Move nginx configuration to a networked-docker-container
This commit is contained in:
parent
9d209f5dda
commit
7266dd3bfa
|
@ -7,6 +7,11 @@
|
|||
<nixpkgs/nixos/modules/profiles/headless.nix>
|
||||
|
||||
./modules/networked-docker-containers.nix
|
||||
|
||||
# FIXME: It'd be much nicer if these were imported further down,
|
||||
# and set inside the docker-containers set, instead of setting the
|
||||
# docker-containers set here.
|
||||
./services/nginx.nix
|
||||
];
|
||||
|
||||
networking = {
|
||||
|
@ -59,25 +64,6 @@
|
|||
};
|
||||
|
||||
docker-containers = {
|
||||
## Reverse proxy
|
||||
#
|
||||
# These two services set up a reverse proxy that allows setting up
|
||||
# SSL services with docker containers on subdomains easily.
|
||||
#
|
||||
# To use, simply set:
|
||||
#
|
||||
# ```nix
|
||||
# environment = {
|
||||
# VIRTUAL_HOST = "<subdomain>.tlater.net";
|
||||
# LETSENCRYPT_HOST = "<subdomain>.tlater.net";
|
||||
# }
|
||||
# extraDockerOptions = [
|
||||
# "--network=webproxy"
|
||||
# ];
|
||||
# ```
|
||||
nginx-proxy = import ./services/nginx-proxy.nix;
|
||||
nginx-proxy-letsencrypt = import ./services/nginx-proxy-letsencrypt.nix;
|
||||
|
||||
## Actual service definitions
|
||||
gitlab = import ./services/gitlab.nix;
|
||||
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
image = "jrcs/letsencrypt-nginx-proxy-companion";
|
||||
volumes = [
|
||||
"/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||
"nginx-certs:/etc/nginx/certs"
|
||||
];
|
||||
environment = {
|
||||
DEFAULT_EMAIL = "tm@tlater.net";
|
||||
};
|
||||
extraDockerOptions = [
|
||||
"--volumes-from"
|
||||
"docker-nginx-proxy.service"
|
||||
];
|
||||
}
|
|
@ -1,26 +0,0 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
image = "jwilder/nginx-proxy:alpine";
|
||||
ports = [
|
||||
"80:80"
|
||||
"443:443"
|
||||
];
|
||||
volumes = [
|
||||
# So that we can watch new containers come up
|
||||
"/var/run/docker.sock:/tmp/docker.sock:ro"
|
||||
# So that we can access generated certs
|
||||
"nginx-certs:/etc/nginx/certs:ro"
|
||||
# So that we can write challenge files for letsencrypt auth
|
||||
"nginx-challenges:/usr/share/nginx/html"
|
||||
# So that we can modify config on-the-fly to set up challenge
|
||||
# files
|
||||
"nginx-conf:/etc/nginx/vhost.d"
|
||||
];
|
||||
environment = {
|
||||
DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt
|
||||
};
|
||||
extraDockerOptions = [
|
||||
"--network=webproxy"
|
||||
];
|
||||
}
|
46
etc/nixos/services/nginx.nix
Normal file
46
etc/nixos/services/nginx.nix
Normal file
|
@ -0,0 +1,46 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
networked-docker-containers = {
|
||||
nginx-proxy = {
|
||||
image = "jwilder/nginx-proxy:alpine";
|
||||
ports = [
|
||||
"80:80"
|
||||
"443:443"
|
||||
];
|
||||
volumes = [
|
||||
# So that we can watch new containers come up
|
||||
"/var/run/docker.sock:/tmp/docker.sock:ro"
|
||||
# So that we can access generated certs
|
||||
"nginx-certs:/etc/nginx/certs:ro"
|
||||
# So that we can write challenge files for letsencrypt auth
|
||||
"nginx-challenges:/usr/share/nginx/html"
|
||||
# So that we can modify config on-the-fly to set up challenge
|
||||
# files
|
||||
"nginx-conf:/etc/nginx/vhost.d"
|
||||
];
|
||||
environment = {
|
||||
DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt
|
||||
};
|
||||
networks = [
|
||||
"webproxy"
|
||||
];
|
||||
};
|
||||
|
||||
nginx-proxy-letsencrypt = {
|
||||
image = "jrcs/letsencrypt-nginx-proxy-companion";
|
||||
dependsOn = ["docker-nginx-proxy.service"];
|
||||
volumes = [
|
||||
"/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||
"nginx-certs:/etc/nginx/certs"
|
||||
];
|
||||
environment = {
|
||||
DEFAULT_EMAIL = "tm@tlater.net";
|
||||
};
|
||||
extraDockerOptions = [
|
||||
"--volumes-from"
|
||||
"nginx-proxy"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue