From bb7d2e2b83a46a8e1a5570389a19c23df05b5320 Mon Sep 17 00:00:00 2001 From: clerie Date: Fri, 15 Apr 2022 13:58:07 +0200 Subject: [PATCH] Provide GPG key using web key directory --- hosts/web-2/clerie.nix | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/hosts/web-2/clerie.nix b/hosts/web-2/clerie.nix index b658a65..f6e300c 100644 --- a/hosts/web-2/clerie.nix +++ b/hosts/web-2/clerie.nix @@ -1,6 +1,12 @@ { ... }: -{ +let + website = fetchGit { + url = "https://git.clerie.de/clerie/clerie.de.git"; + ref = "main"; + rev = "23e7b06dc15a8dcc320b2db9508e2192d33236cb"; + }; +in { services.nginx.virtualHosts = { "www.clerie.de" = { enableACME = true; @@ -13,10 +19,20 @@ "clerie.de" = { enableACME = true; forceSSL = true; - root = fetchGit { - url = "https://git.clerie.de/clerie/clerie.de.git"; - ref = "main"; - rev = "7fbb8042100fde4a8524eec656519eb8b48ae68a"; + root = website; + locations."~ ^/.well-known/openpgpkey/hu/[a-z0-9]+/?$" = { + extraConfig = '' + default_type application/octet-stream; + add_header Access-Control-Allow-Origin * always; + try_files /gpg/clerie@clerie.de =404; + ''; + }; + locations."= /.well-known/openpgpkey/policy" = { + extraConfig = '' + default_type application/octet-stream; + add_header Access-Control-Allow-Origin * always; + ''; + return = "200 ''"; }; }; };