I decided to setup a Bluesky PDS; It’s a pretty straightforward process but their are some things to watch out for.
Table of contents
Open Table of contents
Intro
A few years ago, Twitter was my primary home on social media. I found a virtual community there that really helped me internally process some aspects of life that were a struggle at the time. When it was bought out I mostly migrated my social presence to Mastodon which I really love. I continued to check-in on Twitter though and the online folks I enjoyed following there. With the changes to the block function on twitter though, almost all have migrated elsewhere (unfortunately not Mastodon though). Most ended up moving to Bluesky. I was already crossposting my Mastodon posts there because I could and thought it was a social network worth keeping an eyeon. With this move of online “friends” there though I decided to go ahead and make it more official by setting up a Personal Data Server (PDS) so that I’d be in control of my content. I thought I’d write about that process here because it wasn’t as documented as I would like and I had several issues to troubleshoot.
Get Yourself Ready
To setup the PDS, you need:
- a domain with a DNS zone you can access
- a VPS (or similar) where you can install the PDS
- signup for a free resend account.
The domain can be anything, as long as you can create DNS records. For the VPS, Bluesky recommends 1GB of RAM and 20GB of Storage. If a VPS is what you are in the market for, check Lowendtalk for some deals. If available, this deal is particularly enticing.
Get the Domain Ready for Bluesky
For the domain, decide what you are going to do. I have this domain (krrd.ing) as my web presence so I decided to use a subdomain on it (bsky.krrd.ing). This means I needed to make two A Record changes:
- A bsky 1.2.3.4
- A *.bsky 1.2.3.4
Make sure the IPs are for your VPS (not 1.2.3.4). The second wild card domain is important as it prevents your handle from showing as Invalid on your Bluesky profile.
Get the VPS Ready
This isn’t meant to be a full on VPS tutorial but I’ll give you my process in brief:
- Login and make sure the root password is hardened and you have an authorized key set for SSH.
- Make sure everything is up to date.
- Install Tailscale and login to it.
- Setup UFW appropriately. Here this means:
- Default Incoming is set to Deny
- Default Outgoing is set to Allow
- 22 isn’t allowed
- 80 & 443 are allowed (for the PDS)
- Allow in on Tailscale0
- Fix UFW for Docker (See here.
- Install any additional logging or monitoring agents.
Get Resend ready
Resend is a service that lets you send email from the PDS. It’s pretty much necessary for email verification (sorry). There are other options you can use but Resend has a generous free tier that is more than sufficient. Anyways, sign up and setup a domain. You’ll need to add some more DNS records for this part. I opted to use resend.krrd.ing so had to add three provided by Resend:
- MX send.resend
- TXT send.resend
- TXT resend._domainkey.resend
You’ll also need to click on “API Keys” in the left sidebar and create a new API Key with send access to that domain. Make sure to copy the API Key down because you’ll need it.
Install the PDS
At this point, if you’ve done the above, you are positioned pretty well I think. So move on to the install phase. You can find install instructions from Bluesky here. Basically, run these two commands in order:
wget https://raw.githubusercontent.com/bluesky-social/pds/main/installer.sh
sudo bash installer.sh
This will start the installer. As a part of install you’ll be asked to setup the first account (at least I was) - go ahead and do that and make note of the password and info. You won’t be asked for SMTP info though (which I think was a miss). To set this up, enter this command:
vi /pds/pds.env
A code editor with a file of variables should pop up. you need to add these two lines:
PDS_EMAIL_SMTP_URL=smtps://resend:<your api key here>@smtp.resend.com:465/
PDS_EMAIL_FROM_ADDRESS=admin@your.domain
Make the from address on the domain of the API key you set up in Resend (and make sure to add in your API key above). After you do that, restart the PDS:
systemctl restart pds
Test it all out
Go to the Bluesky web app and login! Hopefully it will let you! More than likely you’ll be asked to verify your email - go ahead and do this! Assuming this all works, you are good to go!
Comments
Like or Reply to this post on Bluesky! Tap here to join the conversation.