Move nginx configuration to a networked-docker-container

2020-02-08 21:27:41 +09:00 · 2020-02-08 21:27:41 +09:00 · 7266dd3bfa
parent 9d209f5dda
commit 7266dd3bfa
4 changed files with 51 additions and 61 deletions
--- a/etc/nixos/configuration.nix
+++ b/etc/nixos/configuration.nix
@ -7,6 +7,11 @@
    <nixpkgs/nixos/modules/profiles/headless.nix>

    ./modules/networked-docker-containers.nix
+
+    # FIXME: It'd be much nicer if these were imported further down,
+    # and set inside the docker-containers set, instead of setting the
+    # docker-containers set here.
+    ./services/nginx.nix
  ];

  networking = {
@ -59,25 +64,6 @@
  };

  docker-containers = {
-    ## Reverse proxy
-    #
-    # These two services set up a reverse proxy that allows setting up
-    # SSL services with docker containers on subdomains easily.
-    #
-    # To use, simply set:
-    #
-    # ```nix
-    # environment = {
-    #     VIRTUAL_HOST = "<subdomain>.tlater.net";
-    #     LETSENCRYPT_HOST = "<subdomain>.tlater.net";
-    # }
-    # extraDockerOptions = [
-    #     "--network=webproxy"
-    # ];
-    # ```
-    nginx-proxy = import ./services/nginx-proxy.nix;
-    nginx-proxy-letsencrypt = import ./services/nginx-proxy-letsencrypt.nix;
-
    ## Actual service definitions
    gitlab = import ./services/gitlab.nix;

--- a/etc/nixos/services/nginx-proxy-letsencrypt.nix
+++ b/etc/nixos/services/nginx-proxy-letsencrypt.nix
@ -1,16 +0,0 @@
-{ ... }:
-
-{
-  image = "jrcs/letsencrypt-nginx-proxy-companion";
-  volumes = [
-    "/var/run/docker.sock:/var/run/docker.sock:ro"
-    "nginx-certs:/etc/nginx/certs"
-  ];
-  environment = {
-    DEFAULT_EMAIL = "tm@tlater.net";
-  };
-  extraDockerOptions = [
-    "--volumes-from"
-    "docker-nginx-proxy.service"
-  ];
-}
--- a/etc/nixos/services/nginx-proxy.nix
+++ b/etc/nixos/services/nginx-proxy.nix
@ -1,26 +0,0 @@
-{ ... }:
-
-{
-  image = "jwilder/nginx-proxy:alpine";
-  ports = [
-    "80:80"
-    "443:443"
-  ];
-  volumes = [
-    # So that we can watch new containers come up
-    "/var/run/docker.sock:/tmp/docker.sock:ro"
-    # So that we can access generated certs
-    "nginx-certs:/etc/nginx/certs:ro"
-    # So that we can write challenge files for letsencrypt auth
-    "nginx-challenges:/usr/share/nginx/html"
-    # So that we can modify config on-the-fly to set up challenge
-    # files
-    "nginx-conf:/etc/nginx/vhost.d"
-  ];
-  environment = {
-    DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt
-  };
-  extraDockerOptions = [
-    "--network=webproxy"
-  ];
-}
--- a/etc/nixos/services/nginx.nix
+++ b/etc/nixos/services/nginx.nix
@ -0,0 +1,46 @@
+{ ... }:
+
+{
+  networked-docker-containers = {
+    nginx-proxy = {
+      image = "jwilder/nginx-proxy:alpine";
+      ports = [
+        "80:80"
+        "443:443"
+      ];
+      volumes = [
+        # So that we can watch new containers come up
+        "/var/run/docker.sock:/tmp/docker.sock:ro"
+        # So that we can access generated certs
+        "nginx-certs:/etc/nginx/certs:ro"
+        # So that we can write challenge files for letsencrypt auth
+        "nginx-challenges:/usr/share/nginx/html"
+        # So that we can modify config on-the-fly to set up challenge
+        # files
+        "nginx-conf:/etc/nginx/vhost.d"
+      ];
+      environment = {
+        DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt
+      };
+      networks = [
+        "webproxy"
+      ];
+    };
+
+    nginx-proxy-letsencrypt = {
+      image = "jrcs/letsencrypt-nginx-proxy-companion";
+      dependsOn = ["docker-nginx-proxy.service"];
+      volumes = [
+        "/var/run/docker.sock:/var/run/docker.sock:ro"
+        "nginx-certs:/etc/nginx/certs"
+      ];
+      environment = {
+        DEFAULT_EMAIL = "tm@tlater.net";
+      };
+      extraDockerOptions = [
+        "--volumes-from"
+        "nginx-proxy"
+      ];
+    };
+  };
+}