{ config, ... }: { services.nginx = { enable = true; virtualHosts = { "esphome.ccchh.net" = { forceSSL = true; enableACME = true; serverName = "esphome.ccchh.net"; listen = [ { addr = "0.0.0.0"; port = 80; } { addr = "[::]"; port = 80; } { addr = "0.0.0.0"; port = 443; ssl = true; } { addr = "[::]"; port = 443; ssl = true; } ]; locations."/" = { proxyPass = "http://${config.services.esphome.address}:${builtins.toString config.services.esphome.port}"; proxyWebsockets = true; }; }; "esphome.z9.ccchh.net" = { forceSSL = true; useACMEHost = "esphome.ccchh.net"; serverName = "esphome.z9.ccchh.net"; listen = [ { addr = "0.0.0.0"; port = 80; } { addr = "[::]"; port = 80; } { addr = "0.0.0.0"; port = 443; ssl = true; } { addr = "[::]"; port = 443; ssl = true; } ]; globalRedirect = "esphome.ccchh.net"; redirectCode = 307; }; }; }; security.acme.certs."esphome.ccchh.net".extraDomainNames = [ "esphome.z9.ccchh.net" ]; networking.firewall.allowedTCPPorts = [ 80 443 ]; }