From 6ae584c895a765b320548499575b4699188a5f67 Mon Sep 17 00:00:00 2001
From: Brendan Golden <git@brendan.ie>
Date: Tue, 7 May 2024 01:37:19 +0100
Subject: [PATCH] feat: add a keyserver

---
 applications/open_governance/README.md     |  5 ++
 applications/open_governance/keyserver.nix | 59 ++++++++++++++++++++++
 applications/skynet.ie.nix                 |  2 +
 3 files changed, 66 insertions(+)
 create mode 100644 applications/open_governance/keyserver.nix

diff --git a/applications/open_governance/README.md b/applications/open_governance/README.md
index 2c9a6b3..7ae398f 100644
--- a/applications/open_governance/README.md
+++ b/applications/open_governance/README.md
@@ -10,3 +10,8 @@ The goal is to back these up in multiple locations.
 | UL  | skynet   | https://gitlab.skynet.ie/compsoc1/compsoc/open-goverance |       |
 |     |          |                                                          |       |
 
+
+## Keys
+We host our own keyserver: https://keyserver.skynet.ie  
+Use it in commands like so: 
+``gpg --keyserver hkp://keyserver.skynet.ie:80 --send-key KEY_ID``
diff --git a/applications/open_governance/keyserver.nix b/applications/open_governance/keyserver.nix
new file mode 100644
index 0000000..8629e33
--- /dev/null
+++ b/applications/open_governance/keyserver.nix
@@ -0,0 +1,59 @@
+/*
+This file is for hosting teh open governance for other societies
+*/
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+with lib; let
+  name = "keyserver";
+  cfg = config.services.skynet."${name}";
+  port = 11371;
+in {
+  imports = [
+    ../acme.nix
+    ../dns.nix
+  ];
+
+  options.services.skynet."${name}" = {
+    host = {
+      ip = mkOption {
+        type = types.str;
+      };
+      name = mkOption {
+        type = types.str;
+      };
+    };
+  };
+
+  config = {
+    skynet_acme.domains = [
+      "${name}.skynet.ie"
+    ];
+
+    skynet_dns.records = [
+      {
+        record = "${name}";
+        r_type = "CNAME";
+        value = cfg.host.name;
+      }
+    ];
+
+    services.sks = {
+      enable = true;
+      hkpPort = port;
+    };
+
+    services.nginx.virtualHosts = {
+      "${name}.skynet.ie" = {
+        forceSSL = true;
+        useACMEHost = "skynet";
+        locations."/" = {
+          proxyPass = "http://localhost:${toString port}";
+        };
+      };
+    };
+  };
+}
diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix
index a8cfa1d..02c2f7a 100644
--- a/applications/skynet.ie.nix
+++ b/applications/skynet.ie.nix
@@ -12,6 +12,7 @@ in {
     ./acme.nix
     ./dns.nix
     ./open_governance/open_governance.nix
+    ./open_governance/keyserver.nix
   ];
 
   options.services.skynet = {
@@ -64,6 +65,7 @@ in {
     ];
 
     services.skynet.open-governance.host = cfg.host;
+    services.skynet.keyserver.host = cfg.host;
 
     networking.firewall.allowedTCPPorts = [80 443];
     services.nginx = {