nixos/traefik: create /var/lib/traefik with correct permissions
This commit is contained in:
Joerg Thalheim
parent
2e5297217d
commit
3468c9e5cc
@ -4,17 +4,16 @@ with lib;
|
|||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.traefik;
|
cfg = config.services.traefik;
|
||||||
configFile =
|
configFile =
|
||||||
if (cfg.configFile == null) then
|
if cfg.configFile == null then
|
||||||
(pkgs.runCommand "config.toml" {
|
pkgs.runCommand "config.toml" {
|
||||||
buildInputs = [ pkgs.remarshal ];
|
buildInputs = [ pkgs.remarshal ];
|
||||||
} ''
|
} ''
|
||||||
remarshal -if json -of toml \
|
remarshal -if json -of toml \
|
||||||
< ${pkgs.writeText "config.json" (builtins.toJSON cfg.configOptions)} \
|
< ${pkgs.writeText "config.json" (builtins.toJSON cfg.configOptions)} \
|
||||||
> $out
|
> $out
|
||||||
'')
|
''
|
||||||
else
|
else cfg.configFile;
|
||||||
cfg.configFile;
|
|
||||||
|
|
||||||
in {
|
in {
|
||||||
options.services.traefik = {
|
options.services.traefik = {
|
||||||
@ -24,38 +23,35 @@ in {
|
|||||||
default = null;
|
default = null;
|
||||||
example = /path/to/config.toml;
|
example = /path/to/config.toml;
|
||||||
type = types.nullOr types.path;
|
type = types.nullOr types.path;
|
||||||
description = "Verbatim traefik.toml to use";
|
description = ''
|
||||||
|
Path to verbatim traefik.toml to use.
|
||||||
|
(Using that option has precedence over <literal>configOptions</literal>)
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
configOptions = mkOption {
|
configOptions = mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
Config for Traefik.
|
Config for Traefik.
|
||||||
'';
|
'';
|
||||||
type = types.attrs;
|
type = types.attrs;
|
||||||
|
default = {
|
||||||
|
defaultEntryPoints = ["http"];
|
||||||
|
entryPoints.http.address = ":80";
|
||||||
|
};
|
||||||
example = {
|
example = {
|
||||||
defaultEntrypoints = [ "http" ];
|
defaultEntrypoints = [ "http" ];
|
||||||
web = {
|
web.address = ":8080";
|
||||||
address = ":8080";
|
entryPoints.http.address = ":80";
|
||||||
};
|
|
||||||
entryPoints = {
|
|
||||||
http = {
|
|
||||||
address = ":80";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
file = {};
|
file = {};
|
||||||
frontends = {
|
frontends = {
|
||||||
frontend1 = {
|
frontend1 = {
|
||||||
backend = "backend1";
|
backend = "backend1";
|
||||||
routes.test_1 = {
|
routes.test_1.rule = "Host:localhost";
|
||||||
rule = "Host:localhost";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
backends = {
|
backends.backend1 = {
|
||||||
backend1 = {
|
servers.server1.url = "http://localhost:8000";
|
||||||
servers.server1 = {
|
|
||||||
url = "http://localhost:8000";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -82,7 +78,12 @@ in {
|
|||||||
after = [ "network-online.target" ];
|
after = [ "network-online.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
PermissionsStartOnly = true;
|
||||||
ExecStart = ''${cfg.package.bin}/bin/traefik --configfile=${configFile}'';
|
ExecStart = ''${cfg.package.bin}/bin/traefik --configfile=${configFile}'';
|
||||||
|
ExecStartPre = [
|
||||||
|
''${pkgs.coreutils}/bin/mkdir -p "${cfg.dataDir}"''
|
||||||
|
''${pkgs.coreutils}/bin/install -d -m700 --owner traefik --group traefik "${cfg.dataDir}"''
|
||||||
|
];
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
User = "traefik";
|
User = "traefik";
|
||||||
Group = "traefik";
|
Group = "traefik";
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user