Tristan Daniël Maat
9f0e3082bc
Apparently NixOS will handle this for us, automagically, but it isn't quite smart enough to figure out when the user added that manually.
47 lines
1.2 KiB
Nix
47 lines
1.2 KiB
Nix
{ ... }:
|
|
|
|
{
|
|
networked-docker-containers = {
|
|
nginx-proxy = {
|
|
image = "jwilder/nginx-proxy:alpine";
|
|
ports = [
|
|
"80:80"
|
|
"443:443"
|
|
];
|
|
volumes = [
|
|
# So that we can watch new containers come up
|
|
"/var/run/docker.sock:/tmp/docker.sock:ro"
|
|
# So that we can access generated certs
|
|
"nginx-certs:/etc/nginx/certs:ro"
|
|
# So that we can write challenge files for letsencrypt auth
|
|
"nginx-challenges:/usr/share/nginx/html"
|
|
# So that we can modify config on-the-fly to set up challenge
|
|
# files
|
|
"nginx-conf:/etc/nginx/vhost.d"
|
|
];
|
|
environment = {
|
|
DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt
|
|
};
|
|
networks = [
|
|
"webproxy"
|
|
];
|
|
};
|
|
|
|
nginx-proxy-letsencrypt = {
|
|
image = "jrcs/letsencrypt-nginx-proxy-companion";
|
|
dependsOn = ["nginx-proxy"];
|
|
volumes = [
|
|
"/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
"nginx-certs:/etc/nginx/certs"
|
|
];
|
|
environment = {
|
|
DEFAULT_EMAIL = "tm@tlater.net";
|
|
};
|
|
extraDockerOptions = [
|
|
"--volumes-from"
|
|
"nginx-proxy"
|
|
];
|
|
};
|
|
};
|
|
}
|