129 lines
3.5 KiB
Nix
129 lines
3.5 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
inherit (lib) mkIf mkEnableOption mkOption;
|
|
inherit (lib.types) port;
|
|
|
|
cfg = config.modules.container.nginxproxymanager;
|
|
mkPortOption =
|
|
portNr: desc:
|
|
mkOption {
|
|
type = port;
|
|
default = portNr;
|
|
description = desc;
|
|
};
|
|
in
|
|
{
|
|
options.modules.container.nginxproxymanager = {
|
|
enable = mkEnableOption "Nginx Proxy Manager container";
|
|
|
|
ports = {
|
|
http = mkPortOption 80 "Port for http access";
|
|
https = mkPortOption 443 "Port for https access";
|
|
web = mkPortOption 81 "Port for the webpage";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
modules.container.enable = true;
|
|
|
|
# Containers
|
|
virtualisation.oci-containers.containers."nginxproxymanager" = {
|
|
image = "jc21/nginx-proxy-manager:latest";
|
|
volumes = [
|
|
"nginx_letsencrypt:/etc/letsencrypt:rw"
|
|
"nginx_nginx:/data:rw"
|
|
];
|
|
ports = [
|
|
"${toString cfg.ports.http}:80/tcp"
|
|
"${toString cfg.ports.web}:81/tcp"
|
|
"${toString cfg.ports.https}:443/tcp"
|
|
];
|
|
log-driver = "journald";
|
|
extraOptions = [
|
|
"--network-alias=nginxproxymanager"
|
|
"--network=nginx_default"
|
|
];
|
|
};
|
|
|
|
#: Systemd services {{{
|
|
systemd = {
|
|
services = {
|
|
"podman-nginxproxymanager" = {
|
|
serviceConfig = {
|
|
Restart = lib.mkOverride 500 "always";
|
|
};
|
|
after = [
|
|
"podman-network-nginx_default.service"
|
|
"podman-volume-nginx_letsencrypt.service"
|
|
"podman-volume-nginx_nginx.service"
|
|
];
|
|
requires = [
|
|
"podman-network-nginx_default.service"
|
|
"podman-volume-nginx_letsencrypt.service"
|
|
"podman-volume-nginx_nginx.service"
|
|
];
|
|
partOf = [
|
|
"podman-compose-nginx-root.target"
|
|
];
|
|
wantedBy = [
|
|
"podman-compose-nginx-root.target"
|
|
];
|
|
};
|
|
|
|
# Networks
|
|
"podman-network-nginx_default" = {
|
|
path = [ pkgs.podman ];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
RemainAfterExit = true;
|
|
ExecStop = "podman network rm -f nginx_default";
|
|
};
|
|
script = ''
|
|
podman network inspect nginx_default || podman network create nginx_default
|
|
'';
|
|
partOf = [ "podman-compose-nginx-root.target" ];
|
|
wantedBy = [ "podman-compose-nginx-root.target" ];
|
|
};
|
|
|
|
# Volumes
|
|
"podman-volume-nginx_letsencrypt" = {
|
|
path = [ pkgs.podman ];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
RemainAfterExit = true;
|
|
};
|
|
script = ''
|
|
podman volume inspect nginx_letsencrypt || podman volume create nginx_letsencrypt
|
|
'';
|
|
partOf = [ "podman-compose-nginx-root.target" ];
|
|
wantedBy = [ "podman-compose-nginx-root.target" ];
|
|
};
|
|
"podman-volume-nginx_nginx" = {
|
|
path = [ pkgs.podman ];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
RemainAfterExit = true;
|
|
};
|
|
script = ''
|
|
podman volume inspect nginx_nginx || podman volume create nginx_nginx
|
|
'';
|
|
partOf = [ "podman-compose-nginx-root.target" ];
|
|
wantedBy = [ "podman-compose-nginx-root.target" ];
|
|
};
|
|
};
|
|
targets."podman-compose-nginx-root" = {
|
|
unitConfig = {
|
|
Description = "Root target generated by compose2nix.";
|
|
};
|
|
wantedBy = [ "multi-user.target" ];
|
|
};
|
|
};
|
|
#: }}}
|
|
};
|
|
|
|
}
|