Provide GPG key using web key directory

2022-04-15 13:58:07 +02:00 · 2022-04-15 13:58:07 +02:00 · bb7d2e2b83
commit bb7d2e2b83
parent 5ba4163f95
1 changed files with 21 additions and 5 deletions
--- a/hosts/web-2/clerie.nix
+++ b/hosts/web-2/clerie.nix
@ -1,6 +1,12 @@
 { ... }:
-{
+let
  website = fetchGit {
    url = "https://git.clerie.de/clerie/clerie.de.git";
    ref = "main";
    rev = "23e7b06dc15a8dcc320b2db9508e2192d33236cb";
  };
 in {
  services.nginx.virtualHosts = {
    "www.clerie.de" = {
      enableACME = true;
@ -13,10 +19,20 @@
    "clerie.de" = {
      enableACME = true;
      forceSSL = true;
-      root = fetchGit {
+      root = website;
-        url = "https://git.clerie.de/clerie/clerie.de.git";
+      locations."~ ^/.well-known/openpgpkey/hu/[a-z0-9]+/?$" = {
-        ref = "main";
+        extraConfig = ''
-        rev = "7fbb8042100fde4a8524eec656519eb8b48ae68a";
+          default_type application/octet-stream;
          add_header Access-Control-Allow-Origin * always;
          try_files /gpg/clerie@clerie.de =404;
        '';
      };
      locations."= /.well-known/openpgpkey/policy" = {
        extraConfig = ''
          default_type application/octet-stream;
          add_header Access-Control-Allow-Origin * always;
        '';
        return = "200 ''";
      };
    };
  };