webkeydirectory: 444 on wrong urls

author: quentin@aristote.fr <quentin@aristote.fr> 2026-01-29 22:20:00 +0100
committer: quentin@aristote.fr <quentin@aristote.fr> 2026-01-29 22:20:00 +0100
commit: bb7adf97d52b23de589002397d90277ab1bdd0d7 (patch)
tree: 0e5d4e2b59a580dc59786a85600ba9711696861d /config/services/web
parent: 4d3b399ce8e4d128e495196c1504675806cf934e (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/config/services/web/webkeydirectory/default.nix b/config/services/web/webkeydirectory/default.nix
index 1adbdbe..cf96119 100644
--- a/config/services/web/webkeydirectory/default.nix
+++ b/config/services/web/webkeydirectory/default.nix
@@ -1,7 +1,9 @@
 { config, ... }:
 
-let webkeydirectoryPath = "/.well-known/openpgpkey/${config.networking.domain}";
-in {
+let
+  webkeydirectoryPath = "/.well-known/openpgpkey/${config.networking.domain}";
+in
+{
   services.nginx.virtualHosts.webkeydirectory = {
     serverName = "openpgpkey.${config.networking.domain}";
     locations = {
@@ -13,6 +15,9 @@ in {
         '';
       };
       "=${webkeydirectoryPath}/policy".alias = builtins.toFile "policy" "";
+      "/".extraConfig = ''
+        return 444;
+      '';
     };
     forceSSL = true;
     enableACME = true;
author	quentin@aristote.fr <quentin@aristote.fr>	2026-01-29 22:20:00 +0100
committer	quentin@aristote.fr <quentin@aristote.fr>	2026-01-29 22:20:00 +0100
commit	bb7adf97d52b23de589002397d90277ab1bdd0d7 (patch)
tree	0e5d4e2b59a580dc59786a85600ba9711696861d /config/services/web
parent	4d3b399ce8e4d128e495196c1504675806cf934e (diff)