feat(system/services/nginx): Add the GPG WKD

author: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2024-05-12 19:06:15 +0200
committer: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2024-05-25 16:43:39 +0200
commit: 572cb127feab945be51609c75128ba9100deef9f (patch)
tree: 9737f66611790b793917e9d528f9ed4f3a0e5c4e /system/services
parent: build(flake): update (diff)
download: nixos-server-572cb127feab945be51609c75128ba9100deef9f.zip
3 files changed, 54 insertions, 7 deletions
diff --git a/system/services/nginx/default.nix b/system/services/nginx/default.nix
index 3a0496d..7c2fa55 100644
--- a/system/services/nginx/default.nix
+++ b/system/services/nginx/default.nix
@@ -1,4 +1,4 @@
-{...}: let
+{lib, ...}: let
   domains = import ./hosts.nix {};
   importedRedirects = import ./redirects.nix {};
   mkRedirect = {
@@ -16,24 +16,29 @@
     domain,
     root,
     url,
+    extraSettings ? {},
   }: {
     name = "${domain}";
-    value = {
-      forceSSL = true;
-      enableACME = true;
-      root = "${root}";
-    };
+    value =
+      lib.recursiveUpdate {
+        forceSSL = true;
+        enableACME = true;
+        root = "${root}";
+      }
+      extraSettings;
   };
 
   mkNixSyncRepository = {
     domain,
     root,
     url,
+    extraSettings ? {},
   }: {
     name = "${domain}";
     value = {
       path = "${root}";
       uri = "${url}";
+      inherit extraSettings;
     };
   };
 
diff --git a/system/services/nginx/hosts.nix b/system/services/nginx/hosts.nix
index 5d27af7..0f6c09e 100644
--- a/system/services/nginx/hosts.nix
+++ b/system/services/nginx/hosts.nix
@@ -1,4 +1,14 @@
-{...}: [
+{...}: let
+  extraWkdSettings = {
+    locations."/.well-known/openpgpkey/hu/".extraConfig = ''
+      default_type application/octet-stream;
+
+      # Came from: https://www.uriports.com/blog/setting-up-openpgp-web-key-directory/
+      # No idea if it is actually necessary
+      # add_header Access-Control-Allow-Origin * always;
+    '';
+  };
+in [
   {
     domain = "vhack.eu";
     root = "/etc/nginx/websites/vhack.eu";
@@ -9,4 +19,18 @@
     root = "/etc/nginx/websites/b-peetz.de";
     url = "https://codeberg.org/bpeetz/b-peetz.de.git";
   }
+
+  # WKD
+  {
+    domain = "openpgpkey.b-peetz.de";
+    root = "/etc/nginx/websites/openpgpkey.b-peetz.de";
+    url = "https://codeberg.org/vhack.eu/gpg_wkd.git";
+    extraSettings = extraWkdSettings;
+  }
+  {
+    domain = "openpgpkey.vhack.eu";
+    root = "/etc/nginx/websites/openpgpkey.vhack.eu";
+    url = "https://codeberg.org/vhack.eu/gpg_wkd.git";
+    extraSettings = extraWkdSettings;
+  }
 ]
diff --git a/system/services/nix-sync/default.nix b/system/services/nix-sync/default.nix
index 9826870..5ee31dd 100644
--- a/system/services/nix-sync/default.nix
+++ b/system/services/nix-sync/default.nix
@@ -185,6 +185,24 @@
         '';
       };
 
+      extraSettings = lib.mkOption {
+        type = lib.types.attrsOf lib.types.anything;
+        example = lib.literalExpression ''
+          {
+            locations."/.well-known/openpgpkey/hu/" = {
+              extraConfig = \'\'
+                  default_type application/octet-stream;
+
+                  add_header Access-Control-Allow-Origin * always;
+                \'\';
+            };
+          }
+        '';
+        description = ''
+          Extra config to add the the nginx virtual host.
+        '';
+      };
+
       interval = lib.mkOption {
         type = lib.types.int;
         default = 500;
author	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2024-05-12 19:06:15 +0200
committer	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2024-05-25 16:43:39 +0200
commit	572cb127feab945be51609c75128ba9100deef9f (patch)
tree	9737f66611790b793917e9d528f9ed4f3a0e5c4e /system/services
parent	build(flake): update (diff)
download	nixos-server-572cb127feab945be51609c75128ba9100deef9f.zip