Move nginx configuration to a networked-docker-container

This commit is contained in:
Tristan Daniël Maat 2020-02-08 21:27:41 +09:00
parent 9d209f5dda
commit 7266dd3bfa
Signed by: tlater
GPG key ID: 49670FD774E43268
4 changed files with 51 additions and 61 deletions

View file

@ -7,6 +7,11 @@
<nixpkgs/nixos/modules/profiles/headless.nix>
./modules/networked-docker-containers.nix
# FIXME: It'd be much nicer if these were imported further down,
# and set inside the docker-containers set, instead of setting the
# docker-containers set here.
./services/nginx.nix
];
networking = {
@ -59,25 +64,6 @@
};
docker-containers = {
## Reverse proxy
#
# These two services set up a reverse proxy that allows setting up
# SSL services with docker containers on subdomains easily.
#
# To use, simply set:
#
# ```nix
# environment = {
# VIRTUAL_HOST = "<subdomain>.tlater.net";
# LETSENCRYPT_HOST = "<subdomain>.tlater.net";
# }
# extraDockerOptions = [
# "--network=webproxy"
# ];
# ```
nginx-proxy = import ./services/nginx-proxy.nix;
nginx-proxy-letsencrypt = import ./services/nginx-proxy-letsencrypt.nix;
## Actual service definitions
gitlab = import ./services/gitlab.nix;

View file

@ -1,16 +0,0 @@
{ ... }:
{
image = "jrcs/letsencrypt-nginx-proxy-companion";
volumes = [
"/var/run/docker.sock:/var/run/docker.sock:ro"
"nginx-certs:/etc/nginx/certs"
];
environment = {
DEFAULT_EMAIL = "tm@tlater.net";
};
extraDockerOptions = [
"--volumes-from"
"docker-nginx-proxy.service"
];
}

View file

@ -1,26 +0,0 @@
{ ... }:
{
image = "jwilder/nginx-proxy:alpine";
ports = [
"80:80"
"443:443"
];
volumes = [
# So that we can watch new containers come up
"/var/run/docker.sock:/tmp/docker.sock:ro"
# So that we can access generated certs
"nginx-certs:/etc/nginx/certs:ro"
# So that we can write challenge files for letsencrypt auth
"nginx-challenges:/usr/share/nginx/html"
# So that we can modify config on-the-fly to set up challenge
# files
"nginx-conf:/etc/nginx/vhost.d"
];
environment = {
DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt
};
extraDockerOptions = [
"--network=webproxy"
];
}

View file

@ -0,0 +1,46 @@
{ ... }:
{
networked-docker-containers = {
nginx-proxy = {
image = "jwilder/nginx-proxy:alpine";
ports = [
"80:80"
"443:443"
];
volumes = [
# So that we can watch new containers come up
"/var/run/docker.sock:/tmp/docker.sock:ro"
# So that we can access generated certs
"nginx-certs:/etc/nginx/certs:ro"
# So that we can write challenge files for letsencrypt auth
"nginx-challenges:/usr/share/nginx/html"
# So that we can modify config on-the-fly to set up challenge
# files
"nginx-conf:/etc/nginx/vhost.d"
];
environment = {
DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt
};
networks = [
"webproxy"
];
};
nginx-proxy-letsencrypt = {
image = "jrcs/letsencrypt-nginx-proxy-companion";
dependsOn = ["docker-nginx-proxy.service"];
volumes = [
"/var/run/docker.sock:/var/run/docker.sock:ro"
"nginx-certs:/etc/nginx/certs"
];
environment = {
DEFAULT_EMAIL = "tm@tlater.net";
};
extraDockerOptions = [
"--volumes-from"
"nginx-proxy"
];
};
};
}