From 7266dd3bfa1912bf16ec3f71be915b38c1562e1d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?=
 <tristan.maat@codethink.co.uk>
Date: Sat, 8 Feb 2020 21:27:41 +0900
Subject: [PATCH] Move nginx configuration to a networked-docker-container

---
 etc/nixos/configuration.nix                   | 24 ++--------
 .../services/nginx-proxy-letsencrypt.nix      | 16 -------
 etc/nixos/services/nginx-proxy.nix            | 26 -----------
 etc/nixos/services/nginx.nix                  | 46 +++++++++++++++++++
 4 files changed, 51 insertions(+), 61 deletions(-)
 delete mode 100644 etc/nixos/services/nginx-proxy-letsencrypt.nix
 delete mode 100644 etc/nixos/services/nginx-proxy.nix
 create mode 100644 etc/nixos/services/nginx.nix

diff --git a/etc/nixos/configuration.nix b/etc/nixos/configuration.nix
index c556c39..718f33d 100644
--- a/etc/nixos/configuration.nix
+++ b/etc/nixos/configuration.nix
@@ -7,6 +7,11 @@
     <nixpkgs/nixos/modules/profiles/headless.nix>
 
     ./modules/networked-docker-containers.nix
+
+    # FIXME: It'd be much nicer if these were imported further down,
+    # and set inside the docker-containers set, instead of setting the
+    # docker-containers set here.
+    ./services/nginx.nix
   ];
 
   networking = {
@@ -59,25 +64,6 @@
   };
 
   docker-containers = {
-    ## Reverse proxy
-    #
-    # These two services set up a reverse proxy that allows setting up
-    # SSL services with docker containers on subdomains easily.
-    #
-    # To use, simply set:
-    #
-    # ```nix
-    # environment = {
-    #     VIRTUAL_HOST = "<subdomain>.tlater.net";
-    #     LETSENCRYPT_HOST = "<subdomain>.tlater.net";
-    # }
-    # extraDockerOptions = [
-    #     "--network=webproxy"
-    # ];
-    # ```
-    nginx-proxy = import ./services/nginx-proxy.nix;
-    nginx-proxy-letsencrypt = import ./services/nginx-proxy-letsencrypt.nix;
-
     ## Actual service definitions
     gitlab = import ./services/gitlab.nix;
 
diff --git a/etc/nixos/services/nginx-proxy-letsencrypt.nix b/etc/nixos/services/nginx-proxy-letsencrypt.nix
deleted file mode 100644
index 1d92e70..0000000
--- a/etc/nixos/services/nginx-proxy-letsencrypt.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ ... }:
-
-{
-  image = "jrcs/letsencrypt-nginx-proxy-companion";
-  volumes = [
-    "/var/run/docker.sock:/var/run/docker.sock:ro"
-    "nginx-certs:/etc/nginx/certs"
-  ];
-  environment = {
-    DEFAULT_EMAIL = "tm@tlater.net";
-  };
-  extraDockerOptions = [
-    "--volumes-from"
-    "docker-nginx-proxy.service"
-  ];
-}
diff --git a/etc/nixos/services/nginx-proxy.nix b/etc/nixos/services/nginx-proxy.nix
deleted file mode 100644
index fe0fd53..0000000
--- a/etc/nixos/services/nginx-proxy.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ ... }:
-
-{
-  image = "jwilder/nginx-proxy:alpine";
-  ports = [
-    "80:80"
-    "443:443"
-  ];
-  volumes = [
-    # So that we can watch new containers come up
-    "/var/run/docker.sock:/tmp/docker.sock:ro"
-    # So that we can access generated certs
-    "nginx-certs:/etc/nginx/certs:ro"
-    # So that we can write challenge files for letsencrypt auth
-    "nginx-challenges:/usr/share/nginx/html"
-    # So that we can modify config on-the-fly to set up challenge
-    # files
-    "nginx-conf:/etc/nginx/vhost.d"
-  ];
-  environment = {
-    DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt
-  };
-  extraDockerOptions = [
-    "--network=webproxy"
-  ];
-}
diff --git a/etc/nixos/services/nginx.nix b/etc/nixos/services/nginx.nix
new file mode 100644
index 0000000..8ef5826
--- /dev/null
+++ b/etc/nixos/services/nginx.nix
@@ -0,0 +1,46 @@
+{ ... }:
+
+{
+  networked-docker-containers = {
+    nginx-proxy = {
+      image = "jwilder/nginx-proxy:alpine";
+      ports = [
+        "80:80"
+        "443:443"
+      ];
+      volumes = [
+        # So that we can watch new containers come up
+        "/var/run/docker.sock:/tmp/docker.sock:ro"
+        # So that we can access generated certs
+        "nginx-certs:/etc/nginx/certs:ro"
+        # So that we can write challenge files for letsencrypt auth
+        "nginx-challenges:/usr/share/nginx/html"
+        # So that we can modify config on-the-fly to set up challenge
+        # files
+        "nginx-conf:/etc/nginx/vhost.d"
+      ];
+      environment = {
+        DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt
+      };
+      networks = [
+        "webproxy"
+      ];
+    };
+
+    nginx-proxy-letsencrypt = {
+      image = "jrcs/letsencrypt-nginx-proxy-companion";
+      dependsOn = ["docker-nginx-proxy.service"];
+      volumes = [
+        "/var/run/docker.sock:/var/run/docker.sock:ro"
+        "nginx-certs:/etc/nginx/certs"
+      ];
+      environment = {
+        DEFAULT_EMAIL = "tm@tlater.net";
+      };
+      extraDockerOptions = [
+        "--volumes-from"
+        "nginx-proxy"
+      ];
+    };
+  };
+}