{ lib, config, ... }: let ingressOpts = {name, ...}: { options = { host = lib.mkOption { type = lib.types.str; }; entrypoint = lib.mkOption { type = lib.types.str; default = "websecure"; }; service = { name = lib.mkOption { type = lib.types.str; }; portName = lib.mkOption { type = lib.types.str; }; }; }; }; in { options = { lab.ingresses = lib.mkOption { type = with lib.types; attrsOf (submodule ingressOpts); default = {}; }; }; config = { kubernetes.resources.ingresses = builtins.mapAttrs (name: ingress: { metadata.annotations = { "cert-manager.io/cluster-issuer" = "letsencrypt"; "traefik.ingress.kubernetes.io/router.entrypoints" = ingress.entrypoint; }; spec = { ingressClassName = "traefik"; rules = [ { host = ingress.host; http.paths = [ { path = "/"; pathType = "Prefix"; backend.service = { name = ingress.service.name; port.name = ingress.service.portName; }; } ]; } ]; tls = [ { secretName = "${name}-tls"; hosts = [ingress.host]; } ]; }; }) config.lab.ingresses; }; }