pyrox.dev / nixpkgs
lol
fork atom

nixos/traefik: add environmentFiles option

Sophie Tauchert d568766f 67faa3e9

options
unified split
Changed files
+27 -3
nixos
modules
services
web-servers
traefik.nix
tests
traefik.nix
+23 -2
nixos/modules/services/web-servers/traefik.nix 
···

       
48

       
 

       
    ''


     

       
49

       
 

       
  else


     

       
50

       
 

       
    cfg.staticConfigFile;


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
51

       
 

       
in {


     

       
52

       
 

       
  options.services.traefik = {


     

       
53

       
 

       
    enable = mkEnableOption (lib.mdDoc "Traefik web server");


     
···

       
127

       
 

       
      type = types.package;


     

       
128

       
 

       
      description = lib.mdDoc "Traefik package to use.";


     

       
129

       
 

       
    };


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
130

       
 

       
  };


     

       
131

       
 

       



     

       
132

       
 

       
  config = mkIf cfg.enable {


     
···

       
139

       
 

       
      startLimitIntervalSec = 86400;


     

       
140

       
 

       
      startLimitBurst = 5;


     

       
141

       
 

       
      serviceConfig = {


     

       
142

       
-

       
        ExecStart =


     

       
143

       
-

       
          "${cfg.package}/bin/traefik --configfile=${staticConfigFile}";


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
144

       
 

       
        Type = "simple";


     

       
145

       
 

       
        User = "traefik";


     

       
146

       
 

       
        Group = cfg.group;


     
···

       
155

       
 

       
        ProtectHome = true;


     

       
156

       
 

       
        ProtectSystem = "full";


     

       
157

       
 

       
        ReadWriteDirectories = cfg.dataDir;


     

       

       

       
     

       
158

       
 

       
      };


     

       
159

       
 

       
    };


     

       
160

       
 

       



     
···

       
48

       
 

       
    ''


     

       
49

       
 

       
  else


     

       
50

       
 

       
    cfg.staticConfigFile;


     

       
51

       
+

       



     

       
52

       
+

       
  finalStaticConfigFile =


     

       
53

       
+

       
    if cfg.environmentFiles == []


     

       
54

       
+

       
    then staticConfigFile


     

       
55

       
+

       
    else "/run/traefik/config.toml";


     

       
56

       
 

       
in {


     

       
57

       
 

       
  options.services.traefik = {


     

       
58

       
 

       
    enable = mkEnableOption (lib.mdDoc "Traefik web server");


     
···

       
132

       
 

       
      type = types.package;


     

       
133

       
 

       
      description = lib.mdDoc "Traefik package to use.";


     

       
134

       
 

       
    };


     

       
135

       
+

       



     

       
136

       
+

       
    environmentFiles = mkOption {


     

       
137

       
+

       
      default = [];


     

       
138

       
+

       
      type = types.listOf types.path;


     

       
139

       
+

       
      example = [ "/run/secrets/traefik.env" ];


     

       
140

       
+

       
      description = lib.mdDoc ''


     

       
141

       
+

       
        Files to load as environment file. Environment variables from this file


     

       
142

       
+

       
        will be substituted into the static configuration file using envsubst.


     

       
143

       
+

       
      '';


     

       
144

       
+

       
    };


     

       
145

       
 

       
  };


     

       
146

       
 

       



     

       
147

       
 

       
  config = mkIf cfg.enable {


     
···

       
154

       
 

       
      startLimitIntervalSec = 86400;


     

       
155

       
 

       
      startLimitBurst = 5;


     

       
156

       
 

       
      serviceConfig = {


     

       
157

       
+

       
        EnvironmentFile = cfg.environmentFiles;


     

       
158

       
+

       
        ExecStartPre = lib.optional (cfg.environmentFiles != [])


     

       
159

       
+

       
          (pkgs.writeShellScript "pre-start" ''


     

       
160

       
+

       
            umask 077


     

       
161

       
+

       
            ${pkgs.envsubst}/bin/envsubst -i "${staticConfigFile}" > "${finalStaticConfigFile}"


     

       
162

       
+

       
          '');


     

       
163

       
+

       
        ExecStart = "${cfg.package}/bin/traefik --configfile=${finalStaticConfigFile}";


     

       
164

       
 

       
        Type = "simple";


     

       
165

       
 

       
        User = "traefik";


     

       
166

       
 

       
        Group = cfg.group;


     
···

       
175

       
 

       
        ProtectHome = true;


     

       
176

       
 

       
        ProtectSystem = "full";


     

       
177

       
 

       
        ReadWriteDirectories = cfg.dataDir;


     

       
178

       
+

       
        RuntimeDirectory = "traefik";


     

       
179

       
 

       
      };


     

       
180

       
 

       
    };


     

       
181
+4 -1
nixos/tests/traefik.nix 
···

       
52

       
 

       
            sendAnonymousUsage = false;


     

       
53

       
 

       
          };


     

       
54

       
 

       



     

       
55

       
-

       
          entryPoints.web.address = ":80";


     

       
56

       
 

       



     

       
57

       
 

       
          providers.docker.exposedByDefault = false;


     

       
58

       
 

       
        };


     

       

       

       
     

       

       

       
     

       

       

       
     

       
59

       
 

       
      };


     

       
60

       
 

       



     

       
61

       
 

       
      systemd.services.simplehttp = {


     
···

       
52

       
 

       
            sendAnonymousUsage = false;


     

       
53

       
 

       
          };


     

       
54

       
 

       



     

       
55

       
+

       
          entryPoints.web.address = ":\${HTTP_PORT}";


     

       
56

       
 

       



     

       
57

       
 

       
          providers.docker.exposedByDefault = false;


     

       
58

       
 

       
        };


     

       
59

       
+

       
        environmentFiles = [(pkgs.writeText "traefik.env" ''


     

       
60

       
+

       
          HTTP_PORT=80


     

       
61

       
+

       
        '')];


     

       
62

       
 

       
      };


     

       
63

       
 

       



     

       
64

       
 

       
      systemd.services.simplehttp = {