add my public keys to https://fcuny.net/ssh.pub

author: Franck Cuny <franck@fcuny.net> 2026-01-12 08:41:09 -0800
committer: Franck Cuny <franck@fcuny.net> 2026-01-12 08:41:09 -0800
commit: 3d08bae9997f7e62934efcbb4d96cd9e92ead40c (patch)
tree: 2c9610944f490cb9969d3a2ad4abec3d1f8da4ab /profiles
parent: add ssh key for builder (diff)
download: infra-3d08bae9997f7e62934efcbb4d96cd9e92ead40c.tar.gz
1 files changed, 18 insertions, 0 deletions
diff --git a/profiles/reverse-proxy.nix b/profiles/reverse-proxy.nix
index 45b42f5..8904561 100644
--- a/profiles/reverse-proxy.nix
+++ b/profiles/reverse-proxy.nix
@@ -2,6 +2,7 @@
   pkgs,
   lib,
   config,
+  adminUser,
   ...
 }:
 let
@@ -88,6 +89,23 @@ in
         acmeRoot = null;
         forceSSL = true;
         locations."/".proxyPass = "http://${httpHost}:8070";
+        locations."/ssh.pub" = {
+          extraConfig = ''
+            add_header Content-Type "text/plain; charset=utf-8";
+            add_header Content-Disposition "inline";
+            add_header Cache-Control "public, max-age=3600";
+            return 200 "${
+              lib.concatStringsSep "\\n" (
+                with adminUser.userinfo.sshPublicKeys;
+                [
+                  yubikey-personal-nano
+                  yubikey-personal-keychain
+                  yubikey-personal-backup
+                ]
+              )
+            }\n";
+          '';
+        };
         locations."/.well-known/webfinger" = {
           root = webfingerRoot;
           extraConfig = ''
author	Franck Cuny <franck@fcuny.net>	2026-01-12 08:41:09 -0800
committer	Franck Cuny <franck@fcuny.net>	2026-01-12 08:41:09 -0800
commit	3d08bae9997f7e62934efcbb4d96cd9e92ead40c (patch)
tree	2c9610944f490cb9969d3a2ad4abec3d1f8da4ab /profiles
parent	add ssh key for builder (diff)
download	infra-3d08bae9997f7e62934efcbb4d96cd9e92ead40c.tar.gz