starshard/tranquil-pds
2
Fork 0
mirror of https://tangled.org/tranquil.farm/tranquil-pds synced 2026-04-10 21:22:33 +00:00
Code Packages 1 Activity
ATProto Personal Data Server software
281 commits 6 branches 0 tags 4.6 MiB
  • Rust 86%
  • Svelte 6%
  • TypeScript 5.4%
  • CSS 1.6%
  • Nix 0.3%
  • Other 0.6%
Find a file
Exact
Lewis 05246aec58
 feat(tranquil-store): gc and hardening 
Lewis: May this revision serve well! <lu5a@proton.me>
2026-04-10 13:57:47 +03:00
.config feat(tranquil-store): gc and hardening 2026-04-10 13:57:47 +03:00
.sqlx feat(tranquil-store): gc and hardening 2026-04-10 13:57:47 +03:00
.tangled/workflows fix(ci): dont run it at all for now. it doesnt work with the currently spindles 2026-04-01 23:45:03 +02:00
crates feat(tranquil-store): gc and hardening 2026-04-10 13:57:47 +03:00
deploy feat: add back built-in frontend hosting to the backend 2026-03-06 20:21:10 +00:00
docs fix(backups): remove useless backups concept 2026-03-18 12:17:33 +00:00
frontend feat(signal): add admin UI, frontend, and build changes 2026-03-22 07:14:20 +00:00
migrations feat(tranquil-store): gc and hardening 2026-04-10 13:57:47 +03:00
observability feat: docs tweaks & standalone frontend 2026-01-18 16:41:41 +00:00
scripts fix(backups): remove useless backups concept 2026-03-18 12:17:33 +00:00
.envrc source .env in devshell if one is pressent 2025-12-28 13:09:01 +00:00
.gitignore remove local references from .gitignore 2026-01-28 17:42:13 +00:00
Cargo.lock feat(tranquil-store): gc and hardening 2026-04-10 13:57:47 +03:00
Cargo.toml feat(tranquil-store): whole test suite working 2026-04-10 13:57:44 +03:00
default.nix fix(nix): allow fetch Git deps 2026-04-09 21:30:03 +00:00
docker-compose.prod.yaml fix(backups): remove useless backups concept 2026-03-18 12:17:33 +00:00
docker-compose.yaml fix(backups): remove useless backups concept 2026-03-18 12:17:33 +00:00
Dockerfile feat(tranquil-store): whole test suite working 2026-04-10 13:57:44 +03:00
example.toml feat(tranquil-store): gc and hardening 2026-04-10 13:57:47 +03:00
flake.lock feat(nix): derivation for frontend 2026-01-28 17:42:13 +00:00
flake.nix feat: actual good config from Isabel 2026-02-21 20:51:03 +00:00
frontend.nix feat(nix): derivation for frontend 2026-01-28 17:42:13 +00:00
justfile feat(tranquil-store): gc and hardening 2026-04-10 13:57:47 +03:00
KNOWN_ISSUES.md General linting, document react-native-streamplace-oauth-problem 2026-01-05 23:08:25 +02:00
LICENSE add license information 2025-12-25 18:57:18 +00:00
LICENSE-AGPL-3.0-or-later add license information 2025-12-25 18:57:18 +00:00
LICENSE-CC-BY-SA-4.0 add license information 2025-12-25 18:57:18 +00:00
module.nix Further harden systemd service 2026-03-31 22:25:11 +00:00
nginx.conf fix: container build should use all-in-one backend+frontend 2026-03-07 21:06:25 +00:00
README.md fix: update docs for toml env 2026-02-23 10:36:58 +00:00
shell.nix feat(nix): remove mold from the dev shell and add cargo nextest 2026-03-07 15:20:21 +00:00
test.nix fix(backups): remove useless backups concept 2026-03-18 12:17:33 +00:00
TRANQUIL_OWN_DB_RFC.txt feat(rfc): outline tranquil-store idea for comment 2026-03-22 18:54:51 +02:00

README.md

Tranquil PDS

A Personal Data Server for the AT Protocol.

Bluesky runs on a federated protocol called AT Protocol. Your account lives on a PDS, a server that stores your posts, profile, follows, and cryptographic keys. Bluesky hosts one for you at bsky.social, but you can run your own. Self-hosting means you control your data; you're not dependent on any company's servers, and your account + data is actually yours.

This particular PDS thrives under harsh conditions. It is a dandelion growing through the cracks in the sidewalk concrete.

It has full compatibility with Bluesky's reference PDS.

What's different about Tranquil PDS

It is a superset of the reference PDS, including: passkeys and 2FA (WebAuthn/FIDO2, TOTP, backup codes, trusted devices), SSO login and signup, did:web support (PDS-hosted subdomains or bring-your-own), multi-channel communication (email, discord, telegram, signal) for verification and alerts, granular OAuth scopes with a consent UI showing human-readable descriptions, app passwords with granular permissions (read-only, post-only, or custom scopes), account delegation (letting others manage an account with configurable permission levels), and a built-in web UI for account management, repo browsing, and admin.

The PDS itself is a single binary with no nodeJS runtime. However, at time of writing, Tranquil requires postgres running separately. Blobs are stored on the local filesystem by default (S3 optional). Valkey is also optional (as an alternative to the built-in cache).

Quick Start

cp example.toml config.toml
podman compose up db -d
just run

Configuration

See example.toml for all configuration options.

Note

The order of configuration precedence is: environment variables, then a config file passed via --config, then /etc/tranquil-pds/config.toml, then the built-in defaults. So you can use environment variables, or a config file, or both.

Development

Run just to see available commands.

just test
just lint

Production Deployment

Quick Deploy (Docker/Podman Compose)

Edit config.toml with your values. Generate secrets with openssl rand -base64 48.

cp example.toml config.toml
podman-compose -f docker-compose.prod.yaml up -d

Installation Guides

Maintainers to ping

Thanks

This project is very grateful to @nonbinary.computer, @juli.ee, @mary.my.id, and @baileytownsend.dev for their help and their code to lean on.

License

AGPL-3.0-or-later. Documentation is CC BY-SA 4.0. See LICENSE for details.