diff options
| -rw-r--r-- | config/services/web/webkeydirectory/default.nix | 16 | ||||
| -rw-r--r-- | config/services/web/webkeydirectory/hu/44hqjnz5rw4mrr9d18fmecyskbmwxetw | bin | 0 -> 2929 bytes | |||
| -rw-r--r-- | tests/vm.nix | 47 |
3 files changed, 24 insertions, 39 deletions
diff --git a/config/services/web/webkeydirectory/default.nix b/config/services/web/webkeydirectory/default.nix index 00844b9..0c222f6 100644 --- a/config/services/web/webkeydirectory/default.nix +++ b/config/services/web/webkeydirectory/default.nix @@ -1,13 +1,17 @@ { config, ... }: -{ +let webkeydirectoryPath = "/.well-known/openpgpkey/${config.networking.domain}"; +in { services.nginx.virtualHosts.webkeydirectory = { serverName = "openpgpkey.${config.networking.domain}"; - locations."/.well-known/openpgpkey/${config.networking.domain}/hu/" = { -root = null; - default_type = "application/octet-stream"; - add_header = Access-Control-Allow-Origin * always; -} + locations."${webkeydirectoryPath}/hu/" = { + root = ./hu; + extraConfig = '' + default_type "application/octet-stream"; + add_header Access-Control-Allow-Origin * always; + ''; + }; + locations."${webkeydirectoryPath}/policy".root = toFile policy ""; forceSSL = true; enableACME = true; }; diff --git a/config/services/web/webkeydirectory/hu/44hqjnz5rw4mrr9d18fmecyskbmwxetw b/config/services/web/webkeydirectory/hu/44hqjnz5rw4mrr9d18fmecyskbmwxetw Binary files differnew file mode 100644 index 0000000..d0bce98 --- /dev/null +++ b/config/services/web/webkeydirectory/hu/44hqjnz5rw4mrr9d18fmecyskbmwxetw diff --git a/tests/vm.nix b/tests/vm.nix index 4894cec..e878c12 100644 --- a/tests/vm.nix +++ b/tests/vm.nix @@ -4,6 +4,14 @@ let nginxPorts = lib.concatLists (lib.mapAttrsToList (_: cfg: (builtins.map (x: x.port) cfg.listen)) config.services.nginx.virtualHosts); + nginxMakeLocal = port: { + listen = lib.mkForce [{ + inherit port; + addr = "0.0.0.0"; + }]; + forceSSL = lib.mkForce false; + enableACME = lib.mkForce false; + }; in { imports = [ ../configuration.nix ]; @@ -17,41 +25,14 @@ in { firewall = { allowedTCPPorts = nginxPorts; }; }; - services.filtron.rules = lib.mkForce []; + services.filtron.rules = lib.mkForce [ ]; services.nginx.virtualHosts = { - quentin = { - listen = lib.mkForce [{ - addr = "0.0.0.0"; - port = 8080; - }]; - forceSSL = lib.mkForce false; - enableACME = lib.mkForce false; - }; - searx = { - listen = lib.mkForce [{ - addr = "0.0.0.0"; - port = 8081; - }]; - forceSSL = lib.mkForce false; - enableACME = lib.mkForce false; - }; - money = { - listen = lib.mkForce [{ - addr = "0.0.0.0"; - port = 8082; - }]; - forceSSL = lib.mkForce false; - enableACME = lib.mkForce false; - }; - rss = { - listen = lib.mkForce [{ - addr = "0.0.0.0"; - port = 8083; - }]; - forceSSL = lib.mkForce false; - enableACME = lib.mkForce false; - }; + quentin = nginxMakeLocal 8080; + searx = nginxMakeLocal 8081; + money = nginxMakeLocal 8082; + rss = nginxMakeLocal 8083; + webkeydirectory = nginxMakeLocal 8084; }; environment.etc."searx/secrets".text = '' |