nix-infra/config/hosts/esphome/nginx.nix

74 lines
1.5 KiB
Nix
Raw Normal View History

2023-11-04 22:20:49 +01:00
{ config, ... }:
2023-11-04 22:20:49 +01:00
{
services.nginx = {
enable = true;
virtualHosts = {
"esphome.ccchh.net" = {
forceSSL = true;
2023-11-04 22:20:49 +01:00
enableACME = true;
serverName = "esphome.ccchh.net";
listen = [
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "[::]";
port = 80;
}
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "[::]";
port = 443;
ssl = true;
2023-11-04 22:20:49 +01:00
}
];
locations."/" = {
proxyPass = "http://${config.services.esphome.address}:${builtins.toString config.services.esphome.port}";
proxyWebsockets = true;
};
};
"esphome.z9.ccchh.net" = {
2023-11-04 22:20:49 +01:00
forceSSL = true;
useACMEHost = "esphome.ccchh.net";
serverName = "esphome.z9.ccchh.net";
2023-11-04 22:20:49 +01:00
listen = [
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "[::]";
port = 80;
}
2023-11-04 22:20:49 +01:00
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "[::]";
port = 443;
ssl = true;
}
2023-11-04 22:20:49 +01:00
];
globalRedirect = "esphome.ccchh.net";
redirectCode = 307;
2023-11-04 22:20:49 +01:00
};
};
};
security.acme.certs."esphome.ccchh.net".extraDomainNames = [ "esphome.z9.ccchh.net" ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
2023-11-04 22:20:49 +01:00
}