summaryrefslogtreecommitdiff
path: root/hosts
diff options
context:
space:
mode:
Diffstat (limited to 'hosts')
-rw-r--r--hosts/surtr/email/default.nix28
1 files changed, 21 insertions, 7 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index d9e6fff9..4fa0d440 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -904,14 +904,28 @@ in {
904 ssl_verify_client optional; 904 ssl_verify_client optional;
905 ssl_client_certificate ${toString ./ca/ca.crt}; 905 ssl_client_certificate ${toString ./ca/ca.crt};
906 ''; 906 '';
907 locations."/" = { 907 locations = {
908 proxyPass = "http://password-server"; 908 "@backend" = {
909 proxyPass = "http://password-server";
909 910
910 extraConfig = '' 911 extraConfig = ''
911 proxy_set_header SSL-CLIENT-VERIFY $ssl_client_verify; 912 proxy_set_header SSL-CLIENT-VERIFY $ssl_client_verify;
912 proxy_set_header SSL-CLIENT-S-DN $ssl_client_s_dn; 913 proxy_set_header SSL-CLIENT-S-DN $ssl_client_s_dn;
913 '';} 914 '';
914 ; 915 };
916 "/" = {
917 root = pkgs.symlinkJoin {
918 name = "root";
919 paths = [
920 (pkgs.writeTextDir "robots.txt" ''
921 User-agent: *
922 Disallow: /
923 '')
924 ];
925 };
926 tryFiles = "$uri @backend";
927 };
928 };
915 }; 929 };
916 }; 930 };
917 }; 931 };
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-19 10:49:23 +0000