config/services/web/webkeydirectory/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

{ config, ... }:

let webkeydirectoryPath = "/.well-known/openpgpkey/${config.networking.domain}";
in {
  services.nginx.virtualHosts.webkeydirectory = {
    serverName = "openpgpkey.${config.networking.domain}";
    locations."${webkeydirectoryPath}/hu/" = {
      root = ./hu;
      extraConfig = ''
        default_type        "application/octet-stream";
        add_header          Access-Control-Allow-Origin * always;
      '';
    };
    locations."${webkeydirectoryPath}/policy".root = toFile policy "";
    forceSSL = true;
    enableACME = true;
  };
}