edouard.paris / atproto-nix-env
Flake to setup a local env for atproto development
fork atom

move security at the end

edouard.paris 42e4a510 cd4581c9

verified
options
unified split
Changed files
+12 -12
README.md
+12 -12
README.md 
···

       
2

       
2

       
 

       



     

       
3

       
3

       
 

       
A Nix-based development environment for running AT Protocol services (PDS, PLC, Caddy proxy, and MailHog).


     

       
4

       
4

       
 

       



     

       
5

       

       
-

       
## ⚠️ Security Warning


     

       
6

       

       
-

       



     

       
7

       

       
-

       
**This environment uses a modified AT Protocol relay with SSRF protection disabled.** 


     

       
8

       

       
-

       



     

       
9

       

       
-

       
- The relay is built from a forked repository (`edouardparis/indigo`) with SSRF (Server-Side Request Forgery) protections disabled


     

       
10

       

       
-

       
- Custom ports are allowed without restrictions


     

       
11

       

       
-

       
- **This configuration is ONLY safe for local development environments**


     

       
12

       

       
-

       
- **DO NOT use this relay configuration against external hosts or in production**


     

       
13

       

       
-

       
- **DO NOT expose this relay to the internet**


     

       
14

       

       
-

       



     

       
15

       

       
-

       
This setup is designed for controlled local testing where you need flexibility in network access that would normally be restricted for security reasons.


     

       
16

       

       
-

       



     

       
17

       
5

       
 

       
## Prerequisites


     

       
18

       
6

       
 

       



     

       
19

       
7

       
 

       
1. **Install mkcert** (required for SSL certificate generation):


     
···

       
110

       
98

       
 

       
- `tmux kill-session -t atproto` - Stop all services


     

       
111

       
99

       
 

       
- `nix run .#mailhog` - Start MailHog (run separately if needed)


     

       
112

       
100

       
 

       
- `nix run .#generate-certs` - Generate SSL certificates


     

       

       
101

       
+

       



     

       

       
102

       
+

       
## ⚠️ Security Warning


     

       

       
103

       
+

       



     

       

       
104

       
+

       
**This environment uses a modified AT Protocol relay with SSRF protection disabled.** 


     

       

       
105

       
+

       



     

       

       
106

       
+

       
- The relay is built from a forked repository (`edouardparis/indigo`) with SSRF (Server-Side Request Forgery) protections disabled


     

       

       
107

       
+

       
- Custom ports are allowed without restrictions


     

       

       
108

       
+

       
- **This configuration is ONLY safe for local development environments**


     

       

       
109

       
+

       
- **DO NOT use this relay configuration against external hosts or in production**


     

       

       
110

       
+

       
- **DO NOT expose this relay to the internet**


     

       

       
111

       
+

       



     

       

       
112

       
+

       
This setup is designed for controlled local testing where you need flexibility in network access that would normally be restricted for security reasons.