From bb7adf97d52b23de589002397d90277ab1bdd0d7 Mon Sep 17 00:00:00 2001
From: "quentin@aristote.fr" <quentin@aristote.fr>
Date: Thu, 29 Jan 2026 22:20:00 +0100
Subject: webkeydirectory: 444 on wrong urls

---
 config/services/web/webkeydirectory/default.nix | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'config/services')

diff --git a/config/services/web/webkeydirectory/default.nix b/config/services/web/webkeydirectory/default.nix
index 1adbdbe..cf96119 100644
--- a/config/services/web/webkeydirectory/default.nix
+++ b/config/services/web/webkeydirectory/default.nix
@@ -1,7 +1,9 @@
 { config, ... }:
 
-let webkeydirectoryPath = "/.well-known/openpgpkey/${config.networking.domain}";
-in {
+let
+  webkeydirectoryPath = "/.well-known/openpgpkey/${config.networking.domain}";
+in
+{
   services.nginx.virtualHosts.webkeydirectory = {
     serverName = "openpgpkey.${config.networking.domain}";
     locations = {
@@ -13,6 +15,9 @@ in {
         '';
       };
       "=${webkeydirectoryPath}/policy".alias = builtins.toFile "policy" "";
+      "/".extraConfig = ''
+        return 444;
+      '';
     };
     forceSSL = true;
     enableACME = true;
-- 
cgit v1.2.3