diff --git a/hosts/web-2/clerie.nix b/hosts/web-2/clerie.nix
index b658a65..f6e300c 100644
--- a/hosts/web-2/clerie.nix
+++ b/hosts/web-2/clerie.nix
@@ -1,6 +1,12 @@
 { ... }:
 
-{
+let
+  website = fetchGit {
+    url = "https://git.clerie.de/clerie/clerie.de.git";
+    ref = "main";
+    rev = "23e7b06dc15a8dcc320b2db9508e2192d33236cb";
+  };
+in {
   services.nginx.virtualHosts = {
     "www.clerie.de" = {
       enableACME = true;
@@ -13,10 +19,20 @@
     "clerie.de" = {
       enableACME = true;
       forceSSL = true;
-      root = fetchGit {
-        url = "https://git.clerie.de/clerie/clerie.de.git";
-        ref = "main";
-        rev = "7fbb8042100fde4a8524eec656519eb8b48ae68a";
+      root = website;
+      locations."~ ^/.well-known/openpgpkey/hu/[a-z0-9]+/?$" = {
+        extraConfig = ''
+          default_type application/octet-stream;
+          add_header Access-Control-Allow-Origin * always;
+          try_files /gpg/clerie@clerie.de =404;
+        '';
+      };
+      locations."= /.well-known/openpgpkey/policy" = {
+        extraConfig = ''
+          default_type application/octet-stream;
+          add_header Access-Control-Allow-Origin * always;
+        '';
+        return = "200 ''";
       };
     };
   };