"jwt expired" errors on bsky.app to hosted PDS

[matildepark]

Hi there! I broke it.

Migrated to a new account hosted on my own PDS — I made one change to the installer script where I enforced that the DATADIR should be /hdd/pds and not /pds; I amended the Docker compose.yaml and the script so that it wouldn't change all /pds mentions to /hdd/pds and the server runs.

health check is okay. The migration, apparently, went okay too, no error from goat. I had to manually validate my email because I had no SMTP server; I just did it in the database.

But when I sign into the account with bsky.app, while I successfully get a jwt issued, every request to the PDS errors out with "jwt expired." We can successfully hit /xrpc/com.atproto.server.createSession and we get jwts, but /xrpc/chat.bsky.convo.listConvos?limit=1 and onward return jwtExpired errors and 401s, as though we didn't store the jwt token at all.

The token db is empty; refresh_token has a few in it, all of this for my did.

Any pointers on what's missing the handoff to validate the jwt? Is something hardcoded in the container for /pds mount?

Even inside the container — both source and target are set to the /hdd/pds folder, and amending the target in the container to /pds breaks it ("can't find Database"), so it seems to expect the new path inside the container, too.

Maybe we can change the mount and the env variable for the datadir to point /hdd/pds to /pds and align it inside the container?

[matildepark]

I unbroke it! My date was wrong!