server {
    server_name rpm.lair.cafe;
    listen 443 ssl;
    http2 on;

    ssl_certificate /etc/letsencrypt/live/rpm.lair.cafe/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/rpm.lair.cafe/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ecdh_curve X25519:secp256r1:secp384r1;

    root /var/www/rpm;

    autoindex on;
    autoindex_exact_size off;
    autoindex_localtime on;

    types {
        application/x-rpm rpm;
        application/xml xml;
    }
    default_type application/octet-stream;

    location ~ \.rpm$ {
        expires 30d;
        add_header Cache-Control "public, immutable";
    }

    location ~ /repodata/ {
        expires -1;
        add_header Cache-Control "no-cache, must-revalidate";
    }

    location = /RPM-GPG-KEY-mistralrs {
        default_type text/plain;
    }
}