services.traefik.environmentFiles

Files to load as an environment file just before Traefik starts. This can be used to pass secrets such as DNS challenge API tokens or EAB credentials.

DESEC_TOKEN=
TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_EAB_HMACENCODED=
TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_EAB_KID=

Rather than setting secret values with the traefik environment variable syntax, it is recommended to set arbitrary environment variables, then reference them with $VARNAME in e.g. services.traefik.static.settings, like so:

{
  services.traefik = {
    static.settings.somesecretvalue = "$SECRETNAME";
    useEnvSubst = true; # Necessary in order to use environment variables in the Traefik config.
    environmentFiles = [ /path/to/file/that/defines/SECRETNAME ];
  };
}

Type

list of absolute path

Default

[ ]

Example

[
  "/run/secrets/traefik.env"
]

Declared

<nixpkgs/nixos/modules/services/web-servers/traefik.nix>