From f3d2dee4708b47a8ab5e11b47e6f47768e552a84 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Fri, 26 Apr 2024 10:31:47 +0000
Subject: [PATCH] lemmy: fix federation (broke due to invalid HTTP signatures)

---
 hosts/by-name/servo/services/lemmy.nix | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/hosts/by-name/servo/services/lemmy.nix b/hosts/by-name/servo/services/lemmy.nix
index c6aab8db..23879db5 100644
--- a/hosts/by-name/servo/services/lemmy.nix
+++ b/hosts/by-name/servo/services/lemmy.nix
@@ -68,6 +68,17 @@ in {
   services.nginx.virtualHosts."lemmy.uninsane.org" = {
     forceSSL = true;
     enableACME = true;
+    # XXX(2024/04/25): fix that incoming federation actions are rejected for invalid HTTP signatures.
+    # see: <https://github.com/NixOS/nixpkgs/pull/284562#issuecomment-2079104081>
+    # of all these, we only *need* the `Host` header. the others are just nice-to-have.
+    locations."/".extraConfig = ''
+      proxy_set_header        Host $host;
+      proxy_set_header        X-Real-IP $remote_addr;
+      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header        X-Forwarded-Proto $scheme;
+      proxy_set_header        X-Forwarded-Host $host;
+      proxy_set_header        X-Forwarded-Server $host;
+    '';
   };
 
   sane.dns.zones."uninsane.org".inet.CNAME."lemmy" = "native";