diff options
author | Sandro <sandro.jaeckel@gmail.com> | 2023-06-05 00:36:43 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-06-05 00:36:43 +0200 |
commit | 793dd345071e509edd024d8a577ecfa393223e13 (patch) | |
tree | 4104f0fd3ec306a86b2ae1988b3f5b1e0c15bb28 /nixos/modules/services | |
parent | a96eb6a349a2978438cd365987c5af57751c1edb (diff) | |
parent | d568766fc7512947dbb3576eda5e8e69b4d8547e (diff) | |
download | nixlib-793dd345071e509edd024d8a577ecfa393223e13.tar nixlib-793dd345071e509edd024d8a577ecfa393223e13.tar.gz nixlib-793dd345071e509edd024d8a577ecfa393223e13.tar.bz2 nixlib-793dd345071e509edd024d8a577ecfa393223e13.tar.lz nixlib-793dd345071e509edd024d8a577ecfa393223e13.tar.xz nixlib-793dd345071e509edd024d8a577ecfa393223e13.tar.zst nixlib-793dd345071e509edd024d8a577ecfa393223e13.zip |
Merge pull request #219602 from 999eagle/traefik-envsubst
nixos/traefik: add environmentFiles option
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/web-servers/traefik.nix | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/nixos/modules/services/web-servers/traefik.nix b/nixos/modules/services/web-servers/traefik.nix index 9e5603e0edc3..42fb95a52200 100644 --- a/nixos/modules/services/web-servers/traefik.nix +++ b/nixos/modules/services/web-servers/traefik.nix @@ -48,6 +48,11 @@ let '' else cfg.staticConfigFile; + + finalStaticConfigFile = + if cfg.environmentFiles == [] + then staticConfigFile + else "/run/traefik/config.toml"; in { options.services.traefik = { enable = mkEnableOption (lib.mdDoc "Traefik web server"); @@ -127,6 +132,16 @@ in { type = types.package; description = lib.mdDoc "Traefik package to use."; }; + + environmentFiles = mkOption { + default = []; + type = types.listOf types.path; + example = [ "/run/secrets/traefik.env" ]; + description = lib.mdDoc '' + Files to load as environment file. Environment variables from this file + will be substituted into the static configuration file using envsubst. + ''; + }; }; config = mkIf cfg.enable { @@ -139,8 +154,13 @@ in { startLimitIntervalSec = 86400; startLimitBurst = 5; serviceConfig = { - ExecStart = - "${cfg.package}/bin/traefik --configfile=${staticConfigFile}"; + EnvironmentFile = cfg.environmentFiles; + ExecStartPre = lib.optional (cfg.environmentFiles != []) + (pkgs.writeShellScript "pre-start" '' + umask 077 + ${pkgs.envsubst}/bin/envsubst -i "${staticConfigFile}" > "${finalStaticConfigFile}" + ''); + ExecStart = "${cfg.package}/bin/traefik --configfile=${finalStaticConfigFile}"; Type = "simple"; User = "traefik"; Group = cfg.group; @@ -155,6 +175,7 @@ in { ProtectHome = true; ProtectSystem = "full"; ReadWriteDirectories = cfg.dataDir; + RuntimeDirectory = "traefik"; }; }; |