diff --git a/config/hosts/esphome/configuration.nix b/config/hosts/esphome/configuration.nix
new file mode 100644
index 0000000..fc13d89
--- /dev/null
+++ b/config/hosts/esphome/configuration.nix
@@ -0,0 +1,8 @@
+{ ... }:
+{
+  networking = {
+    hostName = "esphome";
+  };
+
+  system.stateVersion = "23.05";
+}
diff --git a/config/hosts/esphome/default.nix b/config/hosts/esphome/default.nix
new file mode 100644
index 0000000..cfe47bc
--- /dev/null
+++ b/config/hosts/esphome/default.nix
@@ -0,0 +1,8 @@
+{ ... }:
+{
+  imports = [
+    ./configuration.nix
+    ./esphome.nix
+    ./nginx.nix
+  ];
+}
diff --git a/config/hosts/esphome/esphome.nix b/config/hosts/esphome/esphome.nix
new file mode 100644
index 0000000..e41c771
--- /dev/null
+++ b/config/hosts/esphome/esphome.nix
@@ -0,0 +1,7 @@
+{ ... }:
+{
+  services.esphome = {
+    enable = true;
+    openFirewall = true;
+  };
+}
diff --git a/config/hosts/esphome/nginx.nix b/config/hosts/esphome/nginx.nix
new file mode 100644
index 0000000..ed93972
--- /dev/null
+++ b/config/hosts/esphome/nginx.nix
@@ -0,0 +1,45 @@
+{ config, ... }:
+{
+  services.nginx = {
+    enable = true;
+
+    virtualHosts = {
+      "acme-esphome.ccchh.net" = {
+        enableACME = true;
+        serverName = "esphome.ccchh.net";
+
+        listen = [
+          {
+            addr = "0.0.0.0";
+            port = 31820;
+          }
+        ];
+      };
+
+      "esphome.ccchh.net" = {
+        forceSSL = true;
+        useACMEHost = "esphome.ccchh.net";
+
+        listen = [
+          {
+            addr = "0.0.0.0";
+            port = 80;
+          }
+          {
+            addr = "0.0.0.0";
+            port = 443;
+            ssl = true;
+          }
+        ];
+
+        locations."/" = {
+          proxyPass = "http://${config.services.esphome.address}:${builtins.toString config.services.esphome.port}";
+          proxyWebsockets = true;
+        };
+      };
+
+    };
+  };
+  
+  networking.firewall.allowedTCPPorts = [ 80 443 31820 ];
+}
diff --git a/flake.nix b/flake.nix
index 74c9a05..60c0e3b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -95,6 +95,20 @@
         ];
       };
 
+      esphome = {
+        deployment = {
+          targetHost = "esphome.z9.ccchh.net";
+          targetPort = 22;
+          targetUser = "colmena-deploy";
+          tags = [ "thinkcccluster" ];
+        };
+        imports = [ 
+          ./config/common
+          ./config/proxmox-vm
+          ./config/hosts/esphome
+        ];
+      };
+
       public-reverse-proxy = {
         deployment = {
           targetHost = "public-reverse-proxy.z9.ccchh.net";