{
  config,
  pkgs,
  lib,
  assets,
  ...
}:
let
  server_name = "ingolf-wagner.de";
in
{
  # check :
  # - https://metacode.biz/openpgp/web-key-directory
  # - $> gpg --homedir "$(mktemp -d)" -v --auto-key-locate clear,wkd,nodefault --locate-key  contact@ingolf-wagner.de
  services.nginx.virtualHosts.${server_name}.locations =
    let
      wkd = {
        extraConfig = ''
          default_type application/octet-stream;
          add_header Access-Control-Allow-Origin * always;
        '';
        #alias = pkgs.runCommand "contact@ingolf-wagner.de" { } ''
        #  cat ${assets}/contact@ingolf-wagner.de.gpg | ${pkgs.gnupg}/bin/gpg --dearmor > $out
        #'';
        alias = toString "${assets}/contact@ingolf-wagner.de.gpg";
      };
    in
    {
      "= /.well-known/openpgpkey/policy".return = "200";
      # hashes generated by : gpg --with-wkd-hash --fingerprint contact@ingolf-wagner.de
      "= /.well-known/openpgpkey/hu/dj3498u4hyyarh35rkjfnghbjxug6b19" = wkd;
    };

  # todo openpgpkey.ingolf-wagner.de noch einrichten
}