diff options
| author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-05-12 19:06:15 +0200 |
|---|---|---|
| committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-05-25 16:43:39 +0200 |
| commit | 572cb127feab945be51609c75128ba9100deef9f (patch) | |
| tree | 9737f66611790b793917e9d528f9ed4f3a0e5c4e | |
| parent | build(flake): update (diff) | |
| download | nixos-server-572cb127feab945be51609c75128ba9100deef9f.tar.gz nixos-server-572cb127feab945be51609c75128ba9100deef9f.zip | |
feat(system/services/nginx): Add the GPG WKD
| -rw-r--r-- | system/services/nginx/default.nix | 17 | ||||
| -rw-r--r-- | system/services/nginx/hosts.nix | 26 | ||||
| -rw-r--r-- | system/services/nix-sync/default.nix | 18 |
3 files changed, 54 insertions, 7 deletions
diff --git a/system/services/nginx/default.nix b/system/services/nginx/default.nix index 3a0496d..7c2fa55 100644 --- a/system/services/nginx/default.nix +++ b/system/services/nginx/default.nix @@ -1,4 +1,4 @@ -{...}: let +{lib, ...}: let domains = import ./hosts.nix {}; importedRedirects = import ./redirects.nix {}; mkRedirect = { @@ -16,24 +16,29 @@ domain, root, url, + extraSettings ? {}, }: { name = "${domain}"; - value = { - forceSSL = true; - enableACME = true; - root = "${root}"; - }; + value = + lib.recursiveUpdate { + forceSSL = true; + enableACME = true; + root = "${root}"; + } + extraSettings; }; mkNixSyncRepository = { domain, root, url, + extraSettings ? {}, }: { name = "${domain}"; value = { path = "${root}"; uri = "${url}"; + inherit extraSettings; }; }; diff --git a/system/services/nginx/hosts.nix b/system/services/nginx/hosts.nix index 5d27af7..0f6c09e 100644 --- a/system/services/nginx/hosts.nix +++ b/system/services/nginx/hosts.nix @@ -1,4 +1,14 @@ -{...}: [ +{...}: let + extraWkdSettings = { + locations."/.well-known/openpgpkey/hu/".extraConfig = '' + default_type application/octet-stream; + + # Came from: https://www.uriports.com/blog/setting-up-openpgp-web-key-directory/ + # No idea if it is actually necessary + # add_header Access-Control-Allow-Origin * always; + ''; + }; +in [ { domain = "vhack.eu"; root = "/etc/nginx/websites/vhack.eu"; @@ -9,4 +19,18 @@ root = "/etc/nginx/websites/b-peetz.de"; url = "https://codeberg.org/bpeetz/b-peetz.de.git"; } + + # WKD + { + domain = "openpgpkey.b-peetz.de"; + root = "/etc/nginx/websites/openpgpkey.b-peetz.de"; + url = "https://codeberg.org/vhack.eu/gpg_wkd.git"; + extraSettings = extraWkdSettings; + } + { + domain = "openpgpkey.vhack.eu"; + root = "/etc/nginx/websites/openpgpkey.vhack.eu"; + url = "https://codeberg.org/vhack.eu/gpg_wkd.git"; + extraSettings = extraWkdSettings; + } ] diff --git a/system/services/nix-sync/default.nix b/system/services/nix-sync/default.nix index 9826870..5ee31dd 100644 --- a/system/services/nix-sync/default.nix +++ b/system/services/nix-sync/default.nix @@ -185,6 +185,24 @@ ''; }; + extraSettings = lib.mkOption { + type = lib.types.attrsOf lib.types.anything; + example = lib.literalExpression '' + { + locations."/.well-known/openpgpkey/hu/" = { + extraConfig = \'\' + default_type application/octet-stream; + + add_header Access-Control-Allow-Origin * always; + \'\'; + }; + } + ''; + description = '' + Extra config to add the the nginx virtual host. + ''; + }; + interval = lib.mkOption { type = lib.types.int; default = 500; |