From eda3ab9aab48dbcf3d3c92f154a6fb25c04989dd Mon Sep 17 00:00:00 2001 From: Fabian Montero Date: Wed, 18 Sep 2024 20:51:09 -0600 Subject: [PATCH] add index of pki --- pki/{fabian.pub => fabian.ssh} | 0 pki/fabian_primary.gpg | 25 +++++++++++++++++++++++++ pki/fabian_yubikey.gpg | 19 +++++++++++++++++++ sys/default.nix | 2 +- sys/srv/net.nix | 14 +++++++++++++- 5 files changed, 58 insertions(+), 2 deletions(-) rename pki/{fabian.pub => fabian.ssh} (100%) create mode 100644 pki/fabian_primary.gpg create mode 100644 pki/fabian_yubikey.gpg diff --git a/pki/fabian.pub b/pki/fabian.ssh similarity index 100% rename from pki/fabian.pub rename to pki/fabian.ssh diff --git a/pki/fabian_primary.gpg b/pki/fabian_primary.gpg new file mode 100644 index 0000000..a84bcab --- /dev/null +++ b/pki/fabian_primary.gpg @@ -0,0 +1,25 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEZHlROBYJKwYBBAHaRw8BAQdAhzA1JCghQ6KoHOuf6JPQhEmchHLVXFVye4I2 +pRUOUMO0KkZhYmlhbiBNb250ZXJvIDxmYWJpYW5AcG9zaXhseWNvcnJlY3QuY29t +PoiUBBMWCgA8FiEEeqJ35gSkFzkWu7TpH/rDXheYF08FAmR5UTgCGwMFCQlmAYAE +CwkIBwQVCgkIBRYCAwEAAh4FAheAAAoJEB/6w14XmBdPP2EA/i9ugFxpIFF6oOQs +clMfr+sNj6Il0OUTJK0dqpp4mGorAP0awa6nfhU8T1Ju7UWr6cfSmnL4bM6M/4Z3 +D+AF/L5PBokCMwQQAQoAHRYhBOd6gIv5qVXWaO7qZHP6nJy18CSbBQJkeVKDAAoJ +EHP6nJy18CSbzTkP/Reio0ObRrRW+QSw62ZXrUG0mFcNeeoM9amldCToFRyGnSDu +wtZ9nqwLiTJ01VPBOsEZLsl4VonO3rdadqnMTZ3XqKK9VHBl6UNot3DQ8INDAcko +GW1zvEdxNkpMxhtAja0JkcBdG7+zxc2aEGeKfEna2qDXA+xtYw5+pssOWYMip7hm +jQ2NzYMYav2KYRBC7eXTkAIIIJi/l9pR1IwHtY3a0gfbkQymgCyt5wVG6LneYFIR ++ycNVCObwyP8gFASdId0bWnA23rkilc9ZBOCps/cGfDLM+KQ+sLAWBFBQyQeEjcv +tU+pLXncAEvWy/SFmprVSLDQMMooFaEJMZChojGcCkwAPG1twsihqIA3E44Q3/+G +K0gZN57jGMnfvuQiuLuttOMdu27KwEu++t3YUt0P6S4kARpx51zZJ7A2Yj2u22aM +7EL8qq6KTNdNoS7FgwQkrWbokdDZIl0HV+5TeMQfylPqOPhuFK/1A9qztqknBPVY +QUx2t6FZUgH9sT7uD+5gXxyeqmEIFo2i6D8G/4TEPbKtWivJfeOqDEBn4QEY2nvE +zgJLLU5XCv9xPz5rizRCa+h+kg+i4mH6fLCBCCAPXsbAAo0gUlGJvX4slPh7uPOa +T2r7A/7uezResBzP/L/vostlmjO5c8cOl9Wc6D1kRZq17/AjMUgy6+KR3iVnuDgE +ZHlROBIKKwYBBAGXVQEFAQEHQPRbCS2p8xpt3fRxfyRnDOdH9pULY4NtGmZUS0ve +ZGkTAwEIB4h+BBgWCgAmFiEEeqJ35gSkFzkWu7TpH/rDXheYF08FAmR5UTgCGwwF +CQlmAYAACgkQH/rDXheYF0/65AD+LtDeedCYv9zs+1Ia3DvejVZM256WEH+dRH5h +Pm3RzQ8A/2+bXRnfsgGqacj/kKEL3spuos95ngRNRkrQ39nc1koP +=PAxr +-----END PGP PUBLIC KEY BLOCK----- diff --git a/pki/fabian_yubikey.gpg b/pki/fabian_yubikey.gpg new file mode 100644 index 0000000..15555b9 --- /dev/null +++ b/pki/fabian_yubikey.gpg @@ -0,0 +1,19 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEZukhMBYJKwYBBAHaRw8BAQdAC/Gy2p7RPFw3k+ROFnKpJvCVqQb+BUYboE2u +CP1kz/C0KkZhYmlhbiBNb250ZXJvIDxmYWJpYW5AcG9zaXhseWNvcnJlY3QuY29t +PoiTBBMWCgA7FiEEcgbY7iR0898Y6odvDsFpH/jBqB8FAmbpITACGwMFCwkIBwIC +IgIGFQoJCAsCBBYCAwECHgcCF4AACgkQDsFpH/jBqB+oGwEAhmegCZJAt8Opv/9+ +HBbL51f2035qymHPgkV/SyFM1GEBAOVQY6A5U+NrLNiaQTN5Z7jcfQuBobzk4ksn +RzROhTcAiHUEEBYKAB0WIQR6onfmBKQXORa7tOkf+sNeF5gXTwUCZutnFQAKCRAf ++sNeF5gXT1juAQDsH/lDorfMdWxuP87eV9OP8jQvibuTuZ9n2jUllXsLcQEA5gDJ +05NW5Tw2g9mvlrocWr7N2/PC5UvFct4akwDXtA+4MwRm6SEwFgkrBgEEAdpHDwEB +B0AHSmncE+krtL9ZGe4eq865vjaLiUAVnZQaVObKm11CBYh4BBgWCgAgFiEEcgbY +7iR0898Y6odvDsFpH/jBqB8FAmbpITACGyAACgkQDsFpH/jBqB+hBwD/Y9vAcbPG +CTmZvtgYlZW5Oey5T3hHoANv1THOZwv9G58BALEBZRvDztmYPjRaMyAMonrpc2P0 +GPHYLcqCPVbjkaAKuDgEZukhMBIKKwYBBAGXVQEFAQEHQC2+QJcHEJjdZikBYeMj +ks53MjfeawAXU31KtAU60KACAwEIB4h4BBgWCgAgFiEEcgbY7iR0898Y6odvDsFp +H/jBqB8FAmbpITACGwwACgkQDsFpH/jBqB+0TwD+K4IcFstNGLrijlgH2zuQaI+p +8QT8AInjSpGfC4zcMlEBAIVYvdTYw4IXPSQOs0qPyR0nhfGIeoBMeWrAAfoxQ0oB +=wpc0 +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/sys/default.nix b/sys/default.nix index 37f91ea..14867c4 100644 --- a/sys/default.nix +++ b/sys/default.nix @@ -62,7 +62,7 @@ with lib; { group = "fabian"; shell = pkgs.zsh; extraGroups = ["users" "wheel" "networkmanager" "dialout" "libvirtd"]; - openssh.authorizedKeys.keyFiles = [../pki/fabian.pub]; + openssh.authorizedKeys.keyFiles = [../pki/fabian.ssh]; }; groups.fabian.gid = 1000; }; diff --git a/sys/srv/net.nix b/sys/srv/net.nix index 9d22700..30a92be 100644 --- a/sys/srv/net.nix +++ b/sys/srv/net.nix @@ -32,7 +32,19 @@ with lib; { "posixlycorrect.com" = { forceSSL = true; enableACME = true; - root = "${pkgs.local.homepage}"; + locations = { + "/".root = "${pkgs.local.homepage}"; + + "~ ^/pki(?:/(.*))?$" = { # https://serverfault.com/a/476368 + alias = "${../../pki}/$1"; + extraConfig = '' + autoindex on; + autoindex_exact_size on; + autoindex_localtime on; + autoindex_format html; + ''; + }; + }; }; }; };