From e7264641a2966f259d7abbafabda34b8236e34e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= <kmein@posteo.de>
Date: Thu, 2 Oct 2025 18:34:23 +0200
Subject: [PATCH] www.kmein.de fix backup and CORS

---
 systems/makanek/configuration.nix | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/systems/makanek/configuration.nix b/systems/makanek/configuration.nix
index 30f3032..85accfa 100644
--- a/systems/makanek/configuration.nix
+++ b/systems/makanek/configuration.nix
@@ -48,7 +48,7 @@ in {
       config.services.grafana.dataDir
       config.services.gitea.stateDir
       config.services.weechat.root
-      config.services.nginx.virtualHosts."www.kmein.de".root
+      config.services.nginx.virtualHosts."www.kmein.de".locations."/".root
       "/var/lib/weechat"
       "/var/lib/codimd"
     ];
@@ -121,7 +121,22 @@ in {
   services.nginx.virtualHosts."www.kmein.de" = {
     addSSL = true;
     enableACME = true;
-    root = "/var/www/kmein.de";
+    locations."/" = {
+      root = "/var/www/kmein.de";
+      extraConfig = ''
+          add_header 'Access-Control-Allow-Origin' '*';
+          add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+          add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
+
+          # Handle preflight requests
+          if ($request_method = 'OPTIONS') {
+              add_header 'Access-Control-Allow-Origin' '*';
+              add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+              add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
+              return 204; # No Content
+          }
+      '';
+    };
   };
 
   environment.systemPackages = [