rob thijssen
8ceabed354
All checks were successful
poll-upstream / check (push) Successful in 2s
Add script/setup/gpg.sh to generate a dedicated lair keyring with a certify-only master key and a 1-year signing subkey, cross-signed by both personal keys. The public key is synced to oolon as <short-id>.gpg. Update nginx config to serve any .gpg file instead of a hardcoded RPM-GPG-KEY-mistralrs path, supporting multiple keys as the repo grows. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
37 lines
813 B
Plaintext
37 lines
813 B
Plaintext
server {
|
|
server_name rpm.lair.cafe;
|
|
listen 443 ssl;
|
|
http2 on;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/rpm.lair.cafe/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/rpm.lair.cafe/privkey.pem;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ecdh_curve X25519:secp256r1:secp384r1;
|
|
|
|
root /var/www/rpm;
|
|
|
|
autoindex on;
|
|
autoindex_exact_size off;
|
|
autoindex_localtime on;
|
|
|
|
types {
|
|
application/x-rpm rpm;
|
|
application/xml xml;
|
|
}
|
|
default_type application/octet-stream;
|
|
|
|
location ~ \.rpm$ {
|
|
expires 30d;
|
|
add_header Cache-Control "public, immutable";
|
|
}
|
|
|
|
location ~ /repodata/ {
|
|
expires -1;
|
|
add_header Cache-Control "no-cache, must-revalidate";
|
|
}
|
|
|
|
location ~ \.gpg$ {
|
|
default_type text/plain;
|
|
}
|
|
}
|