Set up nginx-proxy

2019-11-26 23:06:50 +00:00 · 2019-11-26 23:06:50 +00:00 · 7b211df7e5
parent ca484ac880
commit 7b211df7e5
1 changed files with 51 additions and 0 deletions
--- a/etc/nixos/configuration.nix
+++ b/etc/nixos/configuration.nix
@ -12,6 +12,15 @@
    # useDHCP is deprecated
    useDHCP = false;
    interfaces.eth0.useDHCP = true;
+
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        80
+        443
+        2222
+      ];
+    };
  };

  time.timeZone = "Europe/London";
@ -48,5 +57,47 @@
    };
  };

+  virtualisation.docker = {
+    enable = true;
+    autoPrune.enable = true;
+  };
+
+  docker-containers = {
+    nginx-proxy = {
+      image = "jwilder/nginx-proxy:alpine";
+      ports = [
+        "80:80"
+        "443:443"
+      ];
+      volumes = [
+        # So that we can watch new containers come up
+        "/var/run/docker.sock:/tmp/docker.sock:ro"
+        # So that we can access generated certs
+        "nginx-certs:/etc/nginx/certs:ro"
+        # So that we can write challenge files for letsencrypt auth
+        "nginx-challenges:/usr/share/nginx/html"
+        # So that we can modify config on-the-fly to set up challenge
+        # files
+        "nginx-conf:/etc/nginx/vhost.d"
+      ];
+      environment = {
+        DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt
+      };
+    };
+
+    nginx-proxy-letsencrypt = {
+      image = "jrcs/letsencrypt-nginx-proxy-companion";
+      volumes = [
+        "/var/run/docker.sock:/var/run/dokcer.sock:ro"
+        "nginx-certs:/etc/nginx/certs"
+        "nginx-challenges:/usr/share/nginx/html"
+        "nginx-conf:/etc/nginx/vhost.d"
+      ];
+      environment = {
+        DEFAULT_EMAIL = "tm@tlater.net";
+      };
+    };
+  };
+
  system.stateVersion = "19.09";
 }