lemmy: upstream the proxy headers

hosts/by-name/servo/services/lemmy.nix

@@ -68,17 +68,6 @@ in {
   services.nginx.virtualHosts."lemmy.uninsane.org" = {
     forceSSL = true;
     enableACME = true;
-    # XXX(2024/04/25): fix that incoming federation actions are rejected for invalid HTTP signatures.
-    # see: <https://github.com/NixOS/nixpkgs/pull/284562#issuecomment-2079104081>
-    # of all these, we only *need* the `Host` header. the others are just nice-to-have.
-    locations."/".extraConfig = ''
-      proxy_set_header        Host $host;
-      proxy_set_header        X-Real-IP $remote_addr;
-      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header        X-Forwarded-Proto $scheme;
-      proxy_set_header        X-Forwarded-Host $host;
-      proxy_set_header        X-Forwarded-Server $host;
-    '';
   };
 
   sane.dns.zones."uninsane.org".inet.CNAME."lemmy" = "native";

nixpatches/list.nix

@@ -32,6 +32,14 @@ in [
   # etc, where "date" is like "20240228181608"
   # and can be found with `nix-repl  > :lf .  > lastModifiedDate`
 
+  (fetchpatch' {
+    # see: <https://github.com/NixOS/nixpkgs/pull/284562#issuecomment-2079104081>
+    title = "nixos/lemmy: fix nginx backend to proxy needed headers";
+    prUrl = "https://github.com/NixOS/nixpkgs/pull/306984";
+    saneCommit = "bd87a38b86f889a6902a356ab415eeead881766b";
+    hash = "sha256-53X4ssdp02C8NOUL5mlbhR7qwE9/KWp6iLmz1ljJopE=";
+  })
+
   (fetchpatch' {
     title = "libjxl: fix cross compilation by only conditionally enabling plugins";
     prUrl = "https://github.com/NixOS/nixpkgs/pull/306127";