colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/traefik: add environmentFiles option

Browse Source
This commit is contained in:
Sophie Tauchert 2023-03-05 00:12:06 +01:00
parent 67faa3e9b3
commit d568766fc7
No known key found for this signature in database
GPG Key ID: 52701DE5F5F51125
2 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
nixos/modules/services/web-servers/traefik.nix
View File

@ -48,6 +48,11 @@ let
'' ''
else else
cfg.staticConfigFile; cfg.staticConfigFile;
finalStaticConfigFile =
if cfg.environmentFiles == []
then staticConfigFile
else "/run/traefik/config.toml";
in { in {
options.services.traefik = { options.services.traefik = {
enable = mkEnableOption (lib.mdDoc "Traefik web server"); enable = mkEnableOption (lib.mdDoc "Traefik web server");
@ -127,6 +132,16 @@ in {
type = types.package; type = types.package;
description = lib.mdDoc "Traefik package to use."; description = lib.mdDoc "Traefik package to use.";
}; };
environmentFiles = mkOption {
default = [];
type = types.listOf types.path;
example = [ "/run/secrets/traefik.env" ];
description = lib.mdDoc ''
Files to load as environment file. Environment variables from this file
will be substituted into the static configuration file using envsubst.
'';
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -139,8 +154,13 @@ in {
startLimitIntervalSec = 86400; startLimitIntervalSec = 86400;
startLimitBurst = 5; startLimitBurst = 5;
serviceConfig = { serviceConfig = {
ExecStart = EnvironmentFile = cfg.environmentFiles;
"${cfg.package}/bin/traefik --configfile=${staticConfigFile}"; ExecStartPre = lib.optional (cfg.environmentFiles != [])
(pkgs.writeShellScript "pre-start" ''
umask 077
${pkgs.envsubst}/bin/envsubst -i "${staticConfigFile}" > "${finalStaticConfigFile}"
'');
ExecStart = "${cfg.package}/bin/traefik --configfile=${finalStaticConfigFile}";
Type = "simple"; Type = "simple";
User = "traefik"; User = "traefik";
Group = cfg.group; Group = cfg.group;
@ -155,6 +175,7 @@ in {
ProtectHome = true; ProtectHome = true;
ProtectSystem = "full"; ProtectSystem = "full";
ReadWriteDirectories = cfg.dataDir; ReadWriteDirectories = cfg.dataDir;
RuntimeDirectory = "traefik";
}; };
}; };

5
nixos/tests/traefik.nix
View File

@ -52,10 +52,13 @@ import ./make-test-python.nix ({ pkgs, ... }: {
sendAnonymousUsage = false; sendAnonymousUsage = false;
}; };
entryPoints.web.address = ":80"; entryPoints.web.address = ":\${HTTP_PORT}";
providers.docker.exposedByDefault = false; providers.docker.exposedByDefault = false;
}; };
environmentFiles = [(pkgs.writeText "traefik.env" ''
HTTP_PORT=80
'')];
}; };
systemd.services.simplehttp = { systemd.services.simplehttp = {