nixos/lemmy: fix nginx backend to proxy needed headers

the nix `recommendedProxySettings` optiononly takes effect if `proxyPass`
is set, but since we manually invoke `proxy_pass` inside nginx we need
to also manually specify proxy settings. failing to do so leads to
symptoms such as "Incoming activity has invalid signature".
see: <https://github.com/LemmyNet/lemmy/issues/3273>

nixos/modules/services/web-apps/lemmy.nix

@@ -204,7 +204,6 @@ in
           };
           "/" = {
             # mixed frontend and backend requests, based on the request headers
-            recommendedProxySettings = true;
             extraConfig = ''
               set $proxpass "${ui}";
               if ($http_accept = "application/activity+json") {
@@ -221,6 +220,11 @@ in
               rewrite ^(.+)/+$ $1 permanent;
 
               proxy_pass $proxpass;
+              # Proxied `Host` header is required to validate ActivityPub HTTP signatures for incoming events.
+              # The other headers are optional, for the sake of better log data.
+              proxy_set_header X-Real-IP $remote_addr;
+              proxy_set_header Host $host;
+              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             '';
           };
         };