Give esphome a static v6 and get cert directly via chal. served over v6
Give the host a static v4 as well. Also let the nginx redirect from the hosts FQDN to the service domain.
This commit is contained in:
parent
744d17c0c7
commit
b7acd9f65d
3 changed files with 73 additions and 14 deletions
|
@ -3,6 +3,7 @@
|
|||
imports = [
|
||||
./configuration.nix
|
||||
./esphome.nix
|
||||
./networking.nix
|
||||
./nginx.nix
|
||||
];
|
||||
}
|
||||
|
|
30
config/hosts/esphome/networking.nix
Normal file
30
config/hosts/esphome/networking.nix
Normal file
|
@ -0,0 +1,30 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
networking.interfaces.net0 = {
|
||||
ipv4.addresses = [
|
||||
{
|
||||
address = "10.31.208.24";
|
||||
prefixLength = 23;
|
||||
}
|
||||
];
|
||||
};
|
||||
networking.defaultGateway = "10.31.208.1";
|
||||
networking.nameservers = [ "10.31.208.1" ];
|
||||
networking.search = [ "z9.ccchh.net" ];
|
||||
|
||||
networking.interfaces.net0 = {
|
||||
ipv6.addresses = [
|
||||
{
|
||||
address = "2a07:c480:0:1d0::66";
|
||||
prefixLength = 64;
|
||||
}
|
||||
];
|
||||
};
|
||||
networking.defaultGateway6 = "2a07:c480:0:1d0::1";
|
||||
|
||||
systemd.network.links."10-net0" = {
|
||||
matchConfig.MACAddress = "7E:3C:F0:77:8A:F4";
|
||||
linkConfig.Name = "net0";
|
||||
};
|
||||
}
|
|
@ -1,35 +1,34 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
virtualHosts = {
|
||||
"acme-esphome.ccchh.net" = {
|
||||
enableACME = true;
|
||||
serverName = "esphome.ccchh.net";
|
||||
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 31820;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
"esphome.ccchh.net" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "esphome.ccchh.net";
|
||||
enableACME = true;
|
||||
serverName = "esphome.ccchh.net";
|
||||
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 80;
|
||||
}
|
||||
{
|
||||
addr = "[::]";
|
||||
port = 80;
|
||||
}
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 443;
|
||||
ssl = true;
|
||||
}
|
||||
{
|
||||
addr = "[::]";
|
||||
port = 443;
|
||||
ssl = true;
|
||||
}
|
||||
];
|
||||
|
||||
locations."/" = {
|
||||
|
@ -37,9 +36,38 @@
|
|||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
"esphome.z9.ccchh.net" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "esphome.ccchh.net";
|
||||
serverName = "esphome.z9.ccchh.net";
|
||||
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 80;
|
||||
}
|
||||
{
|
||||
addr = "[::]";
|
||||
port = 80;
|
||||
}
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 443;
|
||||
ssl = true;
|
||||
}
|
||||
{
|
||||
addr = "[::]";
|
||||
port = 443;
|
||||
ssl = true;
|
||||
}
|
||||
];
|
||||
|
||||
globalRedirect = "esphome.ccchh.net";
|
||||
redirectCode = 307;
|
||||
};
|
||||
};
|
||||
};
|
||||
security.acme.certs."esphome.ccchh.net".extraDomainNames = [ "esphome.z9.ccchh.net" ];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 31820 ];
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue