tlaternet
/
tlaternet-server
1
0
Fork 0
Code Issues 9 Pull Requests Releases Activity

services: Move configurations out of main configuration.nix file

pull/1/head
Tristan Daniël Maat 2020-02-02 16:48:45 +09:00
parent 767095e6ab
commit ff005a6bbe
Signed by: tlater
GPG Key ID: 49670FD774E43268
5 changed files with 83 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
etc/nixos/configuration.nix
View File

@ -56,65 +56,28 @@
};
docker-containers = {
## nginx proxy
nginx-proxy = {
image = "jwilder/nginx-proxy:alpine";
ports = [
"80:80"
"443:443"
];
volumes = [
# So that we can watch new containers come up
"/var/run/docker.sock:/tmp/docker.sock:ro"
# So that we can access generated certs
"nginx-certs:/etc/nginx/certs:ro"
# So that we can write challenge files for letsencrypt auth
"nginx-challenges:/usr/share/nginx/html"
# So that we can modify config on-the-fly to set up challenge
# files
"nginx-conf:/etc/nginx/vhost.d"
];
environment = {
DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt
};
extraDockerOptions = [
"--network=webproxy"
];
};
## Reverse proxy
#
# These two services set up a reverse proxy that allows setting up
# SSL services with docker containers on subdomains easily.
#
# To use, simply set:
#
# ```nix
# environment = {
# VIRTUAL_HOST = "<subdomain>.tlater.net";
# LETSENCRYPT_HOST = "<subdomain>.tlater.net";
# }
# extraDockerOptions = [
# "--network=webproxy"
# ];
# ```
nginx-proxy = import ./services/nginx-proxy.nix;
nginx-proxy-letsencrypt = import ./services/nginx-proxy-letsencrypt.nix;
nginx-proxy-letsencrypt = {
image = "jrcs/letsencrypt-nginx-proxy-companion";
volumes = [
"/var/run/docker.sock:/var/run/docker.sock:ro"
"nginx-certs:/etc/nginx/certs"
];
environment = {
DEFAULT_EMAIL = "tm@tlater.net";
};
extraDockerOptions = [
"--volumes-from" "docker-nginx-proxy.service"
];
};
## Actual service definitions
gitlab = import ./services/gitlab.nix;
## GitLab
gitlab = {
image = "gitlab/gitlab-ce:latest";
ports = [
"3022:22"
];
volumes = [
"gitlab-data:/var/opt/gitlab:Z"
"gitlab-logs:/var/log/gitlab:Z"
"gitlab-config:/etc/gitlab:Z"
];
environment = {
VIRTUAL_HOST = "gitlab.tlater.net";
LETSENCRYPT_HOST = "gitlab.tlater.net";
GITLAB_OMNIBUS_CONFIG = builtins.replaceStrings ["\n"] [""] (builtins.readFile ./configs/gitlab.rb);
};
extraDockerOptions = [
"--network=webproxy"
];
};
};

0
etc/nixos/configs/gitlab.rb → etc/nixos/services/configs/gitlab.rb
View File

21
etc/nixos/services/gitlab.nix Normal file
View File

@ -0,0 +1,21 @@
{ ... }:
{
image = "gitlab/gitlab-ce:latest";
ports = [
"3022:22"
];
volumes = [
"gitlab-data:/var/opt/gitlab:Z"
"gitlab-logs:/var/log/gitlab:Z"
"gitlab-config:/etc/gitlab:Z"
];
environment = {
VIRTUAL_HOST = "gitlab.tlater.net";
LETSENCRYPT_HOST = "gitlab.tlater.net";
GITLAB_OMNIBUS_CONFIG = builtins.replaceStrings [ "\n" ] [ "" ] (builtins.readFile ./configs/gitlab.rb);
};
extraDockerOptions = [
"--network=webproxy"
];
}

16
etc/nixos/services/nginx-proxy-letsencrypt.nix Normal file
View File

@ -0,0 +1,16 @@
{ ... }:
{
image = "jrcs/letsencrypt-nginx-proxy-companion";
volumes = [
"/var/run/docker.sock:/var/run/docker.sock:ro"
"nginx-certs:/etc/nginx/certs"
];
environment = {
DEFAULT_EMAIL = "tm@tlater.net";
};
extraDockerOptions = [
"--volumes-from"
"docker-nginx-proxy.service"
];
}

26
etc/nixos/services/nginx-proxy.nix Normal file
View File

@ -0,0 +1,26 @@
{ ... }:
{
image = "jwilder/nginx-proxy:alpine";
ports = [
"80:80"
"443:443"
];
volumes = [
# So that we can watch new containers come up
"/var/run/docker.sock:/tmp/docker.sock:ro"
# So that we can access generated certs
"nginx-certs:/etc/nginx/certs:ro"
# So that we can write challenge files for letsencrypt auth
"nginx-challenges:/usr/share/nginx/html"
# So that we can modify config on-the-fly to set up challenge
# files
"nginx-conf:/etc/nginx/vhost.d"
];
environment = {
DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt
};
extraDockerOptions = [
"--network=webproxy"
];
}