nixos/traefik create service

[moredhel]

Motivation for this change

Things done

• Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
• Built on platform(s)
  • NixOS
  • macOS
  • Linux
• Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
• Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
• Tested execution of all binary files (usually in ./result/bin/)
• Fits CONTRIBUTING.md.

---

[globin]

You might want to look at https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix#L7-L17 to generate TOML from NixOS options.

[Mic92]

Is debug a good default for logging?

[moredhel]

Ah sorry, I forgot to remove that. I had it there while debugging.

[Mic92]

I agree with @globin that the using remarshal to convert nix to toml would be an a nice enhancement here.

[moredhel]

Thank you @globin & @Mic92 for the constructive feedback. I've changed the configuration to use remarshal allowing for considerably easier configuration.

[Mic92]

What is your use case for this option?

[moredhel]

I had forgotten to update the example to accurately portray the expected type: https://github.com/NixOS/nixpkgs/pull/29865/files#diff-beb91534bbf628b6e0727a0bb7d14c4aR25

[Mic92]

I mean in which case it is necessary to specify a toml path directly rather then using the configOptions?

[moredhel]

I would like to have it if I am doing an incremental change over to nixos from my current orchestration system for configuration files.

The other issue is secrets, which one may want to store in a separate store. This can be worked around for sure, but this gives people an alternative, less invasive route to initially integrating Traefik.

Are there any specific reasons why you think we shouldn't have this option?
Reasons that come to mind:

• complexity
• against the ethos of NixOs
• allowing bad habits & configuration drift

For:

• already complex setups with templates & config-file generation.
• lower barrier for entry to users wanting to keep using traefik as-is with minimal overhead.

These issues aren't unsolvable, in fact nix is very good at solving them.
I'm happy to remove it if you think it won't find any use.

[Mic92]

I just want keep the API we expose simple as we have to deal every option stable in future to not break configuration. But secrets is a good point for storing the configuration outside of nix store: https://docs.traefik.io/configuration/backends/web/#basic-authentication

[moredhel]

What do you think then? We can keep it in pending #8 and deprecate it when secrets are properly managed within Nix

[moredhel]

Sorry, #24288. Wrong link

[Mic92]

it can stay then, I would say.

[moredhel]

It seems that paths are validated. What path should I use as an example?

[Mic92]

There is a function called literalExample which can be used to prevent evaluation.

[Mic92]

closed by accident.

[moredhel]

I have stripped out the file option for configuring Traefik. How does it look?

[Mic92]

I added this to make acme work by default.

[Mic92]

Also this configuration does nothing it is good to have a nice to have a running example by default (Even if it just for testing new versions of traefik).

[Mic92]

I restored the configFile option for secrets this might be required.

[Mic92]

Thanks for your work on this module!

[Mic92]

followup: a320034

[moredhel]

Thanks @Mic92, helpful and constructive feedback as always 😄