333 current 2025-10-11 20:08:52 25.05.20251006.20c4598 6.12.50 *

2025-10-11 20:16:55 -05:00
parent 4e183acd6f
commit 09b23d71f5
2 changed files with 18 additions and 4 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,6 @@
 # flake for blakes nixos config
 # define new devices in outputs
-# generation: 332 current  2025-10-11 20:07:14  25.05.20251006.20c4598  6.12.50                          *
+# generation: 333 current  2025-10-11 20:08:52  25.05.20251006.20c4598  6.12.50                          *
 {
  description = "blakes nix config";
  inputs = {
--- a/modules/homelab/services/nginx-proxy/default.nix
+++ b/modules/homelab/services/nginx-proxy/default.nix
@@ -16,6 +16,12 @@ in
      enable = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
+      commonHttpConfig = ''
+        error_page 404 = @youtube;
+        location @youtube {
+          return 302 https://www.youtube.com/watch?v=dQw4w9WgXcQ;
+        }
+      '';
    };
    # enable acme for auto ssl certs with lets encrypt
    security.acme = {
@@ -23,14 +29,22 @@ in
      defaults.email = "me@blakedheld.xyz";
    };

+  systemd.tmpfiles.rules = [
+    "d /var/www/keys 0755 nginx nginx -"
+  ];
+
    # static entries
    services.nginx.virtualHosts."key.${homelab.public_domain}" = {
      forceSSL = true;
      sslCertificate = sec."ssl_blakedheld_crt".path;
      sslCertificateKey = sec."ssl_blakedheld_key".path;
-      root = "/etc/webroot_keys";
-      locations."/klefki_pub.asc" = {
+      root = "/var/www/keys";
+      locations."/" = {
        index = "klefki_pub.asc";
+        extraConfig = ''
+          add_header Content-Disposition "attachment; filename=klefki_pub.asc";
+          default_type application/pgp-keys;
+        '';
      };
    };

@@ -48,7 +62,7 @@ in
      "klefki_pub.asc" = {
        owner = "nginx";
        group = "nginx";
-        path = "/etc/webroot_keys/klefki_pub.asc";
+        path = "/var/www/keys/klefki_pub.asc";
      };
    };
  };