container builder

modules/server/containers/builder.nix

@@ -0,0 +1,28 @@
+{ config, lib, serverCfg }:
+{ image, secret ? ""
+, subdomain ? "", ip ? "", port ? 0
+, extraEnv ? { }, extraLabels ? { }
+, overrides ? { }
+}:
+let base = {
+  inherit image;
+
+  environmentFiles = if secret !="" then [ config.sops.secrets."${lib.toUpper secret}".path ] else [];
+  environment = {} // extraEnv;
+
+  labels = if subdomain!="" then ({
+    "traefik.enable" = "true";
+    "traefik.http.routers.${subdomain}.entrypoints" = "web-secure";
+    "traefik.http.routers.${subdomain}.rule" = "Host(`${subdomain}.${serverCfg.hostDomain}`)";
+    "traefik.http.routers.${subdomain}.tls" = "true";
+  } // lib.optionalAttrs (port != 0) {
+    "traefik.http.services.${subdomain}.loadbalancer.server.port" = toString port;
+  }) else {
+    "traefik.enable" = "false";
+  } // extraLabels;
+
+  extraOptions = [
+    "--add-host=host.containers.internal:host-gateway"
+  ] ++ lib.optional (ip != "") "--ip=${ip}";
+};
+in lib.recursiveUpdate base overrides // { host = "host.containers.internal"; }