{
lib,
config,
pkgs,
...
}:
let
inherit (lib) mkIf mkEnableOption mkOption;
inherit (lib.types) port;
cfg = config.modules.container.nginxproxymanager;
mkPortOption =
portNr: desc:
mkOption {
type = port;
default = portNr;
description = desc;
};
in
{
options.modules.container.nginxproxymanager = {
enable = mkEnableOption "Nginx Proxy Manager container";
ports = {
http = mkPortOption 80 "Port for http access";
https = mkPortOption 443 "Port for https access";
web = mkPortOption 81 "Port for the webpage";
};
};
config = mkIf cfg.enable {
modules.container.enable = true;
# Containers
virtualisation.oci-containers.containers."nginxproxymanager" = {
image = "jc21/nginx-proxy-manager:latest";
volumes = [
"nginx_letsencrypt:/etc/letsencrypt:rw"
"nginx_nginx:/data:rw"
];
ports = [
"${toString cfg.ports.http}:80/tcp"
"${toString cfg.ports.web}:81/tcp"
"${toString cfg.ports.https}:443/tcp"
];
log-driver = "journald";
extraOptions = [
"--network-alias=nginxproxymanager"
"--network=nginx_default"
];
};
#: Systemd services {{{
systemd = {
services = {
"podman-nginxproxymanager" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-nginx_default.service"
"podman-volume-nginx_letsencrypt.service"
"podman-volume-nginx_nginx.service"
];
requires = [
"podman-network-nginx_default.service"
"podman-volume-nginx_letsencrypt.service"
"podman-volume-nginx_nginx.service"
];
partOf = [
"podman-compose-nginx-root.target"
];
wantedBy = [
"podman-compose-nginx-root.target"
];
};
# Networks
"podman-network-nginx_default" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "podman network rm -f nginx_default";
};
script = ''
podman network inspect nginx_default || podman network create nginx_default --disable-dns
'';
partOf = [ "podman-compose-nginx-root.target" ];
wantedBy = [ "podman-compose-nginx-root.target" ];
};
# Volumes
"podman-volume-nginx_letsencrypt" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
podman volume inspect nginx_letsencrypt || podman volume create nginx_letsencrypt
'';
partOf = [ "podman-compose-nginx-root.target" ];
wantedBy = [ "podman-compose-nginx-root.target" ];
};
"podman-volume-nginx_nginx" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
podman volume inspect nginx_nginx || podman volume create nginx_nginx
'';
partOf = [ "podman-compose-nginx-root.target" ];
wantedBy = [ "podman-compose-nginx-root.target" ];
};
};
targets."podman-compose-nginx-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
};
#: }}}
};
}