tlaternet-server/etc/nixos/services/nginx.nix

{ ... }:

{
  networked-docker-containers = {
    nginx-proxy = {
      image = "jwilder/nginx-proxy:alpine";
      ports = [
        "80:80"
        "443:443"
      ];
      volumes = [
        # So that we can watch new containers come up
        "/var/run/docker.sock:/tmp/docker.sock:ro"
        # So that we can access generated certs
        "nginx-certs:/etc/nginx/certs:ro"
        # So that we can write challenge files for letsencrypt auth
        "nginx-challenges:/usr/share/nginx/html"
        # So that we can modify config on-the-fly to set up challenge
        # files
        "nginx-conf:/etc/nginx/vhost.d"
      ];
      environment = {
        DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt
      };
      networks = [
        "webproxy"
      ];
    };

    nginx-proxy-letsencrypt = {
      image = "jrcs/letsencrypt-nginx-proxy-companion";
      dependsOn = ["docker-nginx-proxy.service"];
      volumes = [
        "/var/run/docker.sock:/var/run/docker.sock:ro"
        "nginx-certs:/etc/nginx/certs"
      ];
      environment = {
        DEFAULT_EMAIL = "tm@tlater.net";
      };
      extraDockerOptions = [
        "--volumes-from"
        "nginx-proxy"
      ];
    };
  };
}