{ config, lib, pkgs, ... }: { options.sysconfig.docker.traefik.enable = with lib; mkOption { type = with types; bool; default = false; }; config = lib.mkIf (config.sysconfig.docker.traefik.enable && config.sysconfig.docker.enable) { sops.secrets = { "traefik/cf_email" = {}; "traefik/cf_api_key" = {}; }; sops.templates."traefik.env" = { content = '' CF_API_EMAIL=${config.sops.placeholder."traefik/cf_email"} CF_DNS_API_TOKEN=${config.sops.placeholder."traefik/cf_api_key"} ''; }; virtualisation.oci-containers.containers.traefik = { image = "traefik:3.6"; environment = { }; environmentFiles = [ config.sops.templates."traefik.env".path ]; volumes = [ "vol_traefik:/etc/traefik/data" "/run/docker.sock:/var/run/docker.sock" ]; networks = [ "docker-main" ]; log-driver = "journald"; }; systemd.services."docker-traefik" = { serviceConfig = { Restart = lib.mkOverride 90 "always"; RestartMaxDelaySec = lib.mkOverride 90 "1m"; RestartSec = lib.mkOverride 90 "100ms"; RestartSteps = lib.mkOverride 90 9; }; after = [ "docker-network-authentik_default.service" "docker-volume-vol_traefik.service" ]; requires = [ "docker-network-authentik_default.service" "docker-volume-vol_traefik.service" ]; partOf = [ "docker-compose-traefik-root.target" ]; wantedBy = [ "docker-compose-traefik-root.target" ]; }; # Volumes systemd.services."docker-volume-vol_traefik" = { path = [ pkgs.docker ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; }; script = '' docker volume inspect vol_traefik || docker volume create vol_traefik --driver=btrfs ''; partOf = [ "docker-compose-traefik-root.target" ]; wantedBy = [ "docker-compose-traefik-root.target" ]; }; # Root service # When started, this will automatically create all resources and start # the containers. When stopped, this will teardown all resources. systemd.targets."docker-compose-traefik-root" = { wantedBy = [ "multi-user.target" ]; }; }; }