mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-06-10 11:45:45 +03:00
374e6bcc40
Format all Nix files using the officially approved formatter,
making the CI check introduced in the previous commit succeed:
nix-build ci -A fmt.check
This is the next step of the of the [implementation](https://github.com/NixOS/nixfmt/issues/153)
of the accepted [RFC 166](https://github.com/NixOS/rfcs/pull/166).
This commit will lead to merge conflicts for a number of PRs,
up to an estimated ~1100 (~33%) among the PRs with activity in the past 2
months, but that should be lower than what it would be without the previous
[partial treewide format](https://github.com/NixOS/nixpkgs/pull/322537).
Merge conflicts caused by this commit can now automatically be resolved while rebasing using the
[auto-rebase script](8616af08d9/maintainers/scripts/auto-rebase).
If you run into any problems regarding any of this, please reach out to the
[formatting team](https://nixos.org/community/teams/formatting/) by
pinging @NixOS/nix-formatting.
167 lines
4.4 KiB
Nix
167 lines
4.4 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.services.traefik;
|
|
|
|
format = pkgs.formats.toml { };
|
|
|
|
dynamicConfigFile =
|
|
if cfg.dynamicConfigFile == null then
|
|
format.generate "config.toml" cfg.dynamicConfigOptions
|
|
else
|
|
cfg.dynamicConfigFile;
|
|
|
|
staticConfigFile =
|
|
if cfg.staticConfigFile == null then
|
|
format.generate "config.toml" (
|
|
recursiveUpdate cfg.staticConfigOptions {
|
|
providers.file.filename = "${dynamicConfigFile}";
|
|
}
|
|
)
|
|
else
|
|
cfg.staticConfigFile;
|
|
|
|
finalStaticConfigFile =
|
|
if cfg.environmentFiles == [ ] then staticConfigFile else "/run/traefik/config.toml";
|
|
in
|
|
{
|
|
options.services.traefik = {
|
|
enable = mkEnableOption "Traefik web server";
|
|
|
|
staticConfigFile = mkOption {
|
|
default = null;
|
|
example = literalExpression "/path/to/static_config.toml";
|
|
type = types.nullOr types.path;
|
|
description = ''
|
|
Path to traefik's static configuration to use.
|
|
(Using that option has precedence over `staticConfigOptions` and `dynamicConfigOptions`)
|
|
'';
|
|
};
|
|
|
|
staticConfigOptions = mkOption {
|
|
description = ''
|
|
Static configuration for Traefik.
|
|
'';
|
|
type = format.type;
|
|
default = {
|
|
entryPoints.http.address = ":80";
|
|
};
|
|
example = {
|
|
entryPoints.web.address = ":8080";
|
|
entryPoints.http.address = ":80";
|
|
|
|
api = { };
|
|
};
|
|
};
|
|
|
|
dynamicConfigFile = mkOption {
|
|
default = null;
|
|
example = literalExpression "/path/to/dynamic_config.toml";
|
|
type = types.nullOr types.path;
|
|
description = ''
|
|
Path to traefik's dynamic configuration to use.
|
|
(Using that option has precedence over `dynamicConfigOptions`)
|
|
'';
|
|
};
|
|
|
|
dynamicConfigOptions = mkOption {
|
|
description = ''
|
|
Dynamic configuration for Traefik.
|
|
'';
|
|
type = format.type;
|
|
default = { };
|
|
example = {
|
|
http.routers.router1 = {
|
|
rule = "Host(`localhost`)";
|
|
service = "service1";
|
|
};
|
|
|
|
http.services.service1.loadBalancer.servers = [ { url = "http://localhost:8080"; } ];
|
|
};
|
|
};
|
|
|
|
dataDir = mkOption {
|
|
default = "/var/lib/traefik";
|
|
type = types.path;
|
|
description = ''
|
|
Location for any persistent data traefik creates, ie. acme
|
|
'';
|
|
};
|
|
|
|
group = mkOption {
|
|
default = "traefik";
|
|
type = types.str;
|
|
example = "docker";
|
|
description = ''
|
|
Set the group that traefik runs under.
|
|
For the docker backend this needs to be set to `docker` instead.
|
|
'';
|
|
};
|
|
|
|
package = mkPackageOption pkgs "traefik" { };
|
|
|
|
environmentFiles = mkOption {
|
|
default = [ ];
|
|
type = types.listOf types.path;
|
|
example = [ "/run/secrets/traefik.env" ];
|
|
description = ''
|
|
Files to load as environment file. Environment variables from this file
|
|
will be substituted into the static configuration file using envsubst.
|
|
'';
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
systemd.tmpfiles.rules = [ "d '${cfg.dataDir}' 0700 traefik traefik - -" ];
|
|
|
|
systemd.services.traefik = {
|
|
description = "Traefik web server";
|
|
wants = [ "network-online.target" ];
|
|
after = [ "network-online.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
startLimitIntervalSec = 86400;
|
|
startLimitBurst = 5;
|
|
serviceConfig = {
|
|
EnvironmentFile = cfg.environmentFiles;
|
|
ExecStartPre = lib.optional (cfg.environmentFiles != [ ]) (
|
|
pkgs.writeShellScript "pre-start" ''
|
|
umask 077
|
|
${pkgs.envsubst}/bin/envsubst -i "${staticConfigFile}" > "${finalStaticConfigFile}"
|
|
''
|
|
);
|
|
ExecStart = "${cfg.package}/bin/traefik --configfile=${finalStaticConfigFile}";
|
|
Type = "simple";
|
|
User = "traefik";
|
|
Group = cfg.group;
|
|
Restart = "on-failure";
|
|
AmbientCapabilities = "cap_net_bind_service";
|
|
CapabilityBoundingSet = "cap_net_bind_service";
|
|
NoNewPrivileges = true;
|
|
LimitNPROC = 64;
|
|
LimitNOFILE = 1048576;
|
|
PrivateTmp = true;
|
|
PrivateDevices = true;
|
|
ProtectHome = true;
|
|
ProtectSystem = "full";
|
|
ReadWritePaths = [ cfg.dataDir ];
|
|
RuntimeDirectory = "traefik";
|
|
};
|
|
};
|
|
|
|
users.users.traefik = {
|
|
group = "traefik";
|
|
home = cfg.dataDir;
|
|
createHome = true;
|
|
isSystemUser = true;
|
|
};
|
|
|
|
users.groups.traefik = { };
|
|
};
|
|
}
|