Move nginx configuration to a networked-docker-container

2020-02-08 21:27:41 +09:00 · 2020-02-08 21:27:41 +09:00 · 7266dd3bfa
commit 7266dd3bfa
parent 9d209f5dda
4 changed files with 51 additions and 61 deletions
--- a/etc/nixos/services/nginx-proxy-letsencrypt.nix
+++ b/etc/nixos/services/nginx-proxy-letsencrypt.nix
@ -1,16 +0,0 @@
-{ ... }:
-
-{
-  image = "jrcs/letsencrypt-nginx-proxy-companion";
-  volumes = [
-    "/var/run/docker.sock:/var/run/docker.sock:ro"
-    "nginx-certs:/etc/nginx/certs"
-  ];
-  environment = {
-    DEFAULT_EMAIL = "tm@tlater.net";
-  };
-  extraDockerOptions = [
-    "--volumes-from"
-    "docker-nginx-proxy.service"
-  ];
-}
--- a/etc/nixos/services/nginx-proxy.nix
+++ b/etc/nixos/services/nginx-proxy.nix
@ -1,26 +0,0 @@
-{ ... }:
-
-{
-  image = "jwilder/nginx-proxy:alpine";
-  ports = [
-    "80:80"
-    "443:443"
-  ];
-  volumes = [
-    # So that we can watch new containers come up
-    "/var/run/docker.sock:/tmp/docker.sock:ro"
-    # So that we can access generated certs
-    "nginx-certs:/etc/nginx/certs:ro"
-    # So that we can write challenge files for letsencrypt auth
-    "nginx-challenges:/usr/share/nginx/html"
-    # So that we can modify config on-the-fly to set up challenge
-    # files
-    "nginx-conf:/etc/nginx/vhost.d"
-  ];
-  environment = {
-    DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt
-  };
-  extraDockerOptions = [
-    "--network=webproxy"
-  ];
-}
--- a/etc/nixos/services/nginx.nix
+++ b/etc/nixos/services/nginx.nix
@ -0,0 +1,46 @@
+{ ... }:
+
+{
+  networked-docker-containers = {
+    nginx-proxy = {
+      image = "jwilder/nginx-proxy:alpine";
+      ports = [
+        "80:80"
+        "443:443"
+      ];
+      volumes = [
+        # So that we can watch new containers come up
+        "/var/run/docker.sock:/tmp/docker.sock:ro"
+        # So that we can access generated certs
+        "nginx-certs:/etc/nginx/certs:ro"
+        # So that we can write challenge files for letsencrypt auth
+        "nginx-challenges:/usr/share/nginx/html"
+        # So that we can modify config on-the-fly to set up challenge
+        # files
+        "nginx-conf:/etc/nginx/vhost.d"
+      ];
+      environment = {
+        DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt
+      };
+      networks = [
+        "webproxy"
+      ];
+    };
+
+    nginx-proxy-letsencrypt = {
+      image = "jrcs/letsencrypt-nginx-proxy-companion";
+      dependsOn = ["docker-nginx-proxy.service"];
+      volumes = [
+        "/var/run/docker.sock:/var/run/docker.sock:ro"
+        "nginx-certs:/etc/nginx/certs"
+      ];
+      environment = {
+        DEFAULT_EMAIL = "tm@tlater.net";
+      };
+      extraDockerOptions = [
+        "--volumes-from"
+        "nginx-proxy"
+      ];
+    };
+  };
+}