nix-infra/config/hosts/esphome/nginx.nix

{ config, ... }:

{
  services.nginx = {
    enable = true;

    virtualHosts = {
      "esphome.ccchh.net" = {
        forceSSL = true;
        enableACME = true;
        serverName = "esphome.ccchh.net";

        listen = [
          {
            addr = "0.0.0.0";
            port = 80;
          }
          {
            addr = "[::]";
            port = 80;
          }
          {
            addr = "0.0.0.0";
            port = 443;
            ssl = true;
          }
          {
            addr = "[::]";
            port = 443;
            ssl = true;
          }
        ];

        locations."/" = {
          proxyPass = "http://${config.services.esphome.address}:${builtins.toString config.services.esphome.port}";
          proxyWebsockets = true;
        };
      };
      "esphome.z9.ccchh.net" = {
        forceSSL = true;
        useACMEHost = "esphome.ccchh.net";
        serverName = "esphome.z9.ccchh.net";

        listen = [
          {
            addr = "0.0.0.0";
            port = 80;
          }
          {
            addr = "[::]";
            port = 80;
          }
          {
            addr = "0.0.0.0";
            port = 443;
            ssl = true;
          }
          {
            addr = "[::]";
            port = 443;
            ssl = true;
          }
        ];

        globalRedirect = "esphome.ccchh.net";
        redirectCode = 307;
      };
    };
  };
  security.acme.certs."esphome.ccchh.net".extraDomainNames = [ "esphome.z9.ccchh.net" ];

  networking.firewall.allowedTCPPorts = [ 80 443 ];
}
Add esphome host 2023-11-04 22:20:49 +01:00			`{ config, ... }:`
Give esphome a static v6 and get cert directly via chal. served over v6 Give the host a static v4 as well. Also let the nginx redirect from the hosts FQDN to the service domain. 2024-07-27 22:24:54 +02:00
Add esphome host 2023-11-04 22:20:49 +01:00			`{`
			`services.nginx = {`
			`enable = true;`

			`virtualHosts = {`
Give esphome a static v6 and get cert directly via chal. served over v6 Give the host a static v4 as well. Also let the nginx redirect from the hosts FQDN to the service domain. 2024-07-27 22:24:54 +02:00			`"esphome.ccchh.net" = {`
			`forceSSL = true;`
Add esphome host 2023-11-04 22:20:49 +01:00			`enableACME = true;`
			`serverName = "esphome.ccchh.net";`

			`listen = [`
			`{`
			`addr = "0.0.0.0";`
Give esphome a static v6 and get cert directly via chal. served over v6 Give the host a static v4 as well. Also let the nginx redirect from the hosts FQDN to the service domain. 2024-07-27 22:24:54 +02:00			`port = 80;`
			`}`
			`{`
			`addr = "[::]";`
			`port = 80;`
			`}`
			`{`
			`addr = "0.0.0.0";`
			`port = 443;`
			`ssl = true;`
			`}`
			`{`
			`addr = "[::]";`
			`port = 443;`
			`ssl = true;`
Add esphome host 2023-11-04 22:20:49 +01:00			`}`
			`];`

Give esphome a static v6 and get cert directly via chal. served over v6 Give the host a static v4 as well. Also let the nginx redirect from the hosts FQDN to the service domain. 2024-07-27 22:24:54 +02:00			`locations."/" = {`
			`proxyPass = "http://${config.services.esphome.address}:${builtins.toString config.services.esphome.port}";`
			`proxyWebsockets = true;`
			`};`
			`};`
			`"esphome.z9.ccchh.net" = {`
Add esphome host 2023-11-04 22:20:49 +01:00			`forceSSL = true;`
			`useACMEHost = "esphome.ccchh.net";`
Give esphome a static v6 and get cert directly via chal. served over v6 Give the host a static v4 as well. Also let the nginx redirect from the hosts FQDN to the service domain. 2024-07-27 22:24:54 +02:00			`serverName = "esphome.z9.ccchh.net";`
Add esphome host 2023-11-04 22:20:49 +01:00
			`listen = [`
			`{`
			`addr = "0.0.0.0";`
			`port = 80;`
			`}`
Give esphome a static v6 and get cert directly via chal. served over v6 Give the host a static v4 as well. Also let the nginx redirect from the hosts FQDN to the service domain. 2024-07-27 22:24:54 +02:00			`{`
			`addr = "[::]";`
			`port = 80;`
			`}`
Add esphome host 2023-11-04 22:20:49 +01:00			`{`
			`addr = "0.0.0.0";`
			`port = 443;`
			`ssl = true;`
			`}`
Give esphome a static v6 and get cert directly via chal. served over v6 Give the host a static v4 as well. Also let the nginx redirect from the hosts FQDN to the service domain. 2024-07-27 22:24:54 +02:00			`{`
			`addr = "[::]";`
			`port = 443;`
			`ssl = true;`
			`}`
Add esphome host 2023-11-04 22:20:49 +01:00			`];`

Give esphome a static v6 and get cert directly via chal. served over v6 Give the host a static v4 as well. Also let the nginx redirect from the hosts FQDN to the service domain. 2024-07-27 22:24:54 +02:00			`globalRedirect = "esphome.ccchh.net";`
			`redirectCode = 307;`
Add esphome host 2023-11-04 22:20:49 +01:00			`};`
			`};`
			`};`
Give esphome a static v6 and get cert directly via chal. served over v6 Give the host a static v4 as well. Also let the nginx redirect from the hosts FQDN to the service domain. 2024-07-27 22:24:54 +02:00			`security.acme.certs."esphome.ccchh.net".extraDomainNames = [ "esphome.z9.ccchh.net" ];`
Run "nix fmt" to format this entire flake 2024-03-06 22:50:32 +01:00
Give esphome a static v6 and get cert directly via chal. served over v6 Give the host a static v4 as well. Also let the nginx redirect from the hosts FQDN to the service domain. 2024-07-27 22:24:54 +02:00			`networking.firewall.allowedTCPPorts = [ 80 443 ];`
Add esphome host 2023-11-04 22:20:49 +01:00			`}`