commit 793dd345071e509edd024d8a577ecfa393223e13

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #219602 from 999eagle/traefik-envsubst

nixos/traefik: add environmentFiles option

authored by

Sandro and committed by

GitHub 2 years ago 793dd345 a96eb6a3

+27 -3

2 changed files

expand all

unified split

nixos

modules

services

web-servers

traefik.nix

tests

traefik.nix

+23 -2

nixos/modules/services/web-servers/traefik.nix

··· 48 '' 49 else 50 cfg.staticConfigFile; 51 in { 52 options.services.traefik = { 53 enable = mkEnableOption (lib.mdDoc "Traefik web server"); ··· 127 type = types.package; 128 description = lib.mdDoc "Traefik package to use."; 129 }; 130 }; 131 132 config = mkIf cfg.enable { ··· 139 startLimitIntervalSec = 86400; 140 startLimitBurst = 5; 141 serviceConfig = { 142 - ExecStart = 143 - "${cfg.package}/bin/traefik --configfile=${staticConfigFile}"; 144 Type = "simple"; 145 User = "traefik"; 146 Group = cfg.group; ··· 155 ProtectHome = true; 156 ProtectSystem = "full"; 157 ReadWriteDirectories = cfg.dataDir; 158 }; 159 }; 160

··· 48 '' 49 else 50 cfg.staticConfigFile; 51 + 52 + finalStaticConfigFile = 53 + if cfg.environmentFiles == [] 54 + then staticConfigFile 55 + else "/run/traefik/config.toml"; 56 in { 57 options.services.traefik = { 58 enable = mkEnableOption (lib.mdDoc "Traefik web server"); ··· 132 type = types.package; 133 description = lib.mdDoc "Traefik package to use."; 134 }; 135 + 136 + environmentFiles = mkOption { 137 + default = []; 138 + type = types.listOf types.path; 139 + example = [ "/run/secrets/traefik.env" ]; 140 + description = lib.mdDoc '' 141 + Files to load as environment file. Environment variables from this file 142 + will be substituted into the static configuration file using envsubst. 143 + ''; 144 + }; 145 }; 146 147 config = mkIf cfg.enable { ··· 154 startLimitIntervalSec = 86400; 155 startLimitBurst = 5; 156 serviceConfig = { 157 + EnvironmentFile = cfg.environmentFiles; 158 + ExecStartPre = lib.optional (cfg.environmentFiles != []) 159 + (pkgs.writeShellScript "pre-start" '' 160 + umask 077 161 + ${pkgs.envsubst}/bin/envsubst -i "${staticConfigFile}" > "${finalStaticConfigFile}" 162 + ''); 163 + ExecStart = "${cfg.package}/bin/traefik --configfile=${finalStaticConfigFile}"; 164 Type = "simple"; 165 User = "traefik"; 166 Group = cfg.group; ··· 175 ProtectHome = true; 176 ProtectSystem = "full"; 177 ReadWriteDirectories = cfg.dataDir; 178 + RuntimeDirectory = "traefik"; 179 }; 180 }; 181

+4 -1

nixos/tests/traefik.nix

··· 52 sendAnonymousUsage = false; 53 }; 54 55 - entryPoints.web.address = ":80"; 56 57 providers.docker.exposedByDefault = false; 58 }; 59 }; 60 61 systemd.services.simplehttp = {

··· 52 sendAnonymousUsage = false; 53 }; 54 55 + entryPoints.web.address = ":\${HTTP_PORT}"; 56 57 providers.docker.exposedByDefault = false; 58 }; 59 + environmentFiles = [(pkgs.writeText "traefik.env" '' 60 + HTTP_PORT=80 61 + '')]; 62 }; 63 64 systemd.services.simplehttp = {