diff options
| author | Hamish Hutchings <moredhel@aoeu.me> | 2017-09-27 17:30:49 +0100 |
|---|---|---|
| committer | Joerg Thalheim <joerg@thalheim.io> | 2017-10-04 11:26:39 +0100 |
| commit | 2e5297217de007beb8444092e03cca97bf06e4ef (patch) | |
| tree | 90e7f68e9598759fbfb47bc0f4db162f38f5849c /nixos | |
| parent | aebdc892d6aa6834a083fb8b56c43578712b0dab (diff) | |
| download | nixlib-2e5297217de007beb8444092e03cca97bf06e4ef.tar nixlib-2e5297217de007beb8444092e03cca97bf06e4ef.tar.gz nixlib-2e5297217de007beb8444092e03cca97bf06e4ef.tar.bz2 nixlib-2e5297217de007beb8444092e03cca97bf06e4ef.tar.lz nixlib-2e5297217de007beb8444092e03cca97bf06e4ef.tar.xz nixlib-2e5297217de007beb8444092e03cca97bf06e4ef.tar.zst nixlib-2e5297217de007beb8444092e03cca97bf06e4ef.zip | |
nixos/traefik create service
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/web-servers/traefik.nix | 113 |
2 files changed, 114 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index e849e634fc96..56d239316aa3 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -621,6 +621,7 @@ ./services/web-servers/phpfpm/default.nix ./services/web-servers/shellinabox.nix ./services/web-servers/tomcat.nix + ./services/web-servers/traefik.nix ./services/web-servers/uwsgi.nix ./services/web-servers/varnish/default.nix ./services/web-servers/winstone.nix diff --git a/nixos/modules/services/web-servers/traefik.nix b/nixos/modules/services/web-servers/traefik.nix new file mode 100644 index 000000000000..560f0b2a6f15 --- /dev/null +++ b/nixos/modules/services/web-servers/traefik.nix @@ -0,0 +1,113 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.traefik; +configFile = + if (cfg.configFile == null) then + (pkgs.runCommand "config.toml" { + buildInputs = [ pkgs.remarshal ]; + } '' + remarshal -if json -of toml \ + < ${pkgs.writeText "config.json" (builtins.toJSON cfg.configOptions)} \ + > $out + '') + else + cfg.configFile; + +in { + options.services.traefik = { + enable = mkEnableOption "Traefik web server"; + + configFile = mkOption { + default = null; + example = /path/to/config.toml; + type = types.nullOr types.path; + description = "Verbatim traefik.toml to use"; + }; + configOptions = mkOption { + description = '' + Config for Traefik. + ''; + type = types.attrs; + example = { + defaultEntrypoints = [ "http" ]; + web = { + address = ":8080"; + }; + entryPoints = { + http = { + address = ":80"; + }; + }; + file = {}; + frontends = { + frontend1 = { + backend = "backend1"; + routes.test_1 = { + rule = "Host:localhost"; + }; + }; + }; + backends = { + backend1 = { + servers.server1 = { + url = "http://localhost:8000"; + }; + }; + }; + }; + }; + + dataDir = mkOption { + default = "/var/lib/traefik"; + type = types.path; + description = '' + Location for any persistent data traefik creates, ie. acme + ''; + }; + + package = mkOption { + default = pkgs.traefik; + defaultText = "pkgs.traefik"; + type = types.package; + description = "Traefik package to use."; + }; + }; + + config = mkIf cfg.enable { + systemd.services.traefik = { + description = "Traefik web server"; + after = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = ''${cfg.package.bin}/bin/traefik --configfile=${configFile}''; + Type = "simple"; + User = "traefik"; + Group = "traefik"; + Restart = "on-failure"; + StartLimitInterval = 86400; + StartLimitBurst = 5; + AmbientCapabilities = "cap_net_bind_service"; + CapabilityBoundingSet = "cap_net_bind_service"; + NoNewPrivileges = true; + LimitNPROC = 64; + LimitNOFILE = 1048576; + PrivateTmp = true; + PrivateDevices = true; + ProtectHome = true; + ProtectSystem = "full"; + ReadWriteDirectories = cfg.dataDir; + }; + }; + + users.extraUsers.traefik = { + group = "traefik"; + home = cfg.dataDir; + createHome = true; + }; + + users.extraGroups.traefik = {}; + }; +} |