From 983d0f981c08e4f456a06ffcd85adf72ce85882d Mon Sep 17 00:00:00 2001
From: Nicholas McDaniel <nickmcdaniel00@gmail.com>
Date: Fri, 23 Jan 2026 22:23:35 -0500
Subject: [PATCH] Properly proxy .well-known to the atproto PDS

---
 modules/nginx.nix | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/modules/nginx.nix b/modules/nginx.nix
index ec6f425..db18a81 100644
--- a/modules/nginx.nix
+++ b/modules/nginx.nix
@@ -22,8 +22,6 @@
     systemd.tmpfiles.rules = [
         # Core Web Directory
         "d /var/www/tty.garden - root nginx -"
-        # Well-known storage
-        "d /var/www/well-known - root nginx -"
         # Mirrors
         "d /var/www/mirror - root nginx -"
         "d /var/www/mirror/maple - ahill nginx -"
@@ -34,6 +32,15 @@
         addSSL = true;
         useACMEHost = "tty.garden";
         acmeRoot = null;
+    };
+    pdsProxy = {
+        # Used for handle verification
+        proxyPass = "http://127.0.0.1:3001";
+        extraConfig =
+        ''
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        '';
     }; in {
         enable = true;
         
@@ -41,12 +48,7 @@
             "tty.garden" = vhostDefault // {
                 root = "/var/www/tty.garden";
 
-                # TODO: User public_html folders
-                # Use disable symlinks with `if_not_owner` and from=$HOME for user
-
-                locations."^~ /.well-known/" = {
-                    alias = "/var/www/well-known/";
-                };
+                locations."^~ /.well-known/" = pdsProxy;
             };
             "seed.tty.garden" = vhostDefault // {
                 locations."/" = {
@@ -68,6 +70,9 @@
                     proxyWebsockets = true;
                 };
             };
+            "*.tty.garden" = vhostDefault // {
+                locations."~/.well-known/" = pdsProxy;
+            };
         };
     };
 }