333 current 2025-10-11 20:08:52 25.05.20251006.20c4598 6.12.50 *

flake.nix

@@ -1,6 +1,6 @@
 # flake for blakes nixos config
 # define new devices in outputs
-# generation: 332 current  2025-10-11 20:07:14  25.05.20251006.20c4598  6.12.50                          *
+# generation: 333 current  2025-10-11 20:08:52  25.05.20251006.20c4598  6.12.50                          *
 {
   description = "blakes nix config";
   inputs = {

modules/homelab/services/nginx-proxy/default.nix

@@ -16,6 +16,12 @@ in
       enable = true;
       recommendedProxySettings = true;
       recommendedTlsSettings = true;
+      commonHttpConfig = ''
+        error_page 404 = @youtube;
+        location @youtube {
+          return 302 https://www.youtube.com/watch?v=dQw4w9WgXcQ;
+        }
+      '';
     };
     # enable acme for auto ssl certs with lets encrypt
     security.acme = {
@@ -23,14 +29,22 @@ in
       defaults.email = "me@blakedheld.xyz";
     };
 
+  systemd.tmpfiles.rules = [
+    "d /var/www/keys 0755 nginx nginx -"
+  ];
+
     # static entries
     services.nginx.virtualHosts."key.${homelab.public_domain}" = {
       forceSSL = true;
       sslCertificate = sec."ssl_blakedheld_crt".path;
       sslCertificateKey = sec."ssl_blakedheld_key".path;
-      root = "/etc/webroot_keys";
+      root = "/var/www/keys";
-      locations."/klefki_pub.asc" = {
+      locations."/" = {
         index = "klefki_pub.asc";
+        extraConfig = ''
+          add_header Content-Disposition "attachment; filename=klefki_pub.asc";
+          default_type application/pgp-keys;
+        '';
       };
     };
 
@@ -48,7 +62,7 @@ in
       "klefki_pub.asc" = {
         owner = "nginx";
         group = "nginx";
-        path = "/etc/webroot_keys/klefki_pub.asc";
+        path = "/var/www/keys/klefki_pub.asc";
       };
     };
   };