Abstract over traefik config!

modules/cloud/bitwarden/default.nix

@@ -10,6 +10,7 @@ let
   user = "bitwarden";
 
   port = 8001;
+  notificationsPort = 8002;
 in
 {
   options.cloud.bitwarden = { };
@@ -24,15 +25,15 @@ in
     # database
     cloud.postgresql.databases = [ databaseUser ];
     # traefik
-    cloud.traefik.config.http.routers.bitwarden = {
+    cloud.traefik.hosts.bitwarden = {
-      rule = "Host(`bw.nkagami.me`)";
+      inherit port;
-      entrypoints = "https";
+      host = "bw.nkagami.me";
-      tls.certResolver = "le";
+    };
-      service = "bitwarden";
+    cloud.traefik.hosts.bitwarden-notifications = {
+      port = notificationsPort;
+      host = "bw.nkagami.me";
+      path = "/notifications/hub";
     };
-    cloud.traefik.config.http.services.bitwarden.loadBalancer.servers = [
-      { url = "http://localhost:${toString port}"; }
-    ];
     # systemd unit
     systemd.services.bitwarden-server = {
       after = [ "network.target" ];
@@ -46,6 +47,7 @@ in
         WEB_VAULT_FOLDER = "${pkgs.unstable.vaultwarden-vault}/share/vaultwarden/vault";
 
         ROCKET_PORT = toString port;
+        WEBSOCKET_PORT = toString notificationsPort;
       };
       serviceConfig = {
         User = user;

modules/cloud/traefik/config.nix

@@ -0,0 +1,63 @@
+{ pkgs, lib, config, ... }:
+
+with lib;
+let
+  cfg = config.cloud.traefik;
+
+  hostType = with types; submodule {
+    options = {
+      host = mkOption {
+        type = str;
+        description = "The host for the router filter";
+      };
+      path = mkOption {
+        type = nullOr str;
+        default = null;
+        description = "The path for the router filter (exact path is matched)";
+      };
+      filter = mkOption {
+        type = nullOr str;
+        default = null;
+        description = "The filter syntax for the router. Overrides `host` and `path` if provided";
+      };
+      port = mkOption {
+        type = types.port;
+        description = "The port that the service is listening on";
+      };
+      entrypoints = mkOption {
+        type = listOf (enum ["http" "https" "smtp-submission" "imap"]);
+        default = [ "https" ];
+        description = "The entrypoints that will serve the host";
+      };
+    };
+  };
+
+  # Returns the filter given a host configuration
+  filterOfHost = host :
+    if host.filter != null then host.filter
+    else if host.path == null then "Host(`${host.host}`)"
+    else "Host(`${host.host}`) && Path(`${host.path}`)";
+
+  # Turns a host configuration into dynamic traefik configuration
+  hostToConfig = name : host : {
+    http.routers."${name}-router" = {
+      rule = filterOfHost host;
+      entryPoints = host.entrypoints;
+      tls.certResolver = "le";
+      service = "${name}-service";
+    };
+    http.services."${name}-service".loadBalancer.servers = [
+      { url = "http://localhost:${toString host.port}"; }
+    ];
+  };
+in
+{
+
+  options.cloud.traefik.hosts = mkOption {
+    type = types.attrsOf hostType;
+    default = {};
+    description = "The HTTP hosts to run on the server";
+  };
+
+  config.cloud.traefik.config = builtins.foldl' attrsets.recursiveUpdate {} (attrsets.mapAttrsToList hostToConfig cfg.hosts);
+}

modules/cloud/traefik/default.nix

@@ -21,6 +21,7 @@ let
   cfg = config.cloud.traefik;
 in
 {
+  imports = [ ./config.nix ];
   options.cloud.traefik = {
     cloudflareKeyFile = mkOption {
       type = types.path;

nki-personal-do/configuration.nix

@@ -18,6 +18,7 @@
   ];
 
   environment.systemPackages = with pkgs; [
+    git
   ];
 
   services.do-agent.enable = true;