34 lines
1.1 KiB
Nix
34 lines
1.1 KiB
Nix
{ config, lib, serverCfg }:
|
|
let
|
|
builder =
|
|
{ image, secret ? ""
|
|
, subdomain ? "", ip ? "", port ? 0
|
|
, extraEnv ? { }, extraLabels ? { }, extraOptions ? [ ]
|
|
, overrides ? { }
|
|
}:
|
|
let base = {
|
|
inherit image;
|
|
|
|
environmentFiles = if secret !="" then [ config.sops.secrets."${lib.toUpper secret}".path ] else [];
|
|
environment = {} // extraEnv;
|
|
|
|
labels = if subdomain!="" then ({
|
|
"traefik.enable" = "true";
|
|
"traefik.http.routers.${subdomain}.entrypoints" = "web-secure";
|
|
"traefik.http.routers.${subdomain}.rule" = "Host(`${subdomain}.${serverCfg.hostDomain}`)";
|
|
"traefik.http.routers.${subdomain}.tls" = "true";
|
|
} // lib.optionalAttrs (port != 0) {
|
|
"traefik.http.services.${subdomain}.loadbalancer.server.port" = toString port;
|
|
}) else {
|
|
"traefik.enable" = "false";
|
|
} // extraLabels;
|
|
|
|
extraOptions = extraOptions ++ [
|
|
"--add-host=host.containers.internal:host-gateway"
|
|
] ++ lib.optional (ip != "") "--ip=${ip}";
|
|
};
|
|
in lib.recursiveUpdate base overrides;
|
|
in {
|
|
mkContainer = builder;
|
|
host = "host.containers.internal";
|
|
} |