1 files changed, 21 insertions, 7 deletions

diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index d9e6fff9..4fa0d440 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -904,14 +904,28 @@ in {
             ssl_verify_client optional;
             ssl_client_certificate ${toString ./ca/ca.crt};
           '';
-          locations."/" = {
-            proxyPass = "http://password-server";
+          locations = {
+            "@backend" = {
+              proxyPass = "http://password-server";
 
-            extraConfig = ''
-              proxy_set_header SSL-CLIENT-VERIFY $ssl_client_verify;
-              proxy_set_header SSL-CLIENT-S-DN $ssl_client_s_dn;
-            '';}
-          ;
+              extraConfig = ''
+                proxy_set_header SSL-CLIENT-VERIFY $ssl_client_verify;
+                proxy_set_header SSL-CLIENT-S-DN $ssl_client_s_dn;
+              '';
+            };
+            "/" = {
+              root = pkgs.symlinkJoin {
+                name = "root";
+                paths = [
+                  (pkgs.writeTextDir "robots.txt" ''
+                     User-agent: *
+                     Disallow: /
+                   '')
+                ];
+              };
+              tryFiles = "$uri @backend";
+            };
+          };
         };
       };
     };