feat(hosts/luna): advertise pgp key via WKD

2025-01-16 01:23:31 -06:00 · 2025-01-16 01:23:31 -06:00 · 0c961c1d4d
commit 0c961c1d4d
parent 1d88a02ccf
3 changed files with 45 additions and 31 deletions
--- a/hosts/luna/modules/services/nginx.nix
+++ b/hosts/luna/modules/services/nginx.nix
@ -1,31 +0,0 @@
-{ inputs, pkgs, ... }:
-{
-  services.nginx = {
-    enable = true;
-    recommendedProxySettings = true;
-    recommendedOptimisation = true;
-    recommendedGzipSettings = true;
-    recommendedTlsSettings = true;
-  };
-
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "price@price-hiller.com";
-  };
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-  services.nginx.virtualHosts = {
-    "price-hiller.com" = {
-      forceSSL = true;
-      enableACME = true;
-      root = inputs.blog.packages.${pkgs.system}.default;
-      locations."/".extraConfig = ''
-        if ($request_uri ~ ^/(.*)\.html(\?|$)) {
-            return 302 /$1;
-        }
-        try_files $uri $uri.html $uri/ =404;
-      '';
-      locations."/".index = "home.html";
-    };
-  };
-}
--- a/hosts/luna/modules/services/nginx/default.nix
+++ b/hosts/luna/modules/services/nginx/default.nix
@ -0,0 +1,45 @@
+{ inputs, pkgs, ... }:
+{
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedTlsSettings = true;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "price@price-hiller.com";
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+  services.nginx.virtualHosts = {
+    "price-hiller.com" = {
+      forceSSL = true;
+      enableACME = true;
+      root = inputs.blog.packages.${pkgs.system}.default;
+      locations = {
+        "/" = {
+          extraConfig = ''
+            if ($request_uri ~ ^/(.*)\.html(\?|$)) {
+                return 302 /$1;
+            }
+            try_files $uri $uri.html $uri/ =404;
+          '';
+          index = "home.html";
+        };
+        "/.well-known/openpgpkey/hu/rnmhgp3dsaq8hjgu49j8oongugr5cg4" = {
+          index = pkgs.writeText "pgp-pub-wkd" builtins.readFile ./public-pgp-key.asc;
+          extraConfig = ''
+            default_type application/octet-stream;
+            add_header Access-Control-Allow-Origin "*";
+          '';
+        };
+      };
+    };
+  };
+}
--- a/hosts/luna/modules/services/nginx/gpg-wkd/rnmhgp3dsaq8hjgu49j8oongugr5cg4j
+++ b/hosts/luna/modules/services/nginx/gpg-wkd/rnmhgp3dsaq8hjgu49j8oongugr5cg4j