recipe-maintainers/bluesky-pds
0
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity
Files
db7911b66422bcc5ff9db50bca57cf09177d7d21
bluesky-pds/README.md
notplants db7911b664 first commit
2026-02-22 04:58:07 +00:00

2.9 KiB
Raw Blame History

bluesky-pds

  • Category: Apps
  • Status: 0
  • Image: ghcr.io/bluesky-social/pds
  • Healthcheck: Yes
  • Backups: No
  • Email: No
  • Tests: No
  • SSO: No

About

A Bluesky PDS (Personal Data Server) is a self-hosted server for the AT Protocol, allowing you to own your social data and federate with the Bluesky network.

Basic usage

  1. Set up Docker Swarm and abra
  2. Deploy coop-cloud/traefik
  3. abra app new bluesky-pds (do not use --secrets yet, see below)
  4. abra app config YOURAPPDOMAIN - set DOMAIN to something that resolves to your Docker swarm box
  5. Generate the PLC rotation key and create secrets (see below)
  6. abra app deploy YOURAPPDOMAIN
  7. Verify the PDS is running: curl https://YOURAPPDOMAIN/xrpc/_health

Generating secrets

The JWT secret and admin password can be generated automatically:

abra app secret generate YOURAPPDOMAIN pds_jwt_secret v1
abra app secret generate YOURAPPDOMAIN pds_admin_password v1

The PLC rotation key is a secp256k1 private key and must be generated manually:

openssl ecparam --name secp256k1 --genkey --noout --outform DER | \
  tail --bytes=+8 | head --bytes=32 | xxd --plain --cols 32

Then store it as a secret:

abra app secret insert YOURAPPDOMAIN pds_plc_rotation_key v1 <THE_KEY_HEX>

Account management

Create an account on your PDS:

abra app run YOURAPPDOMAIN app -- \
  goat pds admin account create \
    --admin-password "$(abra app secret get YOURAPPDOMAIN pds_admin_password v1)" \
    --handle user.YOURAPPDOMAIN \
    --email user@example.com \
    --password yourpassword

Create an invite code:

abra app run YOURAPPDOMAIN app -- \
  goat pds admin account create-invite \
    --admin-password "$(abra app secret get YOURAPPDOMAIN pds_admin_password v1)"

Handle configuration

User handles on a PDS can work in two ways:

  1. Subdomain handles (e.g. user.pds.example.com): Requires a wildcard DNS record (*.pds.example.com) pointing to your server, and wildcard TLS certificates (which require DNS challenge configuration in Traefik).

  2. Domain handles (e.g. user.com): Users can use their own domain as a handle by adding a DNS TXT record at _atproto.user.com with the value did=did:plc:<their-did>. This works without any additional server configuration.

Domain handles are recommended for most deployments as they don't require wildcard TLS configuration.

DNS setup

At minimum, create an A record pointing your PDS domain to your server:

pds.example.com    A    <server-ip>

For subdomain handles, also add a wildcard record:

*.pds.example.com  A    <server-ip>