diff --git a/flake.nix b/flake.nix index af9bb1a..059e36a 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ # flake for blakes nixos config # define new devices in outputs -# generation: 332 current 2025-10-11 20:07:14 25.05.20251006.20c4598 6.12.50 * +# generation: 333 current 2025-10-11 20:08:52 25.05.20251006.20c4598 6.12.50 * { description = "blakes nix config"; inputs = { diff --git a/modules/homelab/services/nginx-proxy/default.nix b/modules/homelab/services/nginx-proxy/default.nix index 900aba9..86a5c69 100644 --- a/modules/homelab/services/nginx-proxy/default.nix +++ b/modules/homelab/services/nginx-proxy/default.nix @@ -16,6 +16,12 @@ in enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; + commonHttpConfig = '' + error_page 404 = @youtube; + location @youtube { + return 302 https://www.youtube.com/watch?v=dQw4w9WgXcQ; + } + ''; }; # enable acme for auto ssl certs with lets encrypt security.acme = { @@ -23,14 +29,22 @@ in defaults.email = "me@blakedheld.xyz"; }; + systemd.tmpfiles.rules = [ + "d /var/www/keys 0755 nginx nginx -" + ]; + # static entries services.nginx.virtualHosts."key.${homelab.public_domain}" = { forceSSL = true; sslCertificate = sec."ssl_blakedheld_crt".path; sslCertificateKey = sec."ssl_blakedheld_key".path; - root = "/etc/webroot_keys"; - locations."/klefki_pub.asc" = { + root = "/var/www/keys"; + locations."/" = { index = "klefki_pub.asc"; + extraConfig = '' + add_header Content-Disposition "attachment; filename=klefki_pub.asc"; + default_type application/pgp-keys; + ''; }; }; @@ -48,7 +62,7 @@ in "klefki_pub.asc" = { owner = "nginx"; group = "nginx"; - path = "/etc/webroot_keys/klefki_pub.asc"; + path = "/var/www/keys/klefki_pub.asc"; }; }; };