diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/web-servers/traefik.nix')
| -rw-r--r-- | nixpkgs/nixos/modules/services/web-servers/traefik.nix | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/nixpkgs/nixos/modules/services/web-servers/traefik.nix b/nixpkgs/nixos/modules/services/web-servers/traefik.nix index abef963201e5..42fb95a52200 100644 --- a/nixpkgs/nixos/modules/services/web-servers/traefik.nix +++ b/nixpkgs/nixos/modules/services/web-servers/traefik.nix @@ -48,9 +48,14 @@ let '' else cfg.staticConfigFile; + + finalStaticConfigFile = + if cfg.environmentFiles == [] + then staticConfigFile + else "/run/traefik/config.toml"; in { options.services.traefik = { - enable = mkEnableOption "Traefik web server"; + enable = mkEnableOption (lib.mdDoc "Traefik web server"); staticConfigFile = mkOption { default = null; @@ -127,6 +132,16 @@ in { type = types.package; description = lib.mdDoc "Traefik package to use."; }; + + environmentFiles = mkOption { + default = []; + type = types.listOf types.path; + example = [ "/run/secrets/traefik.env" ]; + description = lib.mdDoc '' + Files to load as environment file. Environment variables from this file + will be substituted into the static configuration file using envsubst. + ''; + }; }; config = mkIf cfg.enable { @@ -139,8 +154,13 @@ in { startLimitIntervalSec = 86400; startLimitBurst = 5; serviceConfig = { - ExecStart = - "${cfg.package}/bin/traefik --configfile=${staticConfigFile}"; + EnvironmentFile = cfg.environmentFiles; + ExecStartPre = lib.optional (cfg.environmentFiles != []) + (pkgs.writeShellScript "pre-start" '' + umask 077 + ${pkgs.envsubst}/bin/envsubst -i "${staticConfigFile}" > "${finalStaticConfigFile}" + ''); + ExecStart = "${cfg.package}/bin/traefik --configfile=${finalStaticConfigFile}"; Type = "simple"; User = "traefik"; Group = cfg.group; @@ -155,6 +175,7 @@ in { ProtectHome = true; ProtectSystem = "full"; ReadWriteDirectories = cfg.dataDir; + RuntimeDirectory = "traefik"; }; }; |