flkn/tranquil-pds
1
0
Fork 0
mirror of https://tangled.org/tranquil.farm/tranquil-pds synced 2026-05-24 20:40:18 -07:00
Code Issues Projects Releases Packages 1 Wiki Activity
No description
373 commits 7 branches 0 tags 6.7 MiB
  • Rust 87.1%
  • Svelte 5.6%
  • TypeScript 5.1%
  • CSS 1.4%
  • Nix 0.3%
  • Other 0.4%
Find a file
Exact
Lewis 86c5995568
 fix(config): signal gate is useless since needs admin work to activate anyway 
Lewis: May this revision serve well! <lu5a@proton.me>
2026-05-24 22:50:14 +03:00
.config feat(tranquil-comms): prework for email 2026-05-02 22:28:59 +03:00
.sqlx feat(auth): verification-gate override, inbound-migration bypass, store deleter improvement 2026-05-23 23:02:43 +03:00
.tangled/workflows fix(ci): dont pass cachix cache name as a secret so it doesnt get redacted from CI logs 2026-05-17 17:07:34 +02:00
crates fix(config): signal gate is useless since needs admin work to activate anyway 2026-05-24 22:50:14 +03:00
deploy refactor(deploy): container-first cleanup, drop debian malware-style install 2026-04-27 00:13:27 +03:00
docs fix(docs): markdown is tricky ... 2026-05-19 21:30:35 +02:00
frontend fix(config): signal gate is useless since needs admin work to activate anyway 2026-05-24 22:50:14 +03:00
migrations feat(auth): verification-gate override, inbound-migration bypass, store deleter improvement 2026-05-23 23:02:43 +03:00
observability feat: docs tweaks & standalone frontend 2026-01-18 16:41:41 +00:00
scripts chore: add plc directory for local dev 2026-05-19 19:46:58 +03:00
.envrc source .env in devshell if one is pressent 2025-12-28 13:09:01 +00:00
.gitignore chore: add frontend service to docker compose 2026-05-19 19:46:58 +03:00
Cargo.lock build: bump workspace to 0.6.2 2026-05-17 12:32:05 +03:00
Cargo.toml build: bump workspace to 0.6.2 2026-05-17 12:32:05 +03:00
config.dev.toml chore: add app service with cargo-watch 2026-05-19 19:46:58 +03:00
CONTRIBUTING.md feat(docs): first version of 'when PRing' section of contrib 2026-05-21 22:46:59 +03:00
default.nix fix(nix): allow fetch Git deps 2026-04-09 21:30:03 +00:00
docker-compose.prod.yaml refactor(deploy): container-first cleanup, drop debian malware-style install 2026-04-27 00:13:27 +03:00
docker-compose.yaml chore: add mailpit for local dev 2026-05-19 19:46:58 +03:00
Dockerfile fix(Dockerfile): pnpm v11 build errors 2026-05-14 09:56:07 +03:00
Dockerfile.dev chore: add app service with cargo-watch 2026-05-19 19:46:58 +03:00
example.toml fix(config): signal gate is useless since needs admin work to activate anyway 2026-05-24 22:50:14 +03:00
flake.lock fix(nix): build against pnpm 11 2026-05-14 21:37:28 +03:00
flake.nix fix(nix): build against pnpm 11 2026-05-14 21:37:28 +03:00
frontend.nix build(nix): frontend pin pnpm 2026-05-22 23:24:45 +03:00
justfile feat(auth): verification-gate override, inbound-migration bypass, store deleter improvement 2026-05-23 23:02:43 +03:00
KNOWN_ISSUES.md General linting, document react-native-streamplace-oauth-problem 2026-01-05 23:08:25 +02:00
LICENSE add license information 2025-12-25 18:57:18 +00:00
LICENSE-AGPL-3.0-or-later add license information 2025-12-25 18:57:18 +00:00
LICENSE-CC-BY-SA-4.0 add license information 2025-12-25 18:57:18 +00:00
module.nix chore(nix): remove sendmail 2026-05-02 23:32:57 +03:00
nginx.conf fix: container build should use all-in-one backend+frontend 2026-03-07 21:06:25 +00:00
README.md feat(docs): init better docs 2026-05-19 20:45:50 +03:00
shell.nix build(frontend): use pnpm 2026-04-12 16:01:21 +00:00
test.nix fix(backups): remove useless backups concept 2026-03-18 12:17:33 +00:00
traefik.dev.yaml chore: add traefik for local dev certs and routing 2026-05-19 19:46:58 +03:00
TRANQUIL_OWN_DB_RFC.txt feat(rfc): outline tranquil-store idea for comment 2026-03-22 18:54:51 +02:00

README.md

Tranquil PDS

A Personal Data Server for the AT Protocol.

"A what for the what?" -> glad you asked: Bluesky, Tangled, and a bunch of other web applications use a federated protocol called AT Protocol (atproto). Your account lives on a PDS, a server that stores your posts, profile, follows, cryptographic keys, et cetera. The beauty is that a PDS is the only place your data lives permanently - so you can navigate any atproto app knowing that your data is yours and not getting locked behind any one app's walls.

We came together to make this PDS to enable and empower our users to better host their data on this shared protocol. All of our decisions as a project are guided by their usefulness to the community: PDS hosters and end-users both.

Comparatively: Bluesky the company created a "reference PDS" that we can self-host quite easily, and that's great, but Bluesky has an incentive to make software for themselvess first & foremost, then secondly their software can be useful for us self-hosters. In contrast, Tranquil is not from a company, and will never be.

What's different about Tranquil PDS

It is a superset of the reference PDS, including:

  • passkeys and 2FA: WebAuthn/FIDO2, TOTP, backup codes, trusted devices
  • SSO login and signup
  • did:web support: PDS-hosted subdomains or bring-your-own
  • multi-channel communication: you can be notified via email, discord, telegram, and signal for verification and alerts
  • granular OAuth scopes with a consent UI that allows unchecking specific scopes
  • app passwords with the same granular permission scope system as OAuth
  • account delegation: letting others manage an account with configurable permission levels
  • a built-in web UI for account management, repo browsing, and admin

Unlike the ref PDS, Tranquil itself is compiled to a single binary with no nodeJS runtime. However, at time of writing, Tranquil requires postgres running separately.

Quick Start

cp example.toml config.toml
podman compose up db -d
just run

Configuration

See example.toml for all configuration options.

Note

The order of configuration precedence is: environment variables, then a config file passed via --config, then /etc/tranquil-pds/config.toml, then the built-in defaults. So you can use environment variables, or a config file, or both.

Development

Run just to see available commands.

just test
just lint

Nix users can enter a devshell with nix develop, or direnv allow to auto-enter via the bundled .envrc. Pre-built artifacts (including the devshell) are available from our binary cache.

Production Deployment

Quick Deploy (Docker/Podman Compose)

Edit config.toml with your values. Generate secrets with openssl rand -base64 48.

cp example.toml config.toml
podman-compose -f docker-compose.prod.yaml up -d

Installation Guides

Community

"Let's connect!" or whatever linkedin-types say

We currently don't have a shared space to chat and organize Tranquil things, but we're very interested in changing that in the near future. What do you suggest? Anything but a discord server.

Core team

Amazing contributers

Tranquil PDS instances in the wild!

Special thanks

This project is very grateful to @nonbinary.computer, @juliet.paris, @mary.my.id, @baileytownsend.dev, and @ptr.pet for their help and their code to lean on.

License

AGPL-3.0-or-later. Documentation is CC BY-SA 4.0. See LICENSE for details.