docs/bsky: add didweb notes

Signed-off-by: Xe Iaso <me@xeiaso.net>
author: Xe Iaso <me@xeiaso.net> 2024-11-25 14:35:35 -0500
committer: Xe Iaso <me@xeiaso.net> 2024-11-25 14:35:35 -0500
commit: cdba95496fd16baca8b6bcd7bb03302b73813dc1 (patch)
tree: 7b784a27ccdeba389da1b301ba2952796917e146 /docs
parent: 26a583da49b53045f17bec1260aeb1803cda6760 (diff)
download: x-cdba95496fd16baca8b6bcd7bb03302b73813dc1.tar.xz
x-cdba95496fd16baca8b6bcd7bb03302b73813dc1.zip
8 files changed, 331 insertions, 0 deletions
diff --git a/docs/bsky/didweb/.gitignore b/docs/bsky/didweb/.gitignore
new file mode 100644
index 0000000..a4158b5
--- /dev/null
+++ b/docs/bsky/didweb/.gitignore
@@ -0,0 +1,2 @@
+.terraform
+*.tfvars
+\ No newline at end of file
diff --git a/docs/bsky/didweb/.terraform.lock.hcl b/docs/bsky/didweb/.terraform.lock.hcl
new file mode 100644
index 0000000..8dc4ceb
--- /dev/null
+++ b/docs/bsky/didweb/.terraform.lock.hcl
@@ -0,0 +1,89 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/civo/civo" {
+  version     = "1.1.3"
+  constraints = "1.1.3"
+  hashes = [
+    "h1:l4+kmXE5jHofaP/4++KRsoYqkIxuJVQfPen0KQFKZjo=",
+    "zh:177592943d76741a26cb2c0ebae2daa500ae6b24c57fbc219d9e8a340636a8a3",
+    "zh:23d0b24a2e5f6244bf3201a91541cff937bcecb54f74f5a5c80ab0abb03546ab",
+    "zh:2b33ba25afb5027a328779687fb17d2c8d5d6be014eb0c0a0f12dc14c86bf494",
+    "zh:2e606551866b8193b664ef33a66a9de904bfead28882438987c3759f2e26df85",
+    "zh:34b689522ed1805287a184bc742ea6b3cea232aed1eaf447b17fb3be184878d5",
+    "zh:3de4397259fd68d0a1ba599055cdfd40416f392100b6364db23e2e985384b1f1",
+    "zh:6faf59b9a3578946361efa5efcfeda24528b31ebc4e1f4a5b1c043d97b2d215b",
+    "zh:8117b08d32f9ccc4a544539634081fc9a6d346e71349d843dc115193958d57c4",
+    "zh:beced6c9983e761cd43076f47e0970ef40ada60f698b99808fa2394ccc89de68",
+    "zh:cf7faacc99969d3226c492997d5bec8f6a9d01e4e983942778fcee1422e2f71f",
+    "zh:dea995ffabf11a2cc8dd56bcb4a13345ac30803490676a56935f98f5a94f14a7",
+    "zh:e3c3c4701ea325bb556dc4d52db72882f68b3bd6dace2bbf7ef368ee79bc535a",
+    "zh:f3cb1738ebb0ca1be98e5a7943a2144d71f177743f71640a70d493bc0bfaeea1",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "5.77.0"
+  constraints = "~> 5.0"
+  hashes = [
+    "h1:9lQ7FpLAN1+Bt1eb/daWlyl2N9aWsBTw2tgLR/hxODE=",
+    "zh:0bb61ed8a86a231e466ceffd010cb446418483853aa7e35ecb628cf578fa3905",
+    "zh:15d37511e55db46a50e703195858b816b7bbfd7bd6d193abf45aec1cb31cfc29",
+    "zh:1cdaec2ca4408e90aee6ea550ff4ff01a46033854c26d71309541975aa6317bd",
+    "zh:1dd2d1af44004b35a1597e82f9aa9d6396a77808371aa4dfd2045a2a144b7329",
+    "zh:329bf790ef57b29b95eee847090bffb74751b2b5e5a4c23e07367cc0bf9cce10",
+    "zh:40949e13342a0a738036e66420b7a546bda91ef68038981badbe454545076f16",
+    "zh:5674eb93c8edd308abac408ae45ee90e59e171d45011f00f5036ff4d43a1de52",
+    "zh:747624ce0e938dd773bca295df226d39d425d3805e6afe50248159d0f2ec6d3a",
+    "zh:761795909c5cba10f138d276384fb034031eb1e8c5cdfe3b93794c8a78d909ce",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:9b95901dae3f2c7eea870d57940117ef5391676689efc565351bb087816674e4",
+    "zh:9bb86e159828dedc1302844d29ee6d79d6fee732c830a36838c359b9319ab304",
+    "zh:9e72dfbd7c28da259d51af92c21e580efd0045103cba2bb01cd1a8acb4185883",
+    "zh:a226b88521022598d1be8361b4f2976834d305ff58c8ea9b9a12c82f9a23f2c2",
+    "zh:faabcdfa36365359dca214da534cfb2fd5738edb40786c2afd09702f42ad1651",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/dns" {
+  version     = "3.4.2"
+  constraints = "3.4.2"
+  hashes = [
+    "h1:2r/hFLnTWnZiIKrxwCrkSH7X2F12fu8BJzuRjHYA45M=",
+    "zh:75e40862402368e23cd298b62519203621cf4891b95e1c863530bf7d8e9614e6",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:7a660fbfe5f83d7b94fd5b4cc9bf10d2f6ae280779839f4b7f183c7db5f1e368",
+    "zh:7c8c3499fb015d2a877a645ffd0225c3fdb4e8b71c044ff242762a1aed2a28e6",
+    "zh:954f20a96c8d6a04961896137bc004dae19fdaaaf8fd29229fb6ebc98ccac040",
+    "zh:96bd331cdd3673037e679b20cbf64e02e16f16f05a8c5dc2567c484fdd271d48",
+    "zh:96f83dfaeba393b1cf17feef05f25ffc4083432c1e3336a28977e626aac6eb53",
+    "zh:c663da6c3fda06a69d082d23935cebc34c7dc1b898e03a825b50628ad0e0ba71",
+    "zh:d0cc78a4f9444efe52764a57e7159b217181e0fd4ab4a610fa3bf7839bd94b02",
+    "zh:d1e938eec2c7ec946775bf984e79b3c66440fe3c08c3662bf0b40d3097985ed9",
+    "zh:dee0ccb0588f4c4224fe36e50f649ae36add82d72ccbf070800438860da820ac",
+    "zh:f2b3be35c8c97ed58f7d01ac532207fc816514eda639dcd3fd1929f5f5be369f",
+  ]
+}
+
+provider "registry.terraform.io/tigrisdata/tigris" {
+  version     = "1.0.4"
+  constraints = "1.0.4"
+  hashes = [
+    "h1:N8nGj/+sRgOnbsmGai9fgBY5qMPuJKJZXlC2y7ZaRW4=",
+    "zh:2a31ba3b0ef6b4a4b9ab09284c1950e22329332f98688ed98c79eb0d6863ef6c",
+    "zh:34d930e4c24c2a24b6c35eced4d9c923dde8b6ac43f0b0725f3c28cc1d1bf7e6",
+    "zh:418bec5ded4514a544aa1809b9727adf2db9c35ea6ed15fce5bf4b3e29b4586d",
+    "zh:49ca8bbdfa692467345dbebe9c06c9fcde96ed9c6b99279bdcee4e8d4b37a87a",
+    "zh:532d94eaccd8e06fb7e6eec93fbc13ab197d6d95fd364ebfe88b589baeb2195c",
+    "zh:5869a5058e55af6a3fc4e787b13b77b6defdb8b5b5c6a17b129bd6c77b48cdf9",
+    "zh:5f032c4161077beb79a438c70b6fa5db8e2b5760812279170231e03b62cb7bde",
+    "zh:89389a804df402ded764c1e3723a0d9e78570ffa586e79d09ccf8bc377e85653",
+    "zh:8cc26d19034f063a08c1339b8d10e1387ef6d7ca329b50e9c839a929ce50a296",
+    "zh:a9bbd7d96d1720b732d21b0f1e8cf95df444a17c1161233f13c2017e85168b3b",
+    "zh:b5d333b0892926c49ed3e46d4fa58f09d421d17da9ef684a6e5edc79272ae29b",
+    "zh:b6f3e08a59ab063ab223a59877ca6196e6275a30503e03118f5cab021e2e69e8",
+    "zh:eb8e80bdab81f8c41b34e6d19223f698ec373f2974bb538493b310af67bf7ed9",
+    "zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32",
+    "zh:fc5e5b6dfbd62ca11ed069770625f97cc8d77e53d05057e5e5e2584dc089877a",
+  ]
+}
diff --git a/docs/bsky/didweb/README.md b/docs/bsky/didweb/README.md
new file mode 100644
index 0000000..a7523be
--- /dev/null
+++ b/docs/bsky/didweb/README.md
@@ -0,0 +1,71 @@
+# Setting up a Bluesky did:web account
+
+- PDS provisioning
+  - `civo sshkey create`
+  - Terraform to create instance
+  - Find ubuntu diskimage
+  - Create instance
+  - Install Docker and Docker Compose
+  - Setup rclone for backups
+  - Set AWS route53 zone
+  - `engram.within.website`
+- Install PDS
+  - curl2bash
+  - manually patched script to support ubuntu 24.04
+  - root is a reserved username, okay
+- Test login
+  - Can't verify email address
+- Making did:web account hosting stuff
+  - Point cetacean.club to Tigris
+  - tigris bucket
+  - Route 53 doesn't allow CNAME at the apex domain
+  - Had to use the DNS provider to get the IP addresses of Tigris
+  - Nope, tigris wants a CNAME, failing to the.cetacean.club
+- did:web account
+  - generate privkey / pubkey
+    - put in 1password
+  - generate did.json
+  - upload to tigris
+  - I put the DID document in the wrong place
+    - fuck I needed to do this:
+      ```sh
+      aws s3 cp did.json s3://the.cetacean.club/.well-known/did.json
+      ```
+  - Create invite code with pdsadmin
+  - Sign up
+    ```json
+    {
+      "level": 50,
+      "time": 1732561457309,
+      "pid": 7,
+      "hostname": "engram",
+      "name": "xrpc-server",
+      "status": 400,
+      "message": "External handle did not resolve to DID",
+      "msg": "error in xrpc method com.atproto.server.createAccount"
+    }
+    ```
+  - add DNS and HTTP verification
+    ```hcl
+    resource "aws_route53_record" "_atproto_the_cetacean_club" {
+      zone_id = data.aws_route53_zone.cetacean_club.zone_id
+      name = "_atproto.${tigris_bucket.the-cetacean.bucket}"
+      type = "TXT"
+      ttl = "3600"
+      records = ["did=did:web:the.cetacean.club"]
+    }
+    ```
+    HTTP:
+    ```
+    did:web:the.cetacean.club
+    ```
+    Then:
+    ```
+    aws s3 cp atproto-did s3://the.cetacean.club/.well-known/atproto-did
+    ```
+  - how to verify/activate your account
+    - register account
+    - set token in environment
+    - Get reccomended did credentials .verificationMethods.atproto
+    - s/did:key://
+    - Put in did.json .verificationMethod[0].publicKeyMultibase
diff --git a/docs/bsky/didweb/assimilate.sh b/docs/bsky/didweb/assimilate.sh
new file mode 100644
index 0000000..ae1a39f
--- /dev/null
+++ b/docs/bsky/didweb/assimilate.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+set -ex
+
+# Docker
+apt-get update
+apt-get -y install ca-certificates curl
+install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+chmod a+r /etc/apt/keyrings/docker.asc
+
+echo \
+  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
+  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+  tee /etc/apt/sources.list.d/docker.list > /dev/null
+
+apt-get update
+
+apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+
+adduser civo docker
+
+# rclone
+curl https://rclone.org/install.sh | sudo bash
+\ No newline at end of file
diff --git a/docs/bsky/didweb/didweb.tf b/docs/bsky/didweb/didweb.tf
new file mode 100644
index 0000000..611e996
--- /dev/null
+++ b/docs/bsky/didweb/didweb.tf
@@ -0,0 +1,34 @@
+data "aws_route53_zone" "cetacean_club" {
+  name = "cetacean.club."
+}
+
+resource "tigris_bucket" "the-cetacean" {
+  bucket = "the.cetacean.club"
+}
+
+resource "tigris_bucket_public_access" "the-cetacean" {
+  bucket              = tigris_bucket.the-cetacean.bucket
+  acl                 = "public-read"
+  public_list_objects = false
+}
+
+resource "tigris_bucket_website_config" "the-cetacean" {
+  bucket      = tigris_bucket.the-cetacean.bucket
+  domain_name = tigris_bucket.the-cetacean.bucket
+}
+
+resource "aws_route53_record" "the-cetacean-club--CNAME" {
+  zone_id = data.aws_route53_zone.cetacean_club.zone_id
+  name    = tigris_bucket.the-cetacean.bucket
+  type    = "CNAME"
+  ttl     = "3600"
+  records = ["${tigris_bucket.the-cetacean.bucket}.fly.storage.tigris.dev"]
+}
+
+resource "aws_route53_record" "_atproto_the_cetacean_club" {
+  zone_id = data.aws_route53_zone.cetacean_club.zone_id
+  name    = "_atproto.${tigris_bucket.the-cetacean.bucket}"
+  type    = "TXT"
+  ttl     = "3600"
+  records = ["did=did:web:the.cetacean.club"]
+}
+\ No newline at end of file
diff --git a/docs/bsky/didweb/main.tf b/docs/bsky/didweb/main.tf
new file mode 100644
index 0000000..8ff785d
--- /dev/null
+++ b/docs/bsky/didweb/main.tf
@@ -0,0 +1,33 @@
+terraform {
+  backend "s3" {
+    bucket = "within-tf-state"
+    key    = "shitposting/bsky-pds"
+    region = "us-east-1"
+  }
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+
+    civo = {
+      source  = "civo/civo"
+      version = "1.1.3"
+    }
+
+    tigris = {
+      source  = "tigrisdata/tigris"
+      version = "1.0.4"
+    }
+  }
+}
+
+provider "civo" {
+  region = "nyc1"
+}
+
+provider "tigris" {
+  access_key = var.tigris_access_key_id
+  secret_key = var.tigris_secret_access_key
+}
+\ No newline at end of file
diff --git a/docs/bsky/didweb/pds.tf b/docs/bsky/didweb/pds.tf
new file mode 100644
index 0000000..a79fea2
--- /dev/null
+++ b/docs/bsky/didweb/pds.tf
@@ -0,0 +1,69 @@
+data "aws_route53_zone" "within_website" {
+  name = "within.website."
+}
+
+data "civo_ssh_key" "shiroko" {
+  name = "shiroko"
+}
+
+data "civo_disk_image" "ubuntu" {
+  filter {
+    key    = "name"
+    values = ["ubuntu-noble"]
+  }
+}
+
+resource "civo_network" "pds" {
+  label = "bsky-pds"
+}
+
+resource "civo_firewall" "pds" {
+  name                 = "bsky-pds"
+  network_id           = civo_network.pds.id
+  create_default_rules = false
+
+  ingress_rule {
+    label      = "yolo"
+    protocol   = "tcp"
+    port_range = "1-65535"
+    cidr       = ["0.0.0.0/0"]
+    action     = "allow"
+  }
+
+  egress_rule {
+    label      = "yolo"
+    protocol   = "tcp"
+    port_range = "1-65535"
+    cidr       = ["0.0.0.0/0"]
+    action     = "allow"
+  }
+}
+
+resource "civo_instance" "engram" {
+  hostname    = "engram"
+  tags        = ["xe", "pds"]
+  notes       = "Bluesky PDS for pds.within.website"
+  sshkey_id   = data.civo_ssh_key.shiroko.id
+  firewall_id = civo_firewall.pds.id
+  network_id  = civo_network.pds.id
+  size        = "g4s.xsmall"
+  disk_image  = data.civo_disk_image.ubuntu.diskimages[0].id
+  script      = file("${path.module}/assimilate.sh")
+  volume_type = "ms-xfs-2-replicas"
+}
+
+resource "aws_route53_record" "engram-within-website--A" {
+  zone_id = data.aws_route53_zone.within_website.zone_id
+  name    = "engram.${data.aws_route53_zone.within_website.name}"
+  type    = "A"
+  ttl     = "3600"
+  records = [civo_instance.engram.public_ip]
+}
+
+resource "aws_route53_record" "star-engram-within-website--A" {
+  zone_id = data.aws_route53_zone.within_website.zone_id
+  name    = "*.engram.${data.aws_route53_zone.within_website.name}"
+  type    = "A"
+  ttl     = "3600"
+  records = [civo_instance.engram.public_ip]
+}
+\ No newline at end of file
diff --git a/docs/bsky/didweb/vars.tf b/docs/bsky/didweb/vars.tf
new file mode 100644
index 0000000..3b3a530
--- /dev/null
+++ b/docs/bsky/didweb/vars.tf
@@ -0,0 +1,9 @@
+variable "tigris_access_key_id" {
+  type      = string
+  sensitive = true
+}
+
+variable "tigris_secret_access_key" {
+  type      = string
+  sensitive = true
+}
+\ No newline at end of file
author	Xe Iaso <me@xeiaso.net>	2024-11-25 14:35:35 -0500
committer	Xe Iaso <me@xeiaso.net>	2024-11-25 14:35:35 -0500
commit	cdba95496fd16baca8b6bcd7bb03302b73813dc1 (patch)
tree	7b784a27ccdeba389da1b301ba2952796917e146 /docs
parent	26a583da49b53045f17bec1260aeb1803cda6760 (diff)
download	x-cdba95496fd16baca8b6bcd7bb03302b73813dc1.tar.xz x-cdba95496fd16baca8b6bcd7bb03302b73813dc1.zip