diff --git a/void.nix b/void.nix
index 967a03a..bf75827 100644
--- a/void.nix
+++ b/void.nix
@@ -383,7 +383,16 @@
   ];
 
   # reverse proxy
-  services.nginx = {
+  services.nginx = let
+    robots = {
+      locations."/robots.txt" = {
+        extraConfig = ''
+          add_header Content-Type text/plain;
+          return 200 "User-Agent: *\nDisallow: /";
+        '';
+      };
+    };
+  in {
     enable = true;
     recommendedTlsSettings = true;
     recommendedOptimisation = true;
@@ -395,73 +404,87 @@
       access_log syslog:server=unix:/dev/log combined;
     '';
     virtualHosts = {
-      "void.hummingbird-stork.ts.net" = {
-        locations."/".proxyPass = "http://localhost:8096";
-      };
-      "jellyfin.005540.xyz" = {
-        locations."/".proxyPass = "http://localhost:8096";
-        enableACME = true;
-        forceSSL = true;
-      };
-      "forgejo.005540.xyz" = {
-        locations."/".proxyPass = "http://localhost:3000";
-        enableACME = true;
-        forceSSL = true;
-      };
-      "miniflux.005540.xyz" = {
-        locations."/".proxyPass = "http://localhost:8700";
-        enableACME = true;
-        forceSSL = true;
-      };
-      "paperless.005540.xyz" = {
-        locations."/".proxyPass = "http://localhost:28981";
-        enableACME = true;
-        forceSSL = true;
-      };
-      "immich.005540.xyz" = {
-        locations."/".proxyPass = "http://localhost:2283";
-        locations."/".proxyWebsockets = true;
-        extraConfig = ''
-          client_max_body_size 50000M;
-          proxy_read_timeout   600s;
-          proxy_send_timeout   600s;
-          send_timeout         600s;
-        '';
-        enableACME = true;
-        forceSSL = true;
-      };
-      "audiobookshelf.005540.xyz" = {
-        locations."/".proxyPass = "http://localhost:8000";
-        locations."/".proxyWebsockets = true;
-        enableACME = true;
-        forceSSL = true;
-      };
-      "victorialogs.005540.xyz" = {
-        locations."/".proxyPass = "http://localhost:9428";
-        locations."/".basicAuthFile = "/etc/nixos/secrets/victorialogs/basicauth";
-        enableACME = true;
-        forceSSL = true;
-      };
-      "nextcloud.005540.xyz" = {
-        locations."/".proxyWebsockets = true;
-        locations."/whiteboard/" = {
-          proxyWebsockets = true;
-          proxyPass = "http://localhost:3002/";
+      "void.hummingbird-stork.ts.net" =
+        robots
+        // {
+          locations."/".proxyPass = "http://localhost:8096";
+        };
+      "jellyfin.005540.xyz" =
+        robots
+        // {
+          locations."/".proxyPass = "http://localhost:8096";
+          enableACME = true;
+          forceSSL = true;
+        };
+      "forgejo.005540.xyz" =
+        robots
+        // {
+          locations."/".proxyPass = "http://localhost:3000";
+          enableACME = true;
+          forceSSL = true;
+        };
+      "miniflux.005540.xyz" =
+        robots
+        // {
+          locations."/".proxyPass = "http://localhost:8700";
+          enableACME = true;
+          forceSSL = true;
+        };
+      "paperless.005540.xyz" =
+        robots
+        // {
+          locations."/".proxyPass = "http://localhost:28981";
+          enableACME = true;
+          forceSSL = true;
+        };
+      "immich.005540.xyz" =
+        robots
+        // {
+          locations."/".proxyPass = "http://localhost:2283";
+          locations."/".proxyWebsockets = true;
+          extraConfig = ''
+            client_max_body_size 50000M;
+            proxy_read_timeout   600s;
+            proxy_send_timeout   600s;
+            send_timeout         600s;
+          '';
+          enableACME = true;
+          forceSSL = true;
+        };
+      "victorialogs.005540.xyz" =
+        robots
+        // {
+          locations."/".proxyPass = "http://localhost:9428";
+          locations."/".basicAuthFile = "/etc/nixos/secrets/victorialogs/basicauth";
+          enableACME = true;
+          forceSSL = true;
+        };
+      "nextcloud.005540.xyz" =
+        robots
+        // {
+          locations."/".proxyWebsockets = true;
+          locations."/whiteboard/" = {
+            proxyWebsockets = true;
+            proxyPass = "http://localhost:3002/";
+          };
+          enableACME = true;
+          forceSSL = true;
+        };
+      "copyparty.005540.xyz" =
+        robots
+        // {
+          locations."/".proxyPass = "http://localhost:3004";
+          enableACME = true;
+          forceSSL = true;
+        };
+      "food-tracker.005540.xyz" =
+        robots
+        // {
+          locations."/".proxyPass = "http://localhost:3001";
+          locations."/".basicAuthFile = "/etc/nixos/secrets/food-tracker/basicauth";
+          enableACME = true;
+          forceSSL = true;
         };
-        enableACME = true;
-        forceSSL = true;
-      };
-      "copyparty.005540.xyz" = {
-        locations."/".proxyPass = "http://localhost:3004";
-        enableACME = true;
-        forceSSL = true;
-      };
-      "food-tracker.005540.xyz" = {
-        locations."/".proxyPass = "http://localhost:3001";
-        locations."/".basicAuthFile = "/etc/nixos/secrets/food-tracker/basicauth";
-        enableACME = true;
-        forceSSL = true;
-      };
     };
   };
 }