diff --git a/modules/server/containers/builder.nix b/modules/server/containers/builder.nix index d80f487..13bc98a 100644 --- a/modules/server/containers/builder.nix +++ b/modules/server/containers/builder.nix @@ -1,34 +1,41 @@ { config, lib, pkgs, serverCfg }: let builder = - { image ? null, imageStream ? null + { image ? null, imageStream ? null, imageFile ? null , secret ? null - , subdomain ? null, ip ? null, port ? 0 + , subdomain ? null, subpath?null, port ? 0 , extraEnv ? { }, extraLabels ? { }, extraOptions ? [ ] , overrides ? { } }: - let base = { + let + routerName = if subpath != null + then "${subdomain}-${lib.strings.sanitizeDerivationName subpath}" + else subdomain; + base = { image = if imageStream != null then "${imageStream.imageName}:${imageStream.imageTag}" else image; imageStream = imageStream; + imageFile = imageFile; environmentFiles = if secret!=null then [ config.sops.secrets."${lib.toUpper secret}".path ] else []; environment = {} // extraEnv; labels = (if subdomain!=null then ({ "traefik.enable" = "true"; - "traefik.http.routers.${subdomain}.entrypoints" = "web-secure"; - "traefik.http.routers.${subdomain}.rule" = "Host(`${subdomain}.${serverCfg.hostDomain}`)"; - "traefik.http.routers.${subdomain}.tls" = "true"; + "traefik.http.routers.${routerName}.entrypoints" = "web-secure"; + "traefik.http.routers.${routerName}.rule" = if subpath != null + then "Host(`${subdomain}.${serverCfg.hostDomain}`) && PathPrefix(`/${subpath}`)" + else "Host(`${subdomain}.${serverCfg.hostDomain}`)"; + "traefik.http.routers.${routerName}.tls" = "true"; } // lib.optionalAttrs (port!=null) { - "traefik.http.services.${subdomain}.loadbalancer.server.port" = toString port; + "traefik.http.services.${routerName}.loadbalancer.server.port" = toString port; }) else { "traefik.enable" = "false"; }) // extraLabels; extraOptions = extraOptions ++ [ "--add-host=host.containers.internal:host-gateway" - ] ++ lib.optional (ip!=null) "--ip=${ip}"; + ]; }; in lib.recursiveUpdate base overrides; in {