edouard.paris / atproto-nix-env
Flake to setup a local env for atproto development
fork atom

move security at the end

edouard.paris 42e4a510 cd4581c9

verified
+12 -12
unified split
+12 -12
README.md
··· 2 3 A Nix-based development environment for running AT Protocol services (PDS, PLC, Caddy proxy, and MailHog). 4 5 - ## ⚠️ Security Warning 6 - 7 - **This environment uses a modified AT Protocol relay with SSRF protection disabled.** 8 - 9 - - The relay is built from a forked repository (`edouardparis/indigo`) with SSRF (Server-Side Request Forgery) protections disabled 10 - - Custom ports are allowed without restrictions 11 - - **This configuration is ONLY safe for local development environments** 12 - - **DO NOT use this relay configuration against external hosts or in production** 13 - - **DO NOT expose this relay to the internet** 14 - 15 - This setup is designed for controlled local testing where you need flexibility in network access that would normally be restricted for security reasons. 16 - 17 ## Prerequisites 18 19 1. **Install mkcert** (required for SSL certificate generation): ··· 110 - `tmux kill-session -t atproto` - Stop all services 111 - `nix run .#mailhog` - Start MailHog (run separately if needed) 112 - `nix run .#generate-certs` - Generate SSL certificates
··· 2 3 A Nix-based development environment for running AT Protocol services (PDS, PLC, Caddy proxy, and MailHog). 4 5 ## Prerequisites 6 7 1. **Install mkcert** (required for SSL certificate generation): ··· 98 - `tmux kill-session -t atproto` - Stop all services 99 - `nix run .#mailhog` - Start MailHog (run separately if needed) 100 - `nix run .#generate-certs` - Generate SSL certificates 101 + 102 + ## ⚠️ Security Warning 103 + 104 + **This environment uses a modified AT Protocol relay with SSRF protection disabled.** 105 + 106 + - The relay is built from a forked repository (`edouardparis/indigo`) with SSRF (Server-Side Request Forgery) protections disabled 107 + - Custom ports are allowed without restrictions 108 + - **This configuration is ONLY safe for local development environments** 109 + - **DO NOT use this relay configuration against external hosts or in production** 110 + - **DO NOT expose this relay to the internet** 111 + 112 + This setup is designed for controlled local testing where you need flexibility in network access that would normally be restricted for security reasons.