docs/bsky/didweb/README.md


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

# Setting up a Bluesky did:web account

- PDS provisioning
  - `civo sshkey create`
  - Terraform to create instance
  - Find ubuntu diskimage
  - Create instance
  - Install Docker and Docker Compose
  - Setup rclone for backups
  - Set AWS route53 zone
  - `engram.within.website`
- Install PDS
  - curl2bash
  - manually patched script to support ubuntu 24.04
  - root is a reserved username, okay
- Test login
  - Can't verify email address
- Making did:web account hosting stuff
  - Point cetacean.club to Tigris
  - tigris bucket
  - Route 53 doesn't allow CNAME at the apex domain
  - Had to use the DNS provider to get the IP addresses of Tigris
  - Nope, tigris wants a CNAME, failing to the.cetacean.club
- did:web account
  - generate privkey / pubkey
    - put in 1password
  - generate did.json
  - upload to tigris
  - I put the DID document in the wrong place
    - fuck I needed to do this:
      ```sh
      aws s3 cp did.json s3://the.cetacean.club/.well-known/did.json
      ```
  - Create invite code with pdsadmin
  - Sign up
    ```json
    {
      "level": 50,
      "time": 1732561457309,
      "pid": 7,
      "hostname": "engram",
      "name": "xrpc-server",
      "status": 400,
      "message": "External handle did not resolve to DID",
      "msg": "error in xrpc method com.atproto.server.createAccount"
    }
    ```
  - add DNS and HTTP verification
    ```hcl
    resource "aws_route53_record" "_atproto_the_cetacean_club" {
      zone_id = data.aws_route53_zone.cetacean_club.zone_id
      name = "_atproto.${tigris_bucket.the-cetacean.bucket}"
      type = "TXT"
      ttl = "3600"
      records = ["did=did:web:the.cetacean.club"]
    }
    ```
    HTTP:
    ```
    did:web:the.cetacean.club
    ```
    Then:
    ```
    aws s3 cp atproto-did s3://the.cetacean.club/.well-known/atproto-did
    ```
  - how to verify/activate your account
    - register account
    - set token in environment
    - Get reccomended did credentials .verificationMethods.atproto
    - s/did:key://
    - Put in did.json .verificationMethod[0].publicKeyMultibase
    - activate account
    - skeet: https://bsky.app/profile/the.cetacean.club/post/3lbsasfpb2s2m