diff --git a/nixos/assets/contact@ingolf-wagner.de.gpg b/nixos/assets/contact@ingolf-wagner.de.gpg
index 26f8d78..c7f2e33 100644
Binary files a/nixos/assets/contact@ingolf-wagner.de.gpg and b/nixos/assets/contact@ingolf-wagner.de.gpg differ
diff --git a/nixos/machines/robi/nginx-wkd.nix b/nixos/machines/robi/nginx-wkd.nix
index 123c965..2a217f4 100644
--- a/nixos/machines/robi/nginx-wkd.nix
+++ b/nixos/machines/robi/nginx-wkd.nix
@@ -6,18 +6,25 @@ in
   # check :
   # - https://metacode.biz/openpgp/web-key-directory
   # - $> gpg --homedir "$(mktemp -d)" -v --auto-key-locate clear,wkd,nodefault --locate-key  contact@ingolf-wagner.de
-  services.nginx.virtualHosts.${server_name} = {
-    locations."= /.well-known/openpgpkey/policy" = {
-    return  = "200";
+  services.nginx.virtualHosts.${server_name}.locations =
+    let
+      wkd =
+        {
+          extraConfig = ''
+            default_type application/octet-stream;
+            add_header Access-Control-Allow-Origin * always;
+          '';
+          #alias = pkgs.runCommand "contact@ingolf-wagner.de" { } ''
+          #  cat ${assets}/contact@ingolf-wagner.de.gpg | ${pkgs.gnupg}/bin/gpg --dearmor > $out
+          #'';
+          alias = toString "${assets}/contact@ingolf-wagner.de.gpg";
+        };
+    in
+    {
+      "= /.well-known/openpgpkey/policy".return = "200";
+      # hashes generated by : gpg --with-wkd-hash --fingerprint contact@ingolf-wagner.de
+      "= /.well-known/openpgpkey/hu/dj3498u4hyyarh35rkjfnghbjxug6b19" = wkd;
     };
-    # hashes generated by : gpg --with-wkd-hash --fingerprint contact@ingolf-wagner.de
-    locations."= /.well-known/openpgpkey/hu/dj3498u4hyyarh35rkjfnghbjxug6b19" = {
-      extraConfig = ''
-        add_header Access-Control-Allow-Origin *;
-      '';
-      alias = pkgs.runCommand "contact@ingolf-wagner.de" { } ''
-        cat ${assets}/contact@ingolf-wagner.de.gpg | ${pkgs.gnupg}/bin/gpg --dearmor > $out
-      '';
-    };
-  };
+
+    # todo openpgpkey.ingolf-wagner.de noch einrichten
 }