A from-scratch atproto PDS implementation that dreams of becoming "production grade" software (it isn't, yet).
millipds is a successor to DavidBuchanan314/picopds, which is even more minimalist, but hacky and no longer maintained.
It works to the extent that it can "federate" with the rest of the atproto network, but there are a lot of rough edges still. I wouldn't currently recommend using it for anything other than testing or experimentation (although, due to the nature of atproto, if you don't like it you can seamlessly migrate your whole account elsewhere). Until millipds reaches v1.0.0, I reserve the right to make breaking DB schema changes without providing a migration path.
It depends on DavidBuchanan314/atmst for implementing logic related to the Merkle Search Tree data structure, and DavidBuchanan314/dag-cbrrr for DAG-CBOR parsing and serialisation.
See #12 for an incomplete list of differences between this implementation and the reference implementation.
git clone https://github.com/DavidBuchanan314/millipds
cd millipds
python3 -m pip install -e .
(note: I have no idea what I'm doing with this!)
podman build -f millipds_dev.dockerfile -t millipds_dev
podman run --rm -it -p 8123:8123 millipds_dev
# create group for service socket access
sudo addgroup millipds-sock
# create unprivileged user
sudo adduser --system --shell /bin/false --home /opt/millipds millipds
# add the user to the group (leaving its primary group as the default)
sudo usermod -aG millipds-sock millipds
# start a shell session under the new user
sudo -u millipds -s
# all commands below this point are run as the millipds user
# create a virtualenv (maybe this will prove unnecessary, but it probably doesn't hurt)
python3 -m venv ~/.venv
# activate the virtualenv (this must be re-run every time you want to use it)
source ~/.venv/bin/activate
# all commands below this point are run inside the virtualenv
# upgrade pip (maybe optional, again, probably doesn't hurt)
python3 -m pip install --upgrade pip
# install millipds
python3 -m pip install --upgrade millipds@git+https://github.com/DavidBuchanan314/millipds
sudo -u millipds -s
source ~/.venv/bin/activate
python3 -m pip install --upgrade --force-reinstall --no-cache-dir millipds@git+https://github.com/DavidBuchanan314/millipds
sudo systemctl restart millipds
Create a systemd service
ExecStart=/opt/millipds/.venv/bin/millipds run --sock_path=/run/millipds/millipds.sock
TODO: put this file in the repo so it can be copied into place more easily.
Put this in /etc/systemd/system/millipds.service
Create a new nginx config:
upstream millipds {
server unix:/run/millipds/millipds.sock fail_timeout=0;
server {
listen 80;
server_name millipds.test; # CHANGEME!
location / {
proxy_pass http://millipds;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_read_timeout 1d;
proxy_redirect off;
proxy_buffering off;
access_log off;
TODO: is fail_timeout=0 sensible?
Put this in /etc/nginx/sites-enabled/millipds
Note: For a prod setup, you'll need to enable SSL. That's outside the scope of this guide, but one way is "once you have the service accessible via HTTP, use certbot"
Add the user that nginx runs under (www-data
) to the millipds-sock
sudo adduser www-data millipds-sock
Start the service:
sudo systemctl start millipds # make it start now
sudo systemctl enable millipds # make it start on every boot
systemctl status millipds # check that it's running
sudo systemctl reload nginx # get nginx to see your new config
Useful command for watching the logs:
sudo journalctl -u millipds.service -f
export HANDLE=alice.example.com
export PDS_HOST=$(echo $HANDLE | sed -e 's/^\w*\.//')
millipds util keygen > atproto-private.pem
export REPO_PUBKEY=$(millipds util print_pubkey atproto-private.pem)
millipds util plcgen --handle "${HANDLE}" --pds_host "${PDS_HOST}" --repo_pubkey "${REPO_PUBKEY}" --rotation_key atproto-private.pem --genesis_json atproto-genesis.json | tee atproto-did-plc.txt
export DID_PLC=$(cat atproto-did-plc.txt)
millipds account create "${DID_PLC}" "${HANDLE}" --signing_key atproto-private.pem