Provide GPG key using web key directory

2022-04-15 13:58:07 +02:00 · 2022-04-15 13:58:07 +02:00 · bb7d2e2b83
commit bb7d2e2b83
parent 5ba4163f95
1 changed files with 21 additions and 5 deletions
--- a/hosts/web-2/clerie.nix
+++ b/hosts/web-2/clerie.nix
@ -1,6 +1,12 @@
 { ... }:

-{
+let
+  website = fetchGit {
+    url = "https://git.clerie.de/clerie/clerie.de.git";
+    ref = "main";
+    rev = "23e7b06dc15a8dcc320b2db9508e2192d33236cb";
+  };
+in {
  services.nginx.virtualHosts = {
    "www.clerie.de" = {
      enableACME = true;
@ -13,10 +19,20 @@
    "clerie.de" = {
      enableACME = true;
      forceSSL = true;
-      root = fetchGit {
-        url = "https://git.clerie.de/clerie/clerie.de.git";
-        ref = "main";
-        rev = "7fbb8042100fde4a8524eec656519eb8b48ae68a";
+      root = website;
+      locations."~ ^/.well-known/openpgpkey/hu/[a-z0-9]+/?$" = {
+        extraConfig = ''
+          default_type application/octet-stream;
+          add_header Access-Control-Allow-Origin * always;
+          try_files /gpg/clerie@clerie.de =404;
+        '';
+      };
+      locations."= /.well-known/openpgpkey/policy" = {
+        extraConfig = ''
+          default_type application/octet-stream;
+          add_header Access-Control-Allow-Origin * always;
+        '';
+        return = "200 ''";
      };
    };
  };