From 21baefe0aa436851766c8dc7dfbee401f30c90d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristhian=20Mart=C3=ADnez=20Ochoa?= <cristhian@qrokes.com>
Date: Wed, 12 Jun 2024 12:22:33 -0700
Subject: [PATCH] blackhole

Blackhole set after first site to enforce a better configuration by default.
Nginx key updated.
---
 lib/sites  | 3 +++
 lib/update | 8 ++++++++
 2 files changed, 11 insertions(+)

diff --git a/lib/sites b/lib/sites
index e87dd1b..15c1137 100644
--- a/lib/sites
+++ b/lib/sites
@@ -826,6 +826,9 @@ createsite() {
 	else
 		sudo log $domain -only-error=off > /dev/null 2>&1
 	fi
+
+	# Blackhole default-site should be enabled after the first site is created!
+	[[ -z $(conf_read default-site) && $domain != $ADMIN_TOOLS_SITE ]] && webinoly -default-site=blackhole
 	
 	sudo chown -R www-data:www-data /var/www
 	[[ $(conf_read login-www-data) == "true" ]] && sudo chown root:root /var/www
diff --git a/lib/update b/lib/update
index 13d9882..8829080 100644
--- a/lib/update
+++ b/lib/update
@@ -347,6 +347,14 @@ oneight_to_onenine() {
 		done
 	fi
 	
+	# Update Nginx key! https://blog.nginx.org/blog/updating-pgp-key-for-nginx-software
+	if [[ $(conf_read nginx) == "true" && $(lsb_release -c | cut -d':' -f 2 | xargs) =~ ^(bionic|focal)$ ]]; then
+		sudo apt-key adv --fetch-keys 'https://nginx.org/keys/nginx_signing.key'
+	elif [[ -f /usr/share/keyrings/nginx-archive-keyring.gpg ]]; then
+		rm -rf /usr/share/keyrings/nginx-archive-keyring.gpg
+		wget -nv -O- https://nginx.org/keys/nginx_signing.key | sudo gpg --dearmor -o /usr/share/keyrings/nginx-archive-keyring.gpg
+	fi
+	
 	# Loop All Sites - HTTP3 enable! 
 	for site in "/etc/nginx/sites-available"/*
 	do