commit 793dd345071e509edd024d8a577ecfa393223e13

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #219602 from 999eagle/traefik-envsubst

nixos/traefik: add environmentFiles option

authored by

Sandro and committed by

GitHub 2 years ago 793dd345 a96eb6a3

+27 -3

2 changed files

expand all

unified split

nixos

modules

services

web-servers

traefik.nix

tests

traefik.nix

+23 -2

nixos/modules/services/web-servers/traefik.nix

··· 48 48 '' 49 49 else 50 50 cfg.staticConfigFile; 51 + 52 + finalStaticConfigFile = 53 + if cfg.environmentFiles == [] 54 + then staticConfigFile 55 + else "/run/traefik/config.toml"; 51 56 in { 52 57 options.services.traefik = { 53 58 enable = mkEnableOption (lib.mdDoc "Traefik web server"); ··· 127 132 type = types.package; 128 133 description = lib.mdDoc "Traefik package to use."; 129 134 }; 135 + 136 + environmentFiles = mkOption { 137 + default = []; 138 + type = types.listOf types.path; 139 + example = [ "/run/secrets/traefik.env" ]; 140 + description = lib.mdDoc '' 141 + Files to load as environment file. Environment variables from this file 142 + will be substituted into the static configuration file using envsubst. 143 + ''; 144 + }; 130 145 }; 131 146 132 147 config = mkIf cfg.enable { ··· 139 154 startLimitIntervalSec = 86400; 140 155 startLimitBurst = 5; 141 156 serviceConfig = { 142 - ExecStart = 143 - "${cfg.package}/bin/traefik --configfile=${staticConfigFile}"; 157 + EnvironmentFile = cfg.environmentFiles; 158 + ExecStartPre = lib.optional (cfg.environmentFiles != []) 159 + (pkgs.writeShellScript "pre-start" '' 160 + umask 077 161 + ${pkgs.envsubst}/bin/envsubst -i "${staticConfigFile}" > "${finalStaticConfigFile}" 162 + ''); 163 + ExecStart = "${cfg.package}/bin/traefik --configfile=${finalStaticConfigFile}"; 144 164 Type = "simple"; 145 165 User = "traefik"; 146 166 Group = cfg.group; ··· 155 175 ProtectHome = true; 156 176 ProtectSystem = "full"; 157 177 ReadWriteDirectories = cfg.dataDir; 178 + RuntimeDirectory = "traefik"; 158 179 }; 159 180 }; 160 181

+4 -1

nixos/tests/traefik.nix

··· 52 52 sendAnonymousUsage = false; 53 53 }; 54 54 55 - entryPoints.web.address = ":80"; 55 + entryPoints.web.address = ":\${HTTP_PORT}"; 56 56 57 57 providers.docker.exposedByDefault = false; 58 58 }; 59 + environmentFiles = [(pkgs.writeText "traefik.env" '' 60 + HTTP_PORT=80 61 + '')]; 59 62 }; 60 63 61 64 systemd.services.simplehttp = {