From bb7d2e2b83a46a8e1a5570389a19c23df05b5320 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Fri, 15 Apr 2022 13:58:07 +0200
Subject: [PATCH] Provide GPG key using web key directory

---
 hosts/web-2/clerie.nix | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/hosts/web-2/clerie.nix b/hosts/web-2/clerie.nix
index b658a65..f6e300c 100644
--- a/hosts/web-2/clerie.nix
+++ b/hosts/web-2/clerie.nix
@@ -1,6 +1,12 @@
 { ... }:
 
-{
+let
+  website = fetchGit {
+    url = "https://git.clerie.de/clerie/clerie.de.git";
+    ref = "main";
+    rev = "23e7b06dc15a8dcc320b2db9508e2192d33236cb";
+  };
+in {
   services.nginx.virtualHosts = {
     "www.clerie.de" = {
       enableACME = true;
@@ -13,10 +19,20 @@
     "clerie.de" = {
       enableACME = true;
       forceSSL = true;
-      root = fetchGit {
-        url = "https://git.clerie.de/clerie/clerie.de.git";
-        ref = "main";
-        rev = "7fbb8042100fde4a8524eec656519eb8b48ae68a";
+      root = website;
+      locations."~ ^/.well-known/openpgpkey/hu/[a-z0-9]+/?$" = {
+        extraConfig = ''
+          default_type application/octet-stream;
+          add_header Access-Control-Allow-Origin * always;
+          try_files /gpg/clerie@clerie.de =404;
+        '';
+      };
+      locations."= /.well-known/openpgpkey/policy" = {
+        extraConfig = ''
+          default_type application/octet-stream;
+          add_header Access-Control-Allow-Origin * always;
+        '';
+        return = "200 ''";
       };
     };
   };