Laravel NGINX config - deny access to particular files in public directory

How do I restrict user's from downloading any file but a specific one in the public directory when using NGINX?

My Nginx Config:

server {
        root /var/www/redacted/public;
        index index.php index.html index.htm;
        server_name lib.redacted.com;

	location ~ \.db$ {
		return 404;
		deny all;
        }

        location / {
            try_files $uri $uri/ /index.php?$query_string;
        }
    
        location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        }

        listen 192.168.1.122:443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/redacted/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/redacted/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = lib.redacted.com) {
        return 301 https://$host:443$request_uri;
    } # managed by Certbot

    listen 192.168.1.122:80;
    server_name lib.redacted.com;
    return 404; # managed by Certbot

}

I have some files in /var/www/redacted/public/covers/*/* which I need to access to the outside world. However I need to make sure any *.db file present in these folders are not downloaded.

However, with the above config, it people can still download something,db from /var/www/redacted/public/covers/*/*

How do I restrict that?