add parameter to reverse proxy

config/arachnide/configuration.nix

@@ -38,6 +38,10 @@
     ipv6 = "2a01:4f9:1a:9a05::2/128";
   };
 
+  nixin.traefik = {
+    dashboard-domain = "traefik.lab12.fr";
+  };
+
   nixin.web = {
     domain = "nixin.lab12.fr";
     http-port = 8081;

modules/reverse-proxy.nix

@@ -1,95 +1,103 @@
 { config, lib, pkgs, ... }:
 
 let
-    localCertificationDirectory = config.security.localCertification.directory;
+  inherit (lib) mkOption mkDefault;
+  localCertificationDirectory = config.security.localCertification.directory;
 in
 {
-  # Enable Traefik
+  options = {
-  services.traefik.enable = true;
+    nixin.traefik = {
-
+      dashboard-domain = mkOption { type = lib.types.str; };
-  # Let Traefik interact with Docker
+    };
-  services.traefik.group = "docker";
-
-  virtualisation.docker.enable = true;
-
-  virtualisation.oci-containers = {
-    backend = "docker";
   };
 
-  # Traefik static configuration options 
+  config = {
-  services.traefik.staticConfigOptions = {
+    # Enable Traefik
-    api.dashboard = true;
+    services.traefik.enable = true;
-    api.insecure = false;
 
-    # Enable logs
+    # Let Traefik interact with Docker
-    log = {
+    services.traefik.group = "docker";
-      level = "INFO";
-      filePath = "${config.services.traefik.dataDir}/traefik.log";
-      format = "json";
-    };
-    accessLog.filePath = "${config.services.traefik.dataDir}/accessLog.log";
 
-    # Enable Docker provider
+    virtualisation.docker.enable = true;
-    providers.docker = {
+
-        endpoint = "unix:///run/docker.sock";
+    virtualisation.oci-containers = {
-        watch = true;
+      backend = "docker";
-        exposedByDefault = false;
     };
 
-    # Configure entrypoints, i.e the ports
+    # Traefik static configuration options 
-    entryPoints = {
+    services.traefik.staticConfigOptions = {
-      web = {
+      api.dashboard = true;
-        address = ":80";
+      api.insecure = false;
-        http.redirections.entryPoint = {
+
-          to = "websecure";
+      # Enable logs
-          scheme = "https";
+      log = {
+        level = "INFO";
+        filePath = "${config.services.traefik.dataDir}/traefik.log";
+        format = "json";
+      };
+      accessLog.filePath = "${config.services.traefik.dataDir}/accessLog.log";
+
+      # Enable Docker provider
+      providers.docker = {
+          endpoint = "unix:///run/docker.sock";
+          watch = true;
+          exposedByDefault = false;
+      };
+
+      # Configure entrypoints, i.e the ports
+      entryPoints = {
+        web = {
+          address = ":80";
+          http.redirections.entryPoint = {
+            to = "websecure";
+            scheme = "https";
+          };
+        };
+        websecure = {
+          address = ":443";
+          asDefault = true;
+          http.tls.certResolver = "acme-challenge";
         };
       };
-      websecure = {
+
-        address = ":443";
+      # Configure certification
-        asDefault = true;
+      certificatesResolvers.acme-challenge.acme = {
-        http.tls.certResolver = "acme-challenge";
+        email = "contact@distrilab.fr";
+        storage = "${config.services.traefik.dataDir}/acme.json";
+        httpChallenge.entryPoint = "web";
       };
+
     };
 
-    # Configure certification
+    # Whitelist middleware to limit access to the wireguard network
-    certificatesResolvers.acme-challenge.acme = {
+    services.traefik.dynamicConfigOptions.http.middlewares.wg-whitelist.ipwhitelist = {
-      email = "contact@distrilab.fr";
+      sourceRange = [ "192.168.12.0/24" ];
-      storage = "${config.services.traefik.dataDir}/acme.json";
-      httpChallenge.entryPoint = "web";
     };
 
+    # Dashboard
+    services.traefik.dynamicConfigOptions.http.routers.dashboard = {
+      rule = lib.mkDefault "Host(`${config.nixin.traefik.dashboard-domain}`)";
+      service = "api@internal";
+      # restrict access to the dashboard
+      middlewares = [ "wg-whitelist" ];
+      entryPoints = [ "websecure" ];
+    };
+
+
+    # You can find and example proxy for a non-docker service in the nixin-web.nix module 
+
+    # Example docker service with traefik proxy enabled through labels
+    # virtualisation.oci-containers.containers.whoami = {
+    #   autoStart = true;
+    #   image = "jwilder/whoami";
+    #   extraOptions = [
+    #     "--label=traefik.enable=true"
+    #     "--label=traefik.http.routers.whoami.entrypoints=websecure"
+    #     "--label=traefik.http.routers.whoami.rule=Host(`whoami.domain.tld`)"
+    #     "--label=traefik.http.routers.whoami.tls=true"
+    #     "--label=traefik.http.services.whoami.loadbalancer.server.port=8000"
+    #     "--label=traefik.http.routers.whoami.tls.certresolver=acme-challenge"
+    #   ];
+    # };
   };
-
-  # Whitelist middleware to limit access to the wireguard network
-  services.traefik.dynamicConfigOptions.http.middlewares.wg-whitelist.ipwhitelist = {
-    sourceRange = [ "192.168.12.0/24" ];
-  };
-
-  # Dashboard
-  services.traefik.dynamicConfigOptions.http.routers.dashboard = {
-    rule = lib.mkDefault "Host(`traefik.lab12.fr`)";
-    service = "api@internal";
-    # restrict access to the dashboard
-    middlewares = [ "wg-whitelist" ];
-    entryPoints = [ "websecure" ];
-  };
-
-
-  # You can find and example proxy for a non-docker service in the nixin-web.nix module 
-
-  # Example docker service with traefik proxy enabled through labels
-  virtualisation.oci-containers.containers.whoami = {
-    autoStart = true;
-    image = "jwilder/whoami";
-    extraOptions = [
-      "--label=traefik.enable=true"
-      "--label=traefik.http.routers.whoami.entrypoints=websecure"
-      "--label=traefik.http.routers.whoami.rule=Host(`whoami.lab12.fr`)"
-      "--label=traefik.http.routers.whoami.tls=true"
-      "--label=traefik.http.services.whoami.loadbalancer.server.port=8000"
-      "--label=traefik.http.routers.whoami.tls.certresolver=acme-challenge"
-    ];
-  };
-
 }