Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3a47aa53d0212934ece39b50ca2bc2913d4875d9
Olympus/system/virtualization/docker/traefik/default.nix
Nathan 3a47aa53d0 dockerfy traefik
2026-01-31 11:09:13 -06:00

102 lines
3.2 KiB
Nix
Raw Blame History

{ config, lib, ... }: {
options.sysconfig.docker.traefik.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
config = lib.mkIf (config.sysconfig.docker.traefik.enable && config.sysconfig.docker.enable) {
networking.firewall.allowedTCPPorts = [ 80 443 ];
sops.secrets = {
"traefik/cf_email" = {};
"traefik/cf_api_key" = {};
};
sops.templates."traefik.env" = {
content = ''
CF_API_EMAIL=${config.sops.placeholder."traefik/cf_email"}
CF_DNS_API_TOKEN=${config.sops.placeholder."traefik/cf_api_key"}
'';
};
environment.etc = (builtins.listToAttrs (builtins.map (x: {
name = "traefik/${x}";
value = {
source = ./config/${x};
mode = "0664";
};
}) (builtins.attrNames (builtins.readDir ./config))));
/*environment.etc."traefik/traefik.yml" = {
source = ./config/traefik.yml;
};
environment.etc."traefik/routing.yml" = {
source = ./config/routing.yml;
};*/
virtualisation.oci-containers.containers.traefik = {
image = "traefik:v3.6";
environment = {
TRAEFIK_CERTIFICATESRESOLVERS_CLOUDFLARE_ACME_EMAIL = "\${CF_API_EMAIL}";
};
environmentFiles = [ config.sops.templates."traefik.env".path ];
volumes = [
"/etc/traefik/:/etc/traefik/"
"/run/docker.sock:/var/run/docker.sock"
];
networks = [
"docker-main"
];
ports = [
"80:81"
"443:444"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.dashboard.rule" = "Host(`traefik.esotericbytes.com`)";
"traefik.http.routers.dashboard.entrypoints" = "localsecure";
"traefik.http.routers.dashboard.service" = "api@internal";
"traefik.http.routers.dashboard.tls.certResolver" = "cloudflare";
};
log-driver = "journald";
};
systemd.services."docker-traefik" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
];
requires = [
"docker-network-setup.service"
];
partOf = [
"docker-compose-traefik-root.target"
];
wantedBy = [
"docker-compose-traefik-root.target"
];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-traefik-root" = {
wantedBy = [ "multi-user.target" ];
};
};
}
Reference in New Issue View Git Blame Copy Permalink