{ config, ... }:
{
  services.nginx = {
    enable = true;

    virtualHosts = {
      "acme-esphome.ccchh.net" = {
        enableACME = true;
        serverName = "esphome.ccchh.net";

        listen = [
          {
            addr = "0.0.0.0";
            port = 31820;
          }
        ];
      };

      "esphome.ccchh.net" = {
        forceSSL = true;
        useACMEHost = "esphome.ccchh.net";

        listen = [
          {
            addr = "0.0.0.0";
            port = 80;
          }
          {
            addr = "0.0.0.0";
            port = 443;
            ssl = true;
          }
        ];

        locations."/" = {
          proxyPass = "http://${config.services.esphome.address}:${builtins.toString config.services.esphome.port}";
          proxyWebsockets = true;
        };
      };

    };
  };
  
  networking.firewall.allowedTCPPorts = [ 80 443 31820 ];
}