nix-infra/config/hosts/esphome/nginx.nix
June e88982d7c7
Give esphome a static v6 and get cert directly via chal. served over v6
Give the host a static v4 as well.
Also let the nginx redirect from the hosts FQDN to the service domain.
2024-07-27 22:24:54 +02:00

73 lines
1.5 KiB
Nix

{ config, ... }:
{
services.nginx = {
enable = true;
virtualHosts = {
"esphome.ccchh.net" = {
forceSSL = true;
enableACME = true;
serverName = "esphome.ccchh.net";
listen = [
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "[::]";
port = 80;
}
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "[::]";
port = 443;
ssl = true;
}
];
locations."/" = {
proxyPass = "http://${config.services.esphome.address}:${builtins.toString config.services.esphome.port}";
proxyWebsockets = true;
};
};
"esphome.z9.ccchh.net" = {
forceSSL = true;
useACMEHost = "esphome.ccchh.net";
serverName = "esphome.z9.ccchh.net";
listen = [
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "[::]";
port = 80;
}
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "[::]";
port = 443;
ssl = true;
}
];
globalRedirect = "esphome.ccchh.net";
redirectCode = 307;
};
};
};
security.acme.certs."esphome.ccchh.net".extraDomainNames = [ "esphome.z9.ccchh.net" ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
}