Set up nginx-proxy

This commit is contained in:
Tristan Maat 2019-11-26 23:06:50 +00:00
parent ca484ac880
commit 7b211df7e5

View file

@ -12,6 +12,15 @@
# useDHCP is deprecated
useDHCP = false;
interfaces.eth0.useDHCP = true;
firewall = {
enable = true;
allowedTCPPorts = [
80
443
2222
];
};
};
time.timeZone = "Europe/London";
@ -48,5 +57,47 @@
};
};
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};
docker-containers = {
nginx-proxy = {
image = "jwilder/nginx-proxy:alpine";
ports = [
"80:80"
"443:443"
];
volumes = [
# So that we can watch new containers come up
"/var/run/docker.sock:/tmp/docker.sock:ro"
# So that we can access generated certs
"nginx-certs:/etc/nginx/certs:ro"
# So that we can write challenge files for letsencrypt auth
"nginx-challenges:/usr/share/nginx/html"
# So that we can modify config on-the-fly to set up challenge
# files
"nginx-conf:/etc/nginx/vhost.d"
];
environment = {
DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt
};
};
nginx-proxy-letsencrypt = {
image = "jrcs/letsencrypt-nginx-proxy-companion";
volumes = [
"/var/run/docker.sock:/var/run/dokcer.sock:ro"
"nginx-certs:/etc/nginx/certs"
"nginx-challenges:/usr/share/nginx/html"
"nginx-conf:/etc/nginx/vhost.d"
];
environment = {
DEFAULT_EMAIL = "tm@tlater.net";
};
};
};
system.stateVersion = "19.09";
}