diff --git a/.lighthouse/pipeline-build-homepage-staging.yaml b/.lighthouse/pipeline-build-homepage-staging.yaml
index 957fada..99b847e 100644
--- a/.lighthouse/pipeline-build-homepage-staging.yaml
+++ b/.lighthouse/pipeline-build-homepage-staging.yaml
@@ -34,6 +34,7 @@ spec:
               name: get-time-step
               script: |
                 #!/usr/bin/env sh
+                set -euo pipefail
                 echo -n "$(date +%s)" | tee $(results.unix-time.path)
       - name: report-pending
         taskRef:
@@ -47,6 +48,7 @@ spec:
               value: task/gitea-set-status/0.1/gitea-set-status.yaml
         runAfter:
           - fetch-repository
+          - fetch-repository-private
         params:
           - name: CONTEXT
             value: "$(params.JOB_NAME)"
@@ -82,6 +84,52 @@ spec:
             value: $(params.PULL_BASE_SHA)
           - name: deleteExisting
             value: "true"
+      - name: fetch-repository-private
+        taskRef:
+          resolver: git
+          params:
+            - name: url
+              value: https://github.com/tektoncd/catalog.git
+            - name: revision
+              value: df36b3853a5657fd883015cdbf07ad6466918acf
+            - name: pathInRepo
+              value: task/git-clone/0.9/git-clone.yaml
+        workspaces:
+          - name: output
+            workspace: git-source-private
+        params:
+          - name: url
+            value: git@code.fizz.buzz:talexander/homepage_private.git
+          - name: revision
+            value: main
+          - name: deleteExisting
+            value: "true"
+      - name: copy-private-files
+        taskSpec:
+          metadata: {}
+          stepTemplate:
+            image: alpine:3.18
+            name: ""
+            resources:
+              requests:
+                cpu: 10m
+                memory: 600Mi
+            workingDir: "$(workspaces.source.path)"
+          steps:
+            - image: alpine:3.18
+              name: copy-private-files
+              script: |
+                #!/usr/bin/env sh
+                set -euo pipefail
+                cp -r "$(workspaces.source-private.path)/static/"* "$(workspaces.source.path)/static/"
+        workspaces:
+          - name: source
+            workspace: git-source
+          - name: source-private
+            workspace: git-source-private
+        runAfter:
+          - get-time
+          - report-pending
       - name: build-image
         taskRef:
           resolver: git
@@ -118,9 +166,7 @@ spec:
           - name: dockerconfig
             workspace: docker-credentials
         runAfter:
-          - get-time
-          - report-pending
-          - fetch-repository
+          - copy-private-files
     finally:
       - name: report-success
         when:
@@ -194,6 +240,16 @@ spec:
             requests:
               storage: 10Gi
       subPath: rust-source
+    - name: git-source-private
+      volumeClaimTemplate:
+        spec:
+          storageClassName: "nfs-client"
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: 10Gi
+      subPath: git-source
     - name: docker-credentials
       secret:
         secretName: harbor-plain
diff --git a/docker/server/nginx.conf b/docker/server/nginx.conf
index 5da686e..0227dfa 100644
--- a/docker/server/nginx.conf
+++ b/docker/server/nginx.conf
@@ -48,6 +48,11 @@ http {
             default_type text/plain;
         }
 
+        location ~ /\.well-known/openpgpkey/[^/]+/hu/ {
+            default_type        "application/octet-stream";
+            add_header          Access-Control-Allow-Origin * always;
+        }
+
         location /.well-known/matrix/server {
           default_type application/json;
           add_header "Access-Control-Allow-Origin" *;
diff --git a/static/pgp.asc b/static/pgp.asc
deleted file mode 100644
index e23cef4..0000000
--- a/static/pgp.asc
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
-0H+RsWG0HlRvbSBBbGV4YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEE
-uEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w+R0CGwMFCwkIBwIGFQoJCAsCBBYCAwEC
-HgECF4AACgkQJ95A2bhFXBt6fgD+NOYnw9gz5K/q3H5LE/JvqzCSHezJmeGgif0C
-uU4m1/MA+gPDKME7syEtJsTpELEMrxWWpDW0tD/W1iJE7roGYPQPtB1Ub20gQWxl
-eGFuZGVyIDx0b21AZml6ei5idXp6PoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A
-2bhFXBsFAl2cFhoCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQJ95A2bhF
-XBvYJQEA19wc2s/bEKcnHONC3i8UikLFqZXyYoH6/MFjoAteU8sBAKpE7Qq0zbJb
-XWRESzK3u6p7/+kUqOeDltAuKXTe1FAGuDMEXZwWyhYJKwYBBAHaRw8BAQdAPyIL
-4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI9QQYFggAJgIbAhYhBLhIFZNj
-wod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2IAQZFggAHRYhBIHmRDmWdVAu
-sSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7ejJ4A/iq7N2mMhx+ovOXm1REo
-ASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZLuka/KVB/etkkJvDzvaTtiQQ
-QG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/EZ3/d8wxfA9E3Fb/1mt4c2Zr
-NnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/duA4lwsLuDMEXZwXARYJKwYB
-BAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+UiQb8x0k1z2DmTKIfgQYFggA
-JgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdZgAAoJECfeQNm4
-RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SBPG4VvrCzXrmlAP46wUjIRpkM
-rTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2cFygSCisGAQQBl1UBBQEBB0AO
-0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWIEgMBCAeIfgQYFggAJgIbDBYh
-BLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdY5AAoJECfeQNm4RVwbXscA
-/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcWd5t8APwIwcuFVZZA3yayhIxi
-3aqYpMRxpn2t6Nswax1MIM8DBQ==
-=dzEV
------END PGP PUBLIC KEY BLOCK-----