CCCHH/nix-infra
CCCHH/nix-infra
2
3
Fork 2
Code Issues 1 Pull requests 1 Wiki Activity

Give esphome a static v6 and get cert directly via chal. served over v6

Browse source 
Give the host a static v4 as well.
Also let the nginx redirect from the hosts FQDN to the service domain.
This commit is contained in:
June 2024-07-27 22:24:54 +02:00
commit e88982d7c7
Signed by: june
SSH key fingerprint: SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
3 changed files with 73 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

56
config/hosts/esphome/nginx.nix
View file

@ -1,35 +1,34 @@
{ config, ... }:
{
services.nginx = {
enable = true;
virtualHosts = {
"acme-esphome.ccchh.net" = {
enableACME = true;
serverName = "esphome.ccchh.net";
listen = [
{
addr = "0.0.0.0";
port = 31820;
}
];
};
"esphome.ccchh.net" = {
forceSSL = true;
useACMEHost = "esphome.ccchh.net";
enableACME = true;
serverName = "esphome.ccchh.net";
listen = [
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "[::]";
port = 80;
}
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "[::]";
port = 443;
ssl = true;
}
];
locations."/" = {
@ -37,9 +36,38 @@
proxyWebsockets = true;
};
};
"esphome.z9.ccchh.net" = {
forceSSL = true;
useACMEHost = "esphome.ccchh.net";
serverName = "esphome.z9.ccchh.net";
listen = [
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "[::]";
port = 80;
}
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "[::]";
port = 443;
ssl = true;
}
];
globalRedirect = "esphome.ccchh.net";
redirectCode = 307;
};
};
};
security.acme.certs."esphome.ccchh.net".extraDomainNames = [ "esphome.z9.ccchh.net" ];
networking.firewall.allowedTCPPorts = [ 80 443 31820 ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
}