diff options
author | Nguyễn Gia Phong <cnx@loang.net> | 2023-09-11 17:25:05 +0900 |
---|---|---|
committer | Nguyễn Gia Phong <cnx@loang.net> | 2023-09-11 17:25:05 +0900 |
commit | bdb52bca2f047282b1b0e766134905eda6948231 (patch) | |
tree | 210d99993ecf21ffc320acee726de2d2236d5985 /mail.nix | |
parent | 165dba5d3c0de2eb9c2b1398ec6f608a3871683f (diff) | |
download | nixos-conf-bdb52bca2f047282b1b0e766134905eda6948231.tar.gz |
Automate WKD setup
Diffstat (limited to 'mail.nix')
-rw-r--r-- | mail.nix | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/mail.nix b/mail.nix index 9e363ef..1fd2d01 100644 --- a/mail.nix +++ b/mail.nix @@ -88,6 +88,31 @@ in { }; }; + ${domain}.locations."^~ /.well-known/openpgpkey" = { + root = with pkgs; stdenvNoCC.mkDerivation { + pname = "wkd"; + version = domain; + src = ./wkd; + nativeBuildInputs = [ gnupg ]; + installPhase = let + printWKDHash = "${gnupg}/libexec/gpg-wks-client --print-wkd-hash"; + in '' + hu=$out/.well-known/openpgpkey/hu + mkdir -p $hu + for key in *.asc + do + mb="''${key%.asc}@${domain}" + hash=$(echo "$mb" | ${printWKDHash}) + gpg --dearmor < "$key" > $hu/''${hash%" $mb"} + done + touch $out/.well-known/openpgpkey/policy + ''; + }; + extraConfig = '' + add_header Access-Control-Allow-Origin *; + ''; + }; + ${hostname} = let alps = config.services.alps; in { enableACME = true; @@ -97,6 +122,6 @@ in { }; }; - systemd.services.alps.serviceConfig.Requires = "maddy.service"; + systemd.services.alps.unitConfig.Requires = "maddy.service"; users.extraUsers.maddy.extraGroups = [ "nginx" "shadow" ]; } |