nixos/traefik create service #29865
nixos/traefik create service #29865
Conversation
|
You might want to look at https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix#L7-L17 to generate TOML from NixOS options. |
| after = [ "network-online.target" ]; | ||
| wantedBy = [ "multi-user.target" ]; | ||
| serviceConfig = { | ||
| ExecStart = ''${cfg.package.bin}/bin/traefik -l debug --configfile=${configFile}''; |
There was a problem hiding this comment.
Is debug a good default for logging?
There was a problem hiding this comment.
Ah sorry, I forgot to remove that. I had it there while debugging.
|
|
||
| config = mkOption { | ||
| default = ""; | ||
| example = '' |
There was a problem hiding this comment.
I agree with @globin that the using remarshal to convert nix to toml would be an a nice enhancement here.
moredhel
force-pushed
the
traefik-module
branch
from
fcfec20
to
411cb09
Compare
moredhel
force-pushed
the
traefik-module
branch
from
411cb09
to
8b74f42
Compare
| options.services.traefik = { | ||
| enable = mkEnableOption "Traefik web server"; | ||
|
|
||
| configFile = mkOption { |
There was a problem hiding this comment.
What is your use case for this option?
There was a problem hiding this comment.
I had forgotten to update the example to accurately portray the expected type: https://github.com/NixOS/nixpkgs/pull/29865/files#diff-beb91534bbf628b6e0727a0bb7d14c4aR25
There was a problem hiding this comment.
I mean in which case it is necessary to specify a toml path directly rather then using the configOptions?
There was a problem hiding this comment.
I would like to have it if I am doing an incremental change over to nixos from my current orchestration system for configuration files.
The other issue is secrets, which one may want to store in a separate store. This can be worked around for sure, but this gives people an alternative, less invasive route to initially integrating Traefik.
Are there any specific reasons why you think we shouldn't have this option?
Reasons that come to mind:
- complexity
- against the ethos of NixOs
- allowing bad habits & configuration drift
For:
- already complex setups with templates & config-file generation.
- lower barrier for entry to users wanting to keep using traefik as-is with minimal overhead.
These issues aren't unsolvable, in fact nix is very good at solving them.
I'm happy to remove it if you think it won't find any use.
There was a problem hiding this comment.
I just want keep the API we expose simple as we have to deal every option stable in future to not break configuration. But secrets is a good point for storing the configuration outside of nix store: https://docs.traefik.io/configuration/backends/web/#basic-authentication
There was a problem hiding this comment.
What do you think then? We can keep it in pending #8 and deprecate it when secrets are properly managed within Nix
There was a problem hiding this comment.
Sorry, #24288. Wrong link
|
It seems that paths are validated. What path should I use as an example? |
|
There is a function called |
|
closed by accident. |
|
I have stripped out the file option for configuring Traefik. How does it look? |
| ExecStartPre = [ | ||
| ''${pkgs.coreutils}/bin/mkdir -p "${cfg.dataDir}"'' | ||
| ''${pkgs.coreutils}/bin/install -d -m700 --owner traefik --group traefik "${cfg.dataDir}"'' | ||
| ]; |
There was a problem hiding this comment.
I added this to make acme work by default.
| configOptions = mkOption { | ||
| description = '' | ||
| Config for Traefik. | ||
| ''; | ||
| type = types.attrs; | ||
| default = { | ||
| defaultEntryPoints = ["http"]; | ||
| entryPoints.http.address = ":80"; |
There was a problem hiding this comment.
Also this configuration does nothing it is good to have a nice to have a running example by default (Even if it just for testing new versions of traefik).
|
I restored the |
|
Thanks for your work on this module! |
|
followup: a320034 |
|
Thanks @Mic92, helpful and constructive feedback as always 😄 |
Motivation for this change
Things done
build-use-sandboxinnix.confon non-NixOS)nix-shell -p nox --run "nox-review wip"./result/bin/)