From 3d08bae9997f7e62934efcbb4d96cd9e92ead40c Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Mon, 12 Jan 2026 08:41:09 -0800
Subject: add my public keys to https://fcuny.net/ssh.pub

---
 profiles/reverse-proxy.nix | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'profiles/reverse-proxy.nix')

diff --git a/profiles/reverse-proxy.nix b/profiles/reverse-proxy.nix
index 45b42f5..8904561 100644
--- a/profiles/reverse-proxy.nix
+++ b/profiles/reverse-proxy.nix
@@ -2,6 +2,7 @@
   pkgs,
   lib,
   config,
+  adminUser,
   ...
 }:
 let
@@ -88,6 +89,23 @@ in
         acmeRoot = null;
         forceSSL = true;
         locations."/".proxyPass = "http://${httpHost}:8070";
+        locations."/ssh.pub" = {
+          extraConfig = ''
+            add_header Content-Type "text/plain; charset=utf-8";
+            add_header Content-Disposition "inline";
+            add_header Cache-Control "public, max-age=3600";
+            return 200 "${
+              lib.concatStringsSep "\\n" (
+                with adminUser.userinfo.sshPublicKeys;
+                [
+                  yubikey-personal-nano
+                  yubikey-personal-keychain
+                  yubikey-personal-backup
+                ]
+              )
+            }\n";
+          '';
+        };
         locations."/.well-known/webfinger" = {
           root = webfingerRoot;
           extraConfig = ''
-- 
cgit v1.2.3