds.env 277 277 - chmod 600 /srv/tranquil-pds/config/tranquil-pds.env 278 275 ``` 279 276 277 277 + Edit `/srv/tranquil-pds/config/config.toml` and fill in your values. Generate secrets with: 280 280 - Edit `/srv/tranquil-pds/config/tranquil-pds.env` and fill in your values. Generate secrets with: 281 278 ```sh 282 279 openssl rand -base64 48 283 280 ``` 284 281 282 282 + > **Note:** Every config option can also be set via environment variables 283 283 + > (see comments in `example.toml`). Environment variables always take 284 284 + > precedence over the config file. 285 285 + 286 286 + ## Set up compose and nginx 285 285 - ## Set Up Compose and nginx 286 287 287 288 Copy the production compose and nginx configs: 288 289 ```sh ··· 297 298 Edit `/srv/tranquil-pds/config/nginx.conf` to update cert paths: 298 299 - Change `/etc/nginx/certs/live/${PDS_HOSTNAME}/` to `/etc/nginx/certs/` 299 300 301 301 + ## Create OpenRC service 300 300 - ## Create OpenRC Service 301 302 302 303 ```sh 303 304 cat > /etc/init.d/tranquil-pds << 'EOF' 304 305 #!/sbin/openrc-run 305 306 name="tranquil-pds" 307 307 + description="Tranquil PDS AT Protocol PDS" 306 306 - description="Tranquil PDS AT Protocol PDS (containerized)" 307 308 command="/usr/bin/podman-compose" 308 309 command_args="-f /srv/tranquil-pds/docker-compose.yml up" 309 310 command_background=true ··· 314 315 after firewall 315 316 } 316 317 start_pre() { 318 318 + checkpath -d /srv/tranquil-pds 317 317 - set -a 318 318 - . /srv/tranquil-pds/config/tranquil-pds.env 319 319 - set +a 320 319 } 321 320 stop() { 322 321 ebegin "Stopping ${name}" 323 322 cd /srv/tranquil-pds 324 324 - set -a 325 325 - . /srv/tranquil-pds/config/tranquil-pds.env 326 326 - set +a 327 323 podman-compose -f /srv/tranquil-pds/docker-compose.yml down 328 324 eend $? 329 325 } ··· 331 327 chmod +x /etc/init.d/tranquil-pds 332 328 ``` 333 329 330 330 + ## Initialize services 334 334 - ## Initialize Services 335 331 336 332 Start services: 337 333 ```sh ··· 349 345 DATABASE_URL="postgres://tranquil_pds:$DB_PASSWORD@$DB_IP:5432/pds" sqlx migrate run --source /opt/tranquil-pds/migrations 350 346 ``` 351 347 348 348 + ## Obtain wildcard SSL cert 352 352 - ## Obtain Wildcard SSL Certificate 353 349 354 350 User handles are served as subdomains (eg. `alice.pds.example.com`), so you need a wildcard certificate. Wildcard certs require DNS-01 validation. 355 351 ··· 381 377 rc-service tranquil-pds restart 382 378 ``` 383 379 380 380 + ## Enable service at boot time 384 384 - ## Enable Service at Boot 385 381 386 382 ```sh 387 383 rc-update add tranquil-pds 388 384 ``` 389 385 386 386 + ## Configure firewall if you're into that sort of thing 390 390 - ## Configure Firewall 391 387 392 388 ```sh 393 389 apk add iptables ip6tables ··· 409 405 /etc/init.d/ip6tables save 410 406 ``` 411 407 408 408 + ## Cert renewal 412 412 - ## Certificate Renewal 413 409 414 410 Add to root's crontab (`crontab -e`): 415 411 ``` ··· 418 414 419 415 --- 420 416 417 417 + # Verification and maintenance 421 421 - # Verification and Maintenance 422 418 419 419 + ## Verify installation 423 423 - ## Verify Installation 424 420 425 421 ```sh 426 422 curl -s https://pds.example.com/xrpc/_health | jq 427 423 curl -s https://pds.example.com/.well-known/atproto-did 428 424 ``` 429 425 426 426 + ## View logs 430 430 - ## View Logs 431 427 432 428 **Debian:** 433 429 ```bash ··· 462 458 rc-service tranquil-pds restart 463 459 ``` 464 460 461 461 + ## Backup database 465 465 - ## Backup Database 466 462 467 463 **Debian:** 468 464 ```bash ··· 474 470 podman exec tranquil-pds-db-1 pg_dump -U tranquil_pds pds > /var/backups/pds-$(date +%Y%m%d).sql 475 471 ``` 476 472 473 473 + ## Custom homepage 477 477 - ## Custom Homepage 478 474 479 475 The frontend container serves `homepage.html` as the landing page. To customize it, either: 480 476

+35 -30

docs/install-debian.md

··· 1 1 - # Tranquil PDS Production Installation on Debian 1 1 + # Tranquil PDS production installation on debian 2 2 3 3 - This guide covers installing Tranquil PDS on Debian 13. 3 3 + This guide covers installing Tranquil PDS on Debian. 4 4 5 5 + It is a "compile the thing on the server itself" -style guide. 6 6 + This cop-out is because Tranquil isn't built and released via CI as of yet. 7 7 + 5 8 ## Prerequisites 6 9 7 7 - - A VPS with at least 2GB RAM 8 8 - - Disk space for blobs (depends on usage; plan for ~1GB per active user as a baseline) 10 10 + - A server :p 11 11 + - Disk space enough for blobs (depends on usage; plan for ~1GB per active user as a baseline) 9 12 - A domain name pointing to your server's IP 10 13 - A wildcard TLS certificate for `*.pds.example.com` (user handles are served as subdomains) 11 11 - - Root or sudo access 14 14 + - Root/sudo/doas access 12 15 13 13 - ## System Setup 16 16 + ## System setup 14 17 15 18 ```bash 16 19 apt update && apt upgrade -y 17 20 apt install -y curl git build-essential pkg-config libssl-dev 18 21 ``` 19 22 20 20 - ## Install Rust 23 23 + ## Install rust 21 24 22 25 ```bash 23 26 curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y ··· 38 41 sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE pds TO tranquil_pds;" 39 42 ``` 40 43 41 41 - ## Create Blob Storage Directories 44 44 + ## Create blob storage directories 42 45 43 46 ```bash 44 47 mkdir -p /var/lib/tranquil/blobs /var/lib/tranquil/backups ··· 54 57 echo 'export PATH="$HOME/.deno/bin:$PATH"' >> ~/.bashrc 55 58 ``` 56 59 57 57 - ## Clone and Build Tranquil PDS 60 60 + ## Clone and build Tranquil PDS 58 61 59 62 ```bash 60 63 cd /opt ··· 66 69 cargo build --release 67 70 ``` 68 71 69 69 - ## Install sqlx-cli and Run Migrations 70 70 - 71 71 - ```bash 72 72 - cargo install sqlx-cli --no-default-features --features postgres 73 73 - export DATABASE_URL="postgres://tranquil_pds:your-secure-password@localhost:5432/pds" 74 74 - sqlx migrate run 75 75 - ``` 76 76 - 77 72 ## Configure Tranquil PDS 78 73 79 74 ```bash 80 75 mkdir -p /etc/tranquil-pds 81 81 - cp /opt/tranquil-pds/.env.example /etc/tranquil-pds/tranquil-pds.env 82 82 - chmod 600 /etc/tranquil-pds/tranquil-pds.env 76 76 + cp /opt/tranquil-pds/example.toml /etc/tranquil-pds/config.toml 77 77 + chmod 600 /etc/tranquil-pds/config.toml 83 78 ``` 84 79 85 85 - Edit `/etc/tranquil-pds/tranquil-pds.env` and fill in your values. Generate secrets with: 80 80 + Edit `/etc/tranquil-pds/config.toml` and fill in your values. Generate secrets with: 86 81 ```bash 87 82 openssl rand -base64 48 88 83 ``` 89 84 90 90 - ## Install Frontend Files 85 85 + > **Note:** Every config option can also be set via environment variables 86 86 + > (see comments in `example.toml`). Environment variables always take 87 87 + > precedence over the config file. You can also pass the config file path 88 88 + > via the `TRANQUIL_PDS_CONFIG` env var instead of `--config`. 91 89 90 90 + You can validate your configuration before starting the service: 92 91 ```bash 92 92 + /usr/local/bin/tranquil-pds --config /etc/tranquil-pds/config.toml validate 93 93 + ``` 94 94 + 95 95 + ## Install frontend files 96 96 + 97 97 + ```bash 93 98 mkdir -p /var/www/tranquil-pds 94 99 95 100 chown -R www-data:www-data /var/www/tranquil-pds 96 101 ``` 97 102 98 98 - ## Create Systemd Service 103 103 + ## Create systemd service 99 104 100 105 ```bash 101 106 useradd -r -s /sbin/nologin tranquil-pds ··· 110 115 Type=simple 111 116 User=tranquil-pds 112 117 Group=tranquil-pds 113 113 - EnvironmentFile=/etc/tranquil-pds/tranquil-pds.env 114 114 - ExecStart=/usr/local/bin/tranquil-pds 118 118 + ExecStart=/usr/local/bin/tranquil-pds --config /etc/tranquil-pds/config.toml 115 119 Restart=always 116 120 RestartSec=5 117 121 ProtectSystem=strict ··· 127 131 systemctl start tranquil-pds 128 132 ``` 129 133 130 130 - ## Install and Configure nginx 134 134 + ## Install and configure nginx 131 135 132 136 ```bash 133 137 apt install -y nginx certbot python3-certbot-nginx ··· 272 276 systemctl reload nginx 273 277 ``` 274 278 275 275 - ## Obtain Wildcard SSL Certificate 279 279 + ## Obtain a wildcard SSL cert 276 280 277 281 User handles are served as subdomains (eg., `alice.pds.example.com`), so you need a wildcard certificate. 278 282 ··· 297 301 systemctl reload nginx 298 302 ``` 299 303 300 300 - ## Configure Firewall 304 304 + ## Configure firewall if you're into that sort of thing 301 305 302 306 ```bash 303 307 apt install -y ufw ··· 307 311 ufw enable 308 312 ``` 309 313 310 310 - ## Verify Installation 314 314 + ## Verify installation 311 315 312 316 ```bash 313 317 systemctl status tranquil-pds ··· 331 335 systemctl stop tranquil-pds 332 336 cp target/release/tranquil-pds /usr/local/bin/ 333 337 cp -r frontend/dist/* /var/www/tranquil-pds/ 334 334 - DATABASE_URL="postgres://tranquil_pds:your-secure-password@localhost:5432/pds" sqlx migrate run 335 338 systemctl start tranquil-pds 336 339 ``` 337 340 341 341 + Tranquil should auto-migrate if there are any new migrations to be applied to the db, so you don't need to worry. 342 342 + 338 343 Backup database: 339 344 ```bash 340 345 sudo -u postgres pg_dump pds > /var/backups/pds-$(date +%Y%m%d).sql 341 346 ``` 342 347 343 343 - ## Custom Homepage 348 348 + ## Custom homepage 344 349 345 350 Drop a `homepage.html` in `/var/www/tranquil-pds/` and it becomes your landing page. Account dashboard is at `/app/` so you won't break anything. 346 351

+6 -3

docs/install-kubernetes.md

··· 1 1 + # Tranquil PDS on kubernetes 1 1 - # Tranquil PDS on Kubernetes 2 2 3 3 If you're reaching for kubernetes for this app, you're experienced enough to know how to spin up: 4 4 ··· 9 9 You'll need a wildcard TLS certificate for `*.your-pds-hostname.example.com`. User handles are served as subdomains. 10 10 11 11 The container image expects: 12 12 + - A TOML config file mounted at `/etc/tranquil-pds/config.toml` (or passed via `--config`) 12 13 - `DATABASE_URL` - postgres connection string 13 14 - `BLOB_STORAGE_PATH` - path to blob storage (mount a PV here) 14 15 - `BACKUP_STORAGE_PATH` - path for repo backups (optional but recommended) 15 16 - `PDS_HOSTNAME` - your PDS hostname (without protocol) 16 17 - `JWT_SECRET`, `DPOP_SECRET`, `MASTER_KEY` - generate with `openssl rand -base64 48` 17 18 - `CRAWLERS` - typically `https://bsky.network` 19 19 + 20 20 + and more, check the example.toml for all options. Environment variables can override any TOML value. 21 21 + You can also point to a config file via the `TRANQUIL_PDS_CONFIG` env var. 18 18 - and more, check the .env.example. 19 22 20 23 Health check: `GET /xrpc/_health` 21 24 25 25 + ## Custom homepage 22 22 - ## Custom Homepage 23 26 24 27 Mount a ConfigMap with your `homepage.html` into the container's frontend directory and it becomes your landing page. Go nuts with it. Account dashboard is at `/app/` so you won't break anything. 25 28

+509

example.toml

··· 1 1 + [server] 2 2 + # Public hostname of the PDS (e.g. `pds.example.com`). 3 3 + # 4 4 + # Can also be specified via environment variable `PDS_HOSTNAME`. 5 5 + # 6 6 + # Required! This value must be specified. 7 7 + #hostname = 8 8 + 9 9 + # Address to bind the HTTP server to. 10 10 + # 11 11 + # Can also be specified via environment variable `SERVER_HOST`. 12 12 + # 13 13 + # Default value: "127.0.0.1" 14 14 + #host = "127.0.0.1" 15 15 + 16 16 + # Port to bind the HTTP server to. 17 17 + # 18 18 + # Can also be specified via environment variable `SERVER_PORT`. 19 19 + # 20 20 + # Default value: 3000 21 21 + #port = 3000 22 22 + 23 23 + # List of domains for user handles. 24 24 + # Defaults to the PDS hostname when not set. 25 25 + # 26 26 + # Can also be specified via environment variable `PDS_USER_HANDLE_DOMAINS`. 27 27 + #user_handle_domains = 28 28 + 29 29 + # List of domains available for user registration. 30 30 + # Defaults to the PDS hostname when not set. 31 31 + # 32 32 + # Can also be specified via environment variable `AVAILABLE_USER_DOMAINS`. 33 33 + #available_user_domains = 34 34 + 35 35 + # Enable PDS-hosted did:web identities. Hosting did:web requires a 36 36 + # long-term commitment to serve DID documents; opt-in only. 37 37 + # 38 38 + # Can also be specified via environment variable `ENABLE_PDS_HOSTED_DID_WEB`. 39 39 + # 40 40 + # Default value: false 41 41 + #enable_pds_hosted_did_web = false 42 42 + 43 43 + # When set to true, skip age-assurance birthday prompt for all accounts. 44 44 + # 45 45 + # Can also be specified via environment variable `PDS_AGE_ASSURANCE_OVERRIDE`. 46 46 + # 47 47 + # Default value: false 48 48 + #age_assurance_override = false 49 49 + 50 50 + # Require an invite code for new account registration. 51 51 + # 52 52 + # Can also be specified via environment variable `INVITE_CODE_REQUIRED`. 53 53 + # 54 54 + # Default value: true 55 55 + #invite_code_required = true 56 56 + 57 57 + # Allow HTTP (non-TLS) proxy requests. Only useful during development. 58 58 + # 59 59 + # Can also be specified via environment variable `ALLOW_HTTP_PROXY`. 60 60 + # 61 61 + # Default value: false 62 62 + #allow_http_proxy = false 63 63 + 64 64 + # Disable all rate limiting. Should only be used in testing. 65 65 + # 66 66 + # Can also be specified via environment variable `DISABLE_RATE_LIMITING`. 67 67 + # 68 68 + # Default value: false 69 69 + #disable_rate_limiting = false 70 70 + 71 71 + # List of additional banned words for handle validation. 72 72 + # 73 73 + # Can also be specified via environment variable `PDS_BANNED_WORDS`. 74 74 + #banned_words = 75 75 + 76 76 + # URL to a privacy policy page. 77 77 + # 78 78 + # Can also be specified via environment variable `PRIVACY_POLICY_URL`. 79 79 + #privacy_policy_url = 80 80 + 81 81 + # URL to terms of service page. 82 82 + # 83 83 + # Can also be specified via environment variable `TERMS_OF_SERVICE_URL`. 84 84 + #terms_of_service_url = 85 85 + 86 86 + # Operator contact email address. 87 87 + # 88 88 + # Can also be specified via environment variable `CONTACT_EMAIL`. 89 89 + #contact_email = 90 90 + 91 91 + # Maximum allowed blob size in bytes (default 10 GiB). 92 92 + # 93 93 + # Can also be specified via environment variable `MAX_BLOB_SIZE`. 94 94 + # 95 95 + # Default value: 10737418240 96 96 + #max_blob_size = 10737418240 97 97 + 98 98 + [database] 99 99 + # PostgreSQL connection URL. 100 100 + # 101 101 + # Can also be specified via environment variable `DATABASE_URL`. 102 102 + # 103 103 + # Required! This value must be specified. 104 104 + #url = 105 105 + 106 106 + # Maximum number of connections in the pool. 107 107 + # 108 108 + # Can also be specified via environment variable `DATABASE_MAX_CONNECTIONS`. 109 109 + # 110 110 + # Default value: 100 111 111 + #max_connections = 100 112 112 + 113 113 + # Minimum number of idle connections kept in the pool. 114 114 + # 115 115 + # Can also be specified via environment variable `DATABASE_MIN_CONNECTIONS`. 116 116 + # 117 117 + # Default value: 10 118 118 + #min_connections = 10 119 119 + 120 120 + # Timeout in seconds when acquiring a connection from the pool. 121 121 + # 122 122 + # Can also be specified via environment variable `DATABASE_ACQUIRE_TIMEOUT_SECS`. 123 123 + # 124 124 + # Default value: 10 125 125 + #acquire_timeout_secs = 10 126 126 + 127 127 + [secrets] 128 128 + # Secret used for signing JWTs. Must be at least 32 characters in 129 129 + # production. 130 130 + # 131 131 + # Can also be specified via environment variable `JWT_SECRET`. 132 132 + #jwt_secret = 133 133 + 134 134 + # Secret used for DPoP proof validation. Must be at least 32 characters 135 135 + # in production. 136 136 + # 137 137 + # Can also be specified via environment variable `DPOP_SECRET`. 138 138 + #dpop_secret = 139 139 + 140 140 + # Master key used for key-encryption and HKDF derivation. Must be at 141 141 + # least 32 characters in production. 142 142 + # 143 143 + # Can also be specified via environment variable `MASTER_KEY`. 144 144 + #master_key = 145 145 + 146 146 + # PLC rotation key (DID key). If not set, user-level keys are used. 147 147 + # 148 148 + # Can also be specified via environment variable `PLC_ROTATION_KEY`. 149 149 + #plc_rotation_key = 150 150 + 151 151 + # Allow insecure/test secrets. NEVER enable in production. 152 152 + # 153 153 + # Can also be specified via environment variable `TRANQUIL_PDS_ALLOW_INSECURE_SECRETS`. 154 154 + # 155 155 + # Default value: false 156 156 + #allow_insecure = false 157 157 + 158 158 + [storage] 159 159 + # Storage backend: `filesystem` or `s3`. 160 160 + # 161 161 + # Can also be specified via environment variable `BLOB_STORAGE_BACKEND`. 162 162 + # 163 163 + # Default value: "filesystem" 164 164 + #backend = "filesystem" 165 165 + 166 166 + # Path on disk for the filesystem blob backend. 167 167 + # 168 168 + # Can also be specified via environment variable `BLOB_STORAGE_PATH`. 169 169 + # 170 170 + # Default value: "/var/lib/tranquil-pds/blobs" 171 171 + #path = "/var/lib/tranquil-pds/blobs" 172 172 + 173 173 + # S3 bucket name for blob storage. 174 174 + # 175 175 + # Can also be specified via environment variable `S3_BUCKET`. 176 176 + #s3_bucket = 177 177 + 178 178 + # Custom S3 endpoint URL (for MinIO, R2, etc.). 179 179 + # 180 180 + # Can also be specified via environment variable `S3_ENDPOINT`. 181 181 + #s3_endpoint = 182 182 + 183 183 + [backup] 184 184 + # Enable automatic backups. 185 185 + # 186 186 + # Can also be specified via environment variable `BACKUP_ENABLED`. 187 187 + # 188 188 + # Default value: true 189 189 + #enabled = true 190 190 + 191 191 + # Backup storage backend: `filesystem` or `s3`. 192 192 + # 193 193 + # Can also be specified via environment variable `BACKUP_STORAGE_BACKEND`. 194 194 + # 195 195 + # Default value: "filesystem" 196 196 + #backend = "filesystem" 197 197 + 198 198 + # Path on disk for the filesystem backup backend. 199 199 + # 200 200 + # Can also be specified via environment variable `BACKUP_STORAGE_PATH`. 201 201 + # 202 202 + # Default value: "/var/lib/tranquil-pds/backups" 203 203 + #path = "/var/lib/tranquil-pds/backups" 204 204 + 205 205 + # S3 bucket name for backups. 206 206 + # 207 207 + # Can also be specified via environment variable `BACKUP_S3_BUCKET`. 208 208 + #s3_bucket = 209 209 + 210 210 + # Number of backup revisions to keep per account. 211 211 + # 212 212 + # Can also be specified via environment variable `BACKUP_RETENTION_COUNT`. 213 213 + # 214 214 + # Default value: 7 215 215 + #retention_count = 7 216 216 + 217 217 + # Seconds between backup runs. 218 218 + # 219 219 + # Can also be specified via environment variable `BACKUP_INTERVAL_SECS`. 220 220 + # 221 221 + # Default value: 86400 222 222 + #interval_secs = 86400 223 223 + 224 224 + [cache] 225 225 + # Cache backend: `ripple` (default, built-in gossip) or `valkey`. 226 226 + # 227 227 + # Can also be specified via environment variable `CACHE_BACKEND`. 228 228 + # 229 229 + # Default value: "ripple" 230 230 + #backend = "ripple" 231 231 + 232 232 + # Valkey / Redis connection URL. Required when `backend = "valkey"`. 233 233 + # 234 234 + # Can also be specified via environment variable `VALKEY_URL`. 235 235 + #valkey_url = 236 236 + 237 237 + [cache.ripple] 238 238 + # Address to bind the Ripple gossip protocol listener. 239 239 + # 240 240 + # Can also be specified via environment variable `RIPPLE_BIND`. 241 241 + # 242 242 + # Default value: "0.0.0.0:0" 243 243 + #bind_addr = "0.0.0.0:0" 244 244 + 245 245 + # List of seed peer addresses. 246 246 + # 247 247 + # Can also be specified via environment variable `RIPPLE_PEERS`. 248 248 + #peers = 249 249 + 250 250 + # Unique machine identifier. Auto-derived from hostname when not set. 251 251 + # 252 252 + # Can also be specified via environment variable `RIPPLE_MACHINE_ID`. 253 253 + #machine_id = 254 254 + 255 255 + # Gossip protocol interval in milliseconds. 256 256 + # 257 257 + # Can also be specified via environment variable `RIPPLE_GOSSIP_INTERVAL_MS`. 258 258 + # 259 259 + # Default value: 200 260 260 + #gossip_interval_ms = 200 261 261 + 262 262 + # Maximum cache size in megabytes. 263 263 + # 264 264 + # Can also be specified via environment variable `RIPPLE_CACHE_MAX_MB`. 265 265 + # 266 266 + # Default value: 256 267 267 + #cache_max_mb = 256 268 268 + 269 269 + [plc] 270 270 + # Base URL of the PLC directory. 271 271 + # 272 272 + # Can also be specified via environment variable `PLC_DIRECTORY_URL`. 273 273 + # 274 274 + # Default value: "https://plc.directory" 275 275 + #directory_url = "https://plc.directory" 276 276 + 277 277 + # HTTP request timeout in seconds. 278 278 + # 279 279 + # Can also be specified via environment variable `PLC_TIMEOUT_SECS`. 280 280 + # 281 281 + # Default value: 10 282 282 + #timeout_secs = 10 283 283 + 284 284 + # TCP connect timeout in seconds. 285 285 + # 286 286 + # Can also be specified via environment variable `PLC_CONNECT_TIMEOUT_SECS`. 287 287 + # 288 288 + # Default value: 5 289 289 + #connect_timeout_secs = 5 290 290 + 291 291 + # Seconds to cache DID documents in memory. 292 292 + # 293 293 + # Can also be specified via environment variable `DID_CACHE_TTL_SECS`. 294 294 + # 295 295 + # Default value: 300 296 296 + #did_cache_ttl_secs = 300 297 297 + 298 298 + [firehose] 299 299 + # Size of the in-memory broadcast buffer for firehose events. 300 300 + # 301 301 + # Can also be specified via environment variable `FIREHOSE_BUFFER_SIZE`. 302 302 + # 303 303 + # Default value: 10000 304 304 + #buffer_size = 10000 305 305 + 306 306 + # How many hours of historical events to replay for cursor-based 307 307 + # firehose connections. 308 308 + # 309 309 + # Can also be specified via environment variable `FIREHOSE_BACKFILL_HOURS`. 310 310 + # 311 311 + # Default value: 72 312 312 + #backfill_hours = 72 313 313 + 314 314 + # Maximum number of lagged events before disconnecting a slow consumer. 315 315 + # 316 316 + # Can also be specified via environment variable `FIREHOSE_MAX_LAG`. 317 317 + # 318 318 + # Default value: 5000 319 319 + #max_lag = 5000 320 320 + 321 321 + # List of relay / crawler notification URLs. 322 322 + # 323 323 + # Can also be specified via environment variable `CRAWLERS`. 324 324 + #crawlers = 325 325 + 326 326 + [email] 327 327 + # Sender email address. When unset, email sending is disabled. 328 328 + # 329 329 + # Can also be specified via environment variable `MAIL_FROM_ADDRESS`. 330 330 + #from_address = 331 331 + 332 332 + # Display name used in the `From` header. 333 333 + # 334 334 + # Can also be specified via environment variable `MAIL_FROM_NAME`. 335 335 + # 336 336 + # Default value: "Tranquil PDS" 337 337 + #from_name = "Tranquil PDS" 338 338 + 339 339 + # Path to the `sendmail` binary. 340 340 + # 341 341 + # Can also be specified via environment variable `SENDMAIL_PATH`. 342 342 + # 343 343 + # Default value: "/usr/sbin/sendmail" 344 344 + #sendmail_path = "/usr/sbin/sendmail" 345 345 + 346 346 + [discord] 347 347 + # Discord bot token. When unset, Discord integration is disabled. 348 348 + # 349 349 + # Can also be specified via environment variable `DISCORD_BOT_TOKEN`. 350 350 + #bot_token = 351 351 + 352 352 + [telegram] 353 353 + # Telegram bot token. When unset, Telegram integration is disabled. 354 354 + # 355 355 + # Can also be specified via environment variable `TELEGRAM_BOT_TOKEN`. 356 356 + #bot_token = 357 357 + 358 358 + # Secret token for incoming webhook verification. 359 359 + # 360 360 + # Can also be specified via environment variable `TELEGRAM_WEBHOOK_SECRET`. 361 361 + #webhook_secret = 362 362 + 363 363 + [signal] 364 364 + # Path to the `signal-cli` binary. 365 365 + # 366 366 + # Can also be specified via environment variable `SIGNAL_CLI_PATH`. 367 367 + # 368 368 + # Default value: "/usr/local/bin/signal-cli" 369 369 + #cli_path = "/usr/local/bin/signal-cli" 370 370 + 371 371 + # Sender phone number. When unset, Signal integration is disabled. 372 372 + # 373 373 + # Can also be specified via environment variable `SIGNAL_SENDER_NUMBER`. 374 374 + #sender_number = 375 375 + 376 376 + [notifications] 377 377 + # Polling interval in milliseconds for the comms queue. 378 378 + # 379 379 + # Can also be specified via environment variable `NOTIFICATION_POLL_INTERVAL_MS`. 380 380 + # 381 381 + # Default value: 1000 382 382 + #poll_interval_ms = 1000 383 383 + 384 384 + # Number of notifications to process per batch. 385 385 + # 386 386 + # Can also be specified via environment variable `NOTIFICATION_BATCH_SIZE`. 387 387 + # 388 388 + # Default value: 100 389 389 + #batch_size = 100 390 390 + 391 391 + [sso] 392 392 + [sso.github] 393 393 + # Default value: false 394 394 + #enabled = false 395 395 + 396 396 + #client_id = 397 397 + 398 398 + #client_secret = 399 399 + 400 400 + #display_name = 401 401 + 402 402 + [sso.discord] 403 403 + # Default value: false 404 404 + #enabled = false 405 405 + 406 406 + #client_id = 407 407 + 408 408 + #client_secret = 409 409 + 410 410 + #display_name = 411 411 + 412 412 + [sso.google] 413 413 + # Default value: false 414 414 + #enabled = false 415 415 + 416 416 + #client_id = 417 417 + 418 418 + #client_secret = 419 419 + 420 420 + #display_name = 421 421 + 422 422 + [sso.gitlab] 423 423 + # Default value: false 424 424 + #enabled = false 425 425 + 426 426 + #client_id = 427 427 + 428 428 + #client_secret = 429 429 + 430 430 + #issuer = 431 431 + 432 432 + #display_name = 433 433 + 434 434 + [sso.oidc] 435 435 + # Default value: false 436 436 + #enabled = false 437 437 + 438 438 + #client_id = 439 439 + 440 440 + #client_secret = 441 441 + 442 442 + #issuer = 443 443 + 444 444 + #display_name = 445 445 + 446 446 + [sso.apple] 447 447 + # Can also be specified via environment variable `SSO_APPLE_ENABLED`. 448 448 + # Default value: false 449 449 + #enabled = false 450 450 + 451 451 + # Can also be specified via environment variable `SSO_APPLE_CLIENT_ID`. 452 452 + #client_id = 453 453 + 454 454 + # Can also be specified via environment variable `SSO_APPLE_TEAM_ID`. 455 455 + #team_id = 456 456 + 457 457 + # Can also be specified via environment variable `SSO_APPLE_KEY_ID`. 458 458 + #key_id = 459 459 + 460 460 + # Can also be specified via environment variable `SSO_APPLE_PRIVATE_KEY`. 461 461 + #private_key = 462 462 + 463 463 + [moderation] 464 464 + # External report-handling service URL. 465 465 + # 466 466 + # Can also be specified via environment variable `REPORT_SERVICE_URL`. 467 467 + #report_service_url = 468 468 + 469 469 + # DID of the external report-handling service. 470 470 + # 471 471 + # Can also be specified via environment variable `REPORT_SERVICE_DID`. 472 472 + #report_service_did = 473 473 + 474 474 + [import] 475 475 + # Whether the PDS accepts repo imports. 476 476 + # 477 477 + # Can also be specified via environment variable `ACCEPTING_REPO_IMPORTS`. 478 478 + # 479 479 + # Default value: true 480 480 + #accepting = true 481 481 + 482 482 + # Maximum allowed import archive size in bytes (default 1 GiB). 483 483 + # 484 484 + # Can also be specified via environment variable `MAX_IMPORT_SIZE`. 485 485 + # 486 486 + # Default value: 1073741824 487 487 + #max_size = 1073741824 488 488 + 489 489 + # Maximum number of blocks allowed in an import. 490 490 + # 491 491 + # Can also be specified via environment variable `MAX_IMPORT_BLOCKS`. 492 492 + # 493 493 + # Default value: 500000 494 494 + #max_blocks = 500000 495 495 + 496 496 + # Skip CAR verification during import. Only for development/debugging. 497 497 + # 498 498 + # Can also be specified via environment variable `SKIP_IMPORT_VERIFICATION`. 499 499 + # 500 500 + # Default value: false 501 501 + #skip_verification = false 502 502 + 503 503 + [scheduled] 504 504 + # Interval in seconds between scheduled delete checks. 505 505 + # 506 506 + # Can also be specified via environment variable `SCHEDULED_DELETE_CHECK_INTERVAL_SECS`. 507 507 + # 508 508 + # Default value: 3600 509 509 + #delete_check_interval_secs = 3600

flake.nix

This file has not been changed.

+2 -2

frontend/public/homepage.html

··· 420 420 and alerts, granular OAuth scopes with human-readable descriptions, 421 421 app passwords with configurable permissions (read-only, post-only, 422 422 or custom scopes), account delegation with permission levels and 423 423 + audit logging, and a built-in web UI for account management, 424 424 + repo browsing, and admin. 423 423 - audit logging, and a built-in web UI for account management, OAuth 424 424 - consent, repo browsing, and admin. 425 425 </p> 426 426 </div> 427 427 </section>

module.nix

This file has not been changed.

test.nix

This file has not been changed.