From 6670048d124a061e93d8c241e8baffb831c0df69 Mon Sep 17 00:00:00 2001
From: Tobias Manske <mail@tobiasmanske.de>
Date: Thu, 1 Feb 2024 11:36:32 +0100
Subject: [PATCH] WKD: Advanced

---
 ansible/plays/services/wkd/Caddyfile           | 15 ++++++++++++++-
 ansible/plays/services/wkd/docker-compose.yaml |  2 +-
 tf-stage-1/dns-tobiasmanske-de.tf              |  1 +
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/ansible/plays/services/wkd/Caddyfile b/ansible/plays/services/wkd/Caddyfile
index dba7387..caab230 100644
--- a/ansible/plays/services/wkd/Caddyfile
+++ b/ansible/plays/services/wkd/Caddyfile
@@ -9,7 +9,20 @@ http://tobiasmanske.de {
 
   respond /.well-known/openpgpkey/policy "" 200
 
-  uri strip_prefix /.well-known/openpgpkey/hu
+  uri strip_prefix /.well-known/openpgpkey/tobiasmanske.de/hu
+  root * /data/tobiasmanske.de/
+  file_server
+}
+
+http://openpgpkey.tobiasmanske.de {
+  header {
+    Access-Control-Allow-Origin *
+  }
+
+  respond /.well-known/openpgpkey/policy "" 200
+
+  uri strip_prefix /.well-known/openpgpkey/hu
+  uri strip_prefix /.well-known/openpgpkey/tobiasmanske.de/hu
   root * /data/tobiasmanske.de/
   file_server
 }
diff --git a/ansible/plays/services/wkd/docker-compose.yaml b/ansible/plays/services/wkd/docker-compose.yaml
index 987dbeb..d5c6376 100644
--- a/ansible/plays/services/wkd/docker-compose.yaml
+++ b/ansible/plays/services/wkd/docker-compose.yaml
@@ -7,7 +7,7 @@ services:
     labels:
       - "traefik.enable=true"
       - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
-      - "traefik.http.routers.wkd.rule=(Host(`tobiasmanske.de`) && PathPrefix(`/{path:.well-known/openpgpkey}/`))"
+      - "traefik.http.routers.wkd.rule=(Host(`tobiasmanske.de`) && PathPrefix(`/{path:.well-known/openpgpkey}/`) || Host(`openpgpkey.tobiasmanske.de`))"
       - "traefik.http.routers.wkd.entryPoints=websecure"
       - "traefik.http.routers.wkd.priority=100"
       - "traefik.http.services.wkd.loadbalancer.server.port=80"
diff --git a/tf-stage-1/dns-tobiasmanske-de.tf b/tf-stage-1/dns-tobiasmanske-de.tf
index e17f491..295f3b6 100644
--- a/tf-stage-1/dns-tobiasmanske-de.tf
+++ b/tf-stage-1/dns-tobiasmanske-de.tf
@@ -30,6 +30,7 @@ module "dns-tobiasmanske-de" {
     { type = "CNAME", name = "loki", value = "web.tobiasmanske.de" },
     { type = "CNAME", name = "wallabag", value = "web.tobiasmanske.de" },
     { type = "CNAME", name = "paperless", value = "web.tobiasmanske.de" },
+    { type = "CNAME", name = "openpgpkey", value = "web.tobiasmanske.de" },
     { type = "CNAME", name = "status", value = "mon1.hel1.chaoswg.org" },
     { type = "CNAME", name = "auth", value = "infra.unruhig.eu" },
     { type = "TXT", name = "@", value = "google-site-verification=I7WrzPjqHIL6EATWd8UWfvx6ScDzqjA3DGZi-J-F1e0" },