{ config, pkgs, ... }: let container_name = "traefik"; compose_file = "podman/traefik/compose.yaml"; config_dir = "/mnt/config/traefik"; in { config = { environment.etc."${compose_file}".text = /* yaml */ '' services: traefik: image: docker.io/library/traefik:latest container_name: traefik networks: TRAEFIK_NETWORKS ports: - "80:80" - "443:443" volumes: - /run/user/1000/podman/podman.sock:/run/docker.sock:ro - ${config_dir}/rules/:/etc/traefik/conf/:ro - ${config_dir}/traefik.yaml:/etc/traefik/traefik.yaml:ro - ${config_dir}/certs/:/var/traefik/certs/:rw environment: - CF_DNS_API_TOKEN=$CF_DNS_API_TOKEN labels: - traefik.enable=true - traefik.http.services.traefik.loadbalancer.server.port=8080 - traefik.http.services.traefik.loadbalancer.server.scheme=http - traefik.http.routers.traefik-https.entrypoints=websecure - traefik.http.routers.traefik-https.rule=Host(`traefik.$DOMAIN_NAME`) - traefik.http.routers.traefik-https.tls=true - traefik.http.routers.traefik-https.tls.certresolver=cloudflare restart: always networks: TRAEFIK_REF_NETWORKS ''; systemd.services.traefik = { description = "Podman container : ${container_name}"; after = [ "numbus-activation.service" ]; wantedBy = [ "multi-user.target" ]; path = [ pkgs.podman pkgs.coreutils ]; serviceConfig = { User = "numbus-admin"; Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ]; Type = "exec"; ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down"; Restart = "on-failure"; RestartSec = "5m"; StartLimitBurst = "3"; }; }; }; }