nixos/pangolin: init #416148
nixos/pangolin: init #416148
Conversation
0304479 to
554ab55
Compare
This comment was marked as outdated.
This comment was marked as outdated.
554ab55 to
39fdb93
Compare
There was a problem hiding this comment.
- Modules don't have versioning; drop the version information from the module's commit title.
An additional question on upstream support: does pangolin make any distinction between non-breaking and breaking updates? Will all updates be backwards and forward compatible? If the answer to the latter question is no, then we might need to package several Pangolin versions and gate them behind stateVersion in the module.
203bba6 to
d743fb6
Compare
1e86424 to
4c505ef
Compare
4c505ef to
739307a
Compare
97e321b to
2c2029d
Compare
2c2029d to
c83b14a
Compare
| }; | ||
| experimental.plugins.badger = { | ||
| moduleName = "github.com/fosrl/badger"; | ||
| version = "v1.1.0"; |
There was a problem hiding this comment.
| version = "v1.1.0"; | |
| version = "v1.2.0"; |
There was a problem hiding this comment.
A version in a module? Is there no better way to get this, maybe from one of the packages?
There was a problem hiding this comment.
I'd love it if this could be sourced from the Nix store instead of downloaded by traefik during runtime. I'm not sure how possible that is, though, and it may require changes to the Traefik module.
There was a problem hiding this comment.
I'll look around to see what other modules do.
There was a problem hiding this comment.
While I’d prefer the plugin to come from the store, my more immediate concern is how this version will be managed.
There was a problem hiding this comment.
How is this generally done? I cant seem to find other modules that do this.
There was a problem hiding this comment.
While I’d prefer the plugin to come from the store, my more immediate concern is how this version will be managed.
I assumed we'd occasionally update it here and Traefik will update it from https://plugins.traefik.io.
However, that might not be necessary:
Local Mode
Traefik also offers a local mode that can be used for:
- Using private plugins that are not hosted on GitHub
- Testing the plugins during their development
To use a plugin in local mode, the Traefik static configuration must define the module name (as is usual for Go packages) and a path to a Go workspace, which can be the local GOPATH or any directory.
The plugins must be placed in ./plugins-local directory, which should be in the working directory of the process running the Traefik binary. The source code of the plugin should be organized as follows:
./plugins-local/ └── src └── github.com └── traefik └── plugindemo ├── demo.go ├── demo_test.go ├── go.mod ├── go.sum ├── LICENSE ├── Makefile ├── readme.md └── vendor ├── github.com │ └── traefik │ └── genconf │ ├── dynamic │ │ ├── config.go │ │ ├── http_config.go │ │ ├── marshaler.go │ │ ├── middlewares.go │ │ ├── plugins.go │ │ ├── tcp_config.go │ │ ├── tls │ │ │ ├── certificate.go │ │ │ └── tls.go │ │ ├── types │ │ │ ├── domains.go │ │ │ └── tls.go │ │ └── udp_config.go │ └── LICENSE └── modules.txt
a24d60c to
bd4b191
Compare
bd4b191 to
290a977
Compare
|
Test WIP, waiting on upstream for a way to make an API key. |
007a82c to
f8c01e4
Compare
|
For anyone wondering the |
f8c01e4 to
51a2705
Compare
nixos/tests/pangolin.nix
Outdated
|
|
||
| dbFilePath = "/var/lib/pangolin/config/db/db.sqlite"; | ||
| # API key values to be inserted | ||
| # prefixed so that order is preserved by the attrNames ordering :) |
There was a problem hiding this comment.
i can't even rn
Yeah, patching Pangolin it is.
nixos/tests/pangolin.nix
Outdated
|
|
||
| VPS = { | ||
| imports = [ ./common/acme/client ]; | ||
| networking.domain = domain; |
nixos/tests/pangolin.nix
Outdated
| # TODO, check if this is correct. | ||
| # API is unclear on what's what | ||
| environment.etc."nixos/secrets/newt.env".text = '' | ||
| NEWT_ID=${newtId} | ||
| NEWT_SECRET=${secret} | ||
| ''; |
There was a problem hiding this comment.
I don't think this is correct. Pangolin returns the Newt ID and Secret from the API, so you need to save the results of the curl commands in a file in the VPS node, and then copy that data to the privateHost.
There was a problem hiding this comment.
I gave up on using pangctl. Instead i can just insert whatever i want into the db :) This also removes the need for the curling
This function takes in the provider, owner and plugin name, and outputs a correctly-formatted derivation with the Traefik plugin, which can be `symlinkJoin`ed in the `/var/lib/traefik/plugins-local` folder. Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
Co-authored-by: Ethan Carter Edwards <ethan@ethancedwards.com>
51a2705 to
606cfde
Compare
eaaf5d6 to
1cbdbec
Compare
1cbdbec to
cb0a95f
Compare
Init Pangolin module for NixOS: pangolin
Depends on
Related to:
To test:
must reboot after initial setup on remote server
otherwise Newt will give
Ping attempt 1 failed: failed to read ICMP packet: i/o timeoutThings done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.