From 7266dd3bfa1912bf16ec3f71be915b38c1562e1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Sat, 8 Feb 2020 21:27:41 +0900 Subject: [PATCH] Move nginx configuration to a networked-docker-container --- etc/nixos/configuration.nix | 24 ++-------- .../services/nginx-proxy-letsencrypt.nix | 16 ------- etc/nixos/services/nginx-proxy.nix | 26 ----------- etc/nixos/services/nginx.nix | 46 +++++++++++++++++++ 4 files changed, 51 insertions(+), 61 deletions(-) delete mode 100644 etc/nixos/services/nginx-proxy-letsencrypt.nix delete mode 100644 etc/nixos/services/nginx-proxy.nix create mode 100644 etc/nixos/services/nginx.nix diff --git a/etc/nixos/configuration.nix b/etc/nixos/configuration.nix index c556c39..718f33d 100644 --- a/etc/nixos/configuration.nix +++ b/etc/nixos/configuration.nix @@ -7,6 +7,11 @@ ./modules/networked-docker-containers.nix + + # FIXME: It'd be much nicer if these were imported further down, + # and set inside the docker-containers set, instead of setting the + # docker-containers set here. + ./services/nginx.nix ]; networking = { @@ -59,25 +64,6 @@ }; docker-containers = { - ## Reverse proxy - # - # These two services set up a reverse proxy that allows setting up - # SSL services with docker containers on subdomains easily. - # - # To use, simply set: - # - # ```nix - # environment = { - # VIRTUAL_HOST = ".tlater.net"; - # LETSENCRYPT_HOST = ".tlater.net"; - # } - # extraDockerOptions = [ - # "--network=webproxy" - # ]; - # ``` - nginx-proxy = import ./services/nginx-proxy.nix; - nginx-proxy-letsencrypt = import ./services/nginx-proxy-letsencrypt.nix; - ## Actual service definitions gitlab = import ./services/gitlab.nix; diff --git a/etc/nixos/services/nginx-proxy-letsencrypt.nix b/etc/nixos/services/nginx-proxy-letsencrypt.nix deleted file mode 100644 index 1d92e70..0000000 --- a/etc/nixos/services/nginx-proxy-letsencrypt.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ ... }: - -{ - image = "jrcs/letsencrypt-nginx-proxy-companion"; - volumes = [ - "/var/run/docker.sock:/var/run/docker.sock:ro" - "nginx-certs:/etc/nginx/certs" - ]; - environment = { - DEFAULT_EMAIL = "tm@tlater.net"; - }; - extraDockerOptions = [ - "--volumes-from" - "docker-nginx-proxy.service" - ]; -} diff --git a/etc/nixos/services/nginx-proxy.nix b/etc/nixos/services/nginx-proxy.nix deleted file mode 100644 index fe0fd53..0000000 --- a/etc/nixos/services/nginx-proxy.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ ... }: - -{ - image = "jwilder/nginx-proxy:alpine"; - ports = [ - "80:80" - "443:443" - ]; - volumes = [ - # So that we can watch new containers come up - "/var/run/docker.sock:/tmp/docker.sock:ro" - # So that we can access generated certs - "nginx-certs:/etc/nginx/certs:ro" - # So that we can write challenge files for letsencrypt auth - "nginx-challenges:/usr/share/nginx/html" - # So that we can modify config on-the-fly to set up challenge - # files - "nginx-conf:/etc/nginx/vhost.d" - ]; - environment = { - DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt - }; - extraDockerOptions = [ - "--network=webproxy" - ]; -} diff --git a/etc/nixos/services/nginx.nix b/etc/nixos/services/nginx.nix new file mode 100644 index 0000000..8ef5826 --- /dev/null +++ b/etc/nixos/services/nginx.nix @@ -0,0 +1,46 @@ +{ ... }: + +{ + networked-docker-containers = { + nginx-proxy = { + image = "jwilder/nginx-proxy:alpine"; + ports = [ + "80:80" + "443:443" + ]; + volumes = [ + # So that we can watch new containers come up + "/var/run/docker.sock:/tmp/docker.sock:ro" + # So that we can access generated certs + "nginx-certs:/etc/nginx/certs:ro" + # So that we can write challenge files for letsencrypt auth + "nginx-challenges:/usr/share/nginx/html" + # So that we can modify config on-the-fly to set up challenge + # files + "nginx-conf:/etc/nginx/vhost.d" + ]; + environment = { + DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt + }; + networks = [ + "webproxy" + ]; + }; + + nginx-proxy-letsencrypt = { + image = "jrcs/letsencrypt-nginx-proxy-companion"; + dependsOn = ["docker-nginx-proxy.service"]; + volumes = [ + "/var/run/docker.sock:/var/run/docker.sock:ro" + "nginx-certs:/etc/nginx/certs" + ]; + environment = { + DEFAULT_EMAIL = "tm@tlater.net"; + }; + extraDockerOptions = [ + "--volumes-from" + "nginx-proxy" + ]; + }; + }; +}