Automate WKD setup

1 files changed, 26 insertions, 1 deletions

diff --git a/mail.nix b/mail.nix
index 9e363ef..1fd2d01 100644
--- a/mail.nix
+++ b/mail.nix
@@ -88,6 +88,31 @@ in {
         };
       };
 
+      ${domain}.locations."^~ /.well-known/openpgpkey" = {
+        root = with pkgs; stdenvNoCC.mkDerivation {
+          pname = "wkd";
+          version = domain;
+          src = ./wkd;
+          nativeBuildInputs = [ gnupg ];
+          installPhase = let
+            printWKDHash = "${gnupg}/libexec/gpg-wks-client --print-wkd-hash";
+          in ''
+            hu=$out/.well-known/openpgpkey/hu
+            mkdir -p $hu
+            for key in *.asc
+            do
+              mb="''${key%.asc}@${domain}"
+              hash=$(echo "$mb" | ${printWKDHash})
+              gpg --dearmor < "$key" > $hu/''${hash%" $mb"}
+            done
+            touch $out/.well-known/openpgpkey/policy
+          '';
+        };
+        extraConfig = ''
+          add_header Access-Control-Allow-Origin *;
+        '';
+      };
+
       ${hostname} = let alps = config.services.alps;
       in {
         enableACME = true;
@@ -97,6 +122,6 @@ in {
     };
   };
 
-  systemd.services.alps.serviceConfig.Requires = "maddy.service";
+  systemd.services.alps.unitConfig.Requires = "maddy.service";
   users.extraUsers.maddy.extraGroups = [ "nginx" "shadow" ];
 }