Nix Podman Stacks
Collection of opinionated Podman stacks managed by Home Manager.
The goal is to easily deploy various self-hosted projects, including a reverse proxy, dashboard and monitoring setup. Under the hood rootless Podman (Quadlets) will be used to run the containers. It works on most Linux distros including Ubuntu, Arch, Mint, Fedora & more and is not limited to NixOS.
The projects also contains integrations with Traefik, Homepage, Grafana and more. Some examples include:
- Enabling a stack will add the respective containers to Traefik and Homepage
- Enabling CrowdSec or PocketID will automatically configure necessary Traefik plugins and middlewares
- When stacks support exporting metrics, scrape configs for Prometheus can be automatically set up
- Similariy, Grafana dashboards for Traefik, Blocky & others can be automatically added
- and more ...
Disabling any of those options will of course also remove all associated configurations and containers.
While most stacks can be activated by setting a single flag, some stacks require setting mandatory values, especially for secrets. For managing secrets, projects such as sops-nix or agenix can be used, which allow you to store your secrets along with the configuration inside a single Git repository.
đ Option Documentation
Refer to the documentation for a full list of available options. There is also an Option Search to easily explore existing options.
Most stacks will rely or use a few centrally defined variables. These include:
nps Option | Description |
|---|---|
hostIP4Address | The IPv4 address of the host. Will be used for example in case of explicit port bindings. |
hostUid | The UID of the host user running the podman stacks. |
storageBaseDir | Base storage location used for bind mounts. Used as a base location for bind mounts. |
externalStorageBaseDir | Base storage location used for media files, e.g. pictures used by Immich. |
đŚ Available Stacks
-
Calibre-Web Automated
Calibre-Web Automated Book Downloader
-
Changedetection
Sock Puppet Browser
-
đ Monitoring
Alloy
Grafana
Loki
Prometheus
Podman Metrics Exporter
-
Paperless-ngx- đ FTP Server
-
đş Streaming
Bazarr
Flaresolverr
Gluetun
Jellyfin
Prowlarr
qBittorrent
Radarr
Sonarr
âď¸ Prerequisites
- Nix Installation
net.ipv4.ip_unprivileged_port_start=0or any other way of allowing non-root processes to bind to ports below 1024
đ Setup
If you already have an existing flake setup, add this projects flake as an input and include the flake output homeModules.all in your Home Manager modules.
If you don't use Nix yet, you can use the projects template to get started:
nix flake init --template github:Tarow/nix-podman-stacks- Modify the
stacks.nixfile to enable, disable and modify settings according to your preferences - Generate your age key and create the
.sops.yamlbased on the.sops.yaml.example - Create the
secrets.yamlfile containing all secrets used in the stack configurations - Make sure to declare the used secrets in the
sops.nixfile - Modify the
flake.nixto reflect your system architecture, username and home directory - Apply your configuration:
nix run home-manager -- switch --experimental-features "nix-command flakes pipe-operators" -b bak --flake .#myhost
This is just one example. Feel free to use a different tool for secret management or restructure files to your preference.
đ§ Customize Settings
The Podman stacks are mostly opinionated and configured to work out of the box. Refer to option documentation or the source code of each module to see which options are exposed on stack level and can be modified. An example would be Traefik, which requires a domain to be set. Also it ships with preconfigured static and dynamic configurations, but allows you to extend or customize those.
If the exposed options are not enough, you can always refer to the container definition directly by using the nps.stacks.<stackname>.containers.<containername> options.
Refer to the examples to see different use cases of setting and overriding options.
đĄ Missing a Stack / Option / Integration ?
Is your favorite self-hosted app not included yet? Or would you like to see additional options or integrations? I'm always looking to expand the collection! Feel free to open an issue or contribute directly with a pull request.
Settings Options
Most stacks will rely on some central settings. An example would be the base location where containers should create bind mounts for persistent data.
The following list contains all of the central settings.
nps.enableSocket
Whether to enable the Podman socket for user services. Note that the socket is required for the services like Traefik or Homepage to run successfully, since they access the Podman API.
If this is disabled and you use these services, you will need to manually enable the socket.
Type: boolean
Default:
true
Declared by:
nps.package
The podman package to use.
Type: package
Default:
pkgs.podman
Declared by:
nps.containers.adguard
Alias of services.podman.containers.adguard.
Type: submodule
Declared by:
nps.containers.aiostreams
Alias of services.podman.containers.aiostreams.
Type: submodule
Declared by:
nps.containers.alloy
Alias of services.podman.containers.alloy.
Type: submodule
Declared by:
nps.containers.audiobookshelf
Alias of services.podman.containers.audiobookshelf.
Type: submodule
Declared by:
nps.containers.authelia
Alias of services.podman.containers.authelia.
Type: submodule
Declared by:
nps.containers.bazarr
Alias of services.podman.containers.bazarr.
Type: submodule
Declared by:
nps.containers.beszel
Alias of services.podman.containers.beszel.
Type: submodule
Declared by:
nps.containers.beszel-agent
Alias of services.podman.containers.beszel-agent.
Type: submodule
Declared by:
nps.containers.blocky
Alias of services.podman.containers.blocky.
Type: submodule
Declared by:
nps.containers.bytestash
Alias of services.podman.containers.bytestash.
Type: submodule
Declared by:
nps.containers.calibre
Alias of services.podman.containers.calibre.
Type: submodule
Declared by:
nps.containers.calibre-downloader
Alias of services.podman.containers.calibre-downloader.
Type: submodule
Declared by:
nps.containers.changedetection
Alias of services.podman.containers.changedetection.
Type: submodule
Declared by:
nps.containers.crowdsec
Alias of services.podman.containers.crowdsec.
Type: submodule
Declared by:
nps.containers.dockdns
Alias of services.podman.containers.dockdns.
Type: submodule
Declared by:
nps.containers.docker-socket-proxy
Alias of services.podman.containers.docker-socket-proxy.
Type: submodule
Declared by:
nps.containers.dozzle
Alias of services.podman.containers.dozzle.
Type: submodule
Declared by:
nps.containers.filebrowser
Alias of services.podman.containers.filebrowser.
Type: submodule
Declared by:
nps.containers.forgejo
Alias of services.podman.containers.forgejo.
Type: submodule
Declared by:
nps.containers.freshrss
Alias of services.podman.containers.freshrss.
Type: submodule
Declared by:
nps.containers.gatus
Alias of services.podman.containers.gatus.
Type: submodule
Declared by:
nps.containers.gatus-db
Alias of services.podman.containers.gatus-db.
Type: submodule
Declared by:
nps.containers.gluetun
Alias of services.podman.containers.gluetun.
Type: submodule
Declared by:
nps.containers.grafana
Alias of services.podman.containers.grafana.
Type: submodule
Declared by:
nps.containers.healthchecks
Alias of services.podman.containers.healthchecks.
Type: submodule
Declared by:
nps.containers.homeassistant
Alias of services.podman.containers.homeassistant.
Type: submodule
Declared by:
nps.containers.homepage
Alias of services.podman.containers.homepage.
Type: submodule
Declared by:
nps.containers.immich
Alias of services.podman.containers.immich.
Type: submodule
Declared by:
nps.containers.immich-db
Alias of services.podman.containers.immich-db.
Type: submodule
Declared by:
nps.containers.immich-machine-learning
Alias of services.podman.containers.immich-machine-learning.
Type: submodule
Declared by:
nps.containers.immich-redis
Alias of services.podman.containers.immich-redis.
Type: submodule
Declared by:
nps.containers.ittools
Alias of services.podman.containers.ittools.
Type: submodule
Declared by:
nps.containers.jellyfin
Alias of services.podman.containers.jellyfin.
Type: submodule
Declared by:
nps.containers.karakeep
Alias of services.podman.containers.karakeep.
Type: submodule
Declared by:
nps.containers.karakeep-chrome
Alias of services.podman.containers.karakeep-chrome.
Type: submodule
Declared by:
nps.containers.karakeep-meilisearch
Alias of services.podman.containers.karakeep-meilisearch.
Type: submodule
Declared by:
nps.containers.kimai
Alias of services.podman.containers.kimai.
Type: submodule
Declared by:
nps.containers.kimai-db
Alias of services.podman.containers.kimai-db.
Type: submodule
Declared by:
nps.containers.lldap
Alias of services.podman.containers.lldap.
Type: submodule
Declared by:
nps.containers.loki
Alias of services.podman.containers.loki.
Type: submodule
Declared by:
nps.containers.mealie
Alias of services.podman.containers.mealie.
Type: submodule
Declared by:
nps.containers.microbin
Alias of services.podman.containers.microbin.
Type: submodule
Declared by:
nps.containers.n8n
Alias of services.podman.containers.n8n.
Type: submodule
Declared by:
nps.containers.ntfy
Alias of services.podman.containers.ntfy.
Type: submodule
Declared by:
nps.containers.omnitools
Alias of services.podman.containers.omnitools.
Type: submodule
Declared by:
nps.containers.paperless
Alias of services.podman.containers.paperless.
Type: submodule
Declared by:
nps.containers.paperless-broker
Alias of services.podman.containers.paperless-broker.
Type: submodule
Declared by:
nps.containers.paperless-db
Alias of services.podman.containers.paperless-db.
Type: submodule
Declared by:
nps.containers.paperless-ftp
Alias of services.podman.containers.paperless-ftp.
Type: submodule
Declared by:
nps.containers.pocketid
Alias of services.podman.containers.pocketid.
Type: submodule
Declared by:
nps.containers.podman-exporter
Alias of services.podman.containers.podman-exporter.
Type: submodule
Declared by:
nps.containers.prometheus
Alias of services.podman.containers.prometheus.
Type: submodule
Declared by:
nps.containers.prowlarr
Alias of services.podman.containers.prowlarr.
Type: submodule
Declared by:
nps.containers.qbittorrent
Alias of services.podman.containers.qbittorrent.
Type: submodule
Declared by:
nps.containers.radarr
Alias of services.podman.containers.radarr.
Type: submodule
Declared by:
nps.containers.romm
Alias of services.podman.containers.romm.
Type: submodule
Declared by:
nps.containers.romm-db
Alias of services.podman.containers.romm-db.
Type: submodule
Declared by:
nps.containers.sockpuppetbrowser
Alias of services.podman.containers.sockpuppetbrowser.
Type: submodule
Declared by:
nps.containers.sonarr
Alias of services.podman.containers.sonarr.
Type: submodule
Declared by:
nps.containers.stirling-pdf
Alias of services.podman.containers.stirling-pdf.
Type: submodule
Declared by:
nps.containers.traefik
Alias of services.podman.containers.traefik.
Type: submodule
Declared by:
nps.containers.uptime-kuma
Alias of services.podman.containers.uptime-kuma.
Type: submodule
Declared by:
nps.containers.vaultwarden
Alias of services.podman.containers.vaultwarden.
Type: submodule
Declared by:
nps.containers.wg-easy
Alias of services.podman.containers.wg-easy.
Type: submodule
Declared by:
nps.containers.wg-portal
Alias of services.podman.containers.wg-portal.
Type: submodule
Declared by:
nps.defaultGid
GID of the user that will be used by default for containers if they allow GID configuration. When running rootless containers, GID 0 gets mapped to the host users GID.
Type: signed integer
Default:
0
Declared by:
nps.defaultTz
Default timezone for containers.
Will be passed to all containers as TZ environment variable.
Type: null or string
Default:
"Etc/UTC"
Declared by:
nps.defaultUid
UID of the user that will be used by default for containers if they allow UID configuration. When running rootless containers, UID 0 gets mapped to the host users UID.
Type: signed integer
Default:
0
Declared by:
nps.externalStorageBaseDir
Base location that will be used for larger data such as downloads or media files. Could be an external disk.
Type: absolute path
Declared by:
nps.hostIP4Address
The IPv4 address which will be used in case explicit bindings are required.
Type: string
Declared by:
nps.hostUid
UID of the host user running the containers. Will be used to infer the Podman socket location (XDG_RUNTIME_DIR).
Type: signed integer
Default:
1000
Declared by:
nps.mediaStorageBaseDir
Base location for larger media files. This is where containers like Jellyfin or Immich will store their media files.
Type: absolute path
Default:
"${config.nps.externalStorageBaseDir}/media"
Declared by:
nps.socketLocation
The location of the Podman socket for user services. Will be passed to containers that communicate with the Podman API, such as Traefik, Homepage or Beszel.
Type: absolute path (read only)
Default:
"/run/user/${toString config.nps.hostUid}/podman/podman.sock"
Declared by:
nps.storageBaseDir
Base directory for Podman storage.
This is where each stack will create its bind mounts for persistent data.
For example, setting this to /home/foo/stacks would result in Adguard creating its bind mount at /home/foo/stacks/adguard.
Type: absolute path
Default:
"${config.home.homeDirectory}/stacks"
Declared by:
Stack Options
The nps.stacks options allow enabling and configuring various stacks.
Most stacks just require the enable option set to true. Some stacks can optionally be configured to adjust settings or pass environment files (e.g. for secrets).
If you want to make changes that are not possible through the exposed stack options directly, aliases to the services.podman.container options are provided, which let you override or modify any attribute that the stack modules set.
For instance, accessing nps.stacks.streaming.containers.jellyfin is an alias to services.podman.containers.jellyfin and allows editing any of the known services.podman.containers options, such as networks, volumes and environment files. Usually this should not be necessary though.
The following list contains the options for all available stacks.
nps.stacks.adguard.enable
Whether to enable adguard.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.adguard.containers.adguard
Alias of services.podman.containers.adguard.
Type: submodule
Declared by:
nps.stacks.aiostreams.enable
Whether to enable aiostreams.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.aiostreams.containers.aiostreams
Alias of services.podman.containers.aiostreams.
Type: submodule
Declared by:
nps.stacks.aiostreams.envFile
Path to the environment file for AIOStreams. Can be used to pass secrets.
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.audiobookshelf.enable
Whether to enable audiobookshelf.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.audiobookshelf.authelia.clientSecretHash
The hashed client_secret. For examples on how to generate a client secret, see
https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#client-secret
Type: string
Declared by:
nps.stacks.audiobookshelf.authelia.registerClient
Whether to register a Audiobookshelf OIDC client in Authelia.
If enabled you need to provide a hashed secret in the client_secret option.
To enable OIDC Login for Audiobookshelf, you will have to enable it in the Web UI.
For details, see:
- https://www.authelia.com/integration/openid-connect/clients/audiobookshelf/
- https://www.audiobookshelf.org/guides/oidc_authentication/#configuring-audiobookshelf-for-sso
Type: boolean
Default:
false
Declared by:
nps.stacks.audiobookshelf.containers.audiobookshelf
Alias of services.podman.containers.audiobookshelf.
Type: submodule
Declared by:
nps.stacks.authelia.enable
Whether to enable authelia.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.authelia.enableTraefikMiddleware
Wheter to setup an authelia middleware for Traefik.
The middleware will utilize the ForwardAuth Authz implementation.
See https://www.authelia.com/integration/proxies/traefik/#implementation
Type: boolean
Default:
config.nps.stacks.traefik.enable
Declared by:
nps.stacks.authelia.authenticationBackend.ldap.passwordFile
The password for the LDAP user that is used when connecting to the LDAP backend.
Type: absolute path
Default:
config.nps.stacks.lldap.adminPasswordFile
Declared by:
nps.stacks.authelia.authenticationBackend.ldap.user
The username that will be used when binding to the LDAP backend.
Type: string
Default:
config.nps.stacks.lldap.adminUsername
Declared by:
nps.stacks.authelia.authenticationBackend.type
The authentication backend that will be used.
If set to ldap the option ldapPasswordFile has to be set.
If set to file either the users or the usersFile option has to be set.
Type: one of âfileâ, âldapâ
Default:
if config.nps.stacks.lldap.enable then "ldap" else "file"
Declared by:
nps.stacks.authelia.authenticationBackend.users
User configuration. Besides the defined options, any value can be defined here. See https://www.authelia.com/reference/guides/passwords/#yaml-format
Note: Configuring the users through this option file result in a read-only file being mounted into the container. Because the file isnât writable, users wonât be able to reset or change their passwords themselves.
If you want to mount a writable file, use the usersFile option instead.
Type: attribute set of (YAML 1.1 value)
Default:
{ }
Declared by:
nps.stacks.authelia.authenticationBackend.users.<name>.disabled
The disabled status for the user
Type: boolean
Default:
false
Declared by:
nps.stacks.authelia.authenticationBackend.users.<name>.displayname
The display name for the user
Type: string
Default:
"key of the attribute set"
Declared by:
nps.stacks.authelia.authenticationBackend.users.<name>.email
The email for the user
Type: string
Default:
""
Declared by:
nps.stacks.authelia.authenticationBackend.users.<name>.groups
The groups list for the user
Type: list of string
Default:
[ ]
Declared by:
nps.stacks.authelia.authenticationBackend.users.<name>.password
The hashed password for the user
Type: string
Declared by:
nps.stacks.authelia.authenticationBackend.usersFile
Path to a file containing the user configuration. See https://www.authelia.com/reference/guides/passwords/#yaml-format
If this option is defined, the users option will be ignored.
Type: null or absolute path not in the Nix store
Default:
null
Declared by:
nps.stacks.authelia.containers.authelia
Alias of services.podman.containers.authelia.
Type: submodule
Declared by:
nps.stacks.authelia.env
Additional environment variables passed to the Authelia container
Type: attribute set of (null or boolean or signed integer or string or absolute path or list of (null or boolean or signed integer or string or absolute path))
Default:
{ }
Declared by:
nps.stacks.authelia.envFile
Path to the environment file containing addiotional variables. Can be used to pass secrets etc.
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.authelia.jwtSecretFile
Path to the file containing the JWT secret. See https://www.authelia.com/configuration/identity-validation/reset-password/#jwt_secret
Type: absolute path
Declared by:
nps.stacks.authelia.oidc.enable
Whether to enable OIDC Support.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.authelia.oidc.clients
OIDC client configuration. See https://www.authelia.com/configuration/identity-providers/openid-connect/clients/
Type: attribute set of (YAML 1.1 value)
Default:
[ ]
Declared by:
nps.stacks.authelia.oidc.clients.<name>.client_id
This option has no description.
Type: string
Default:
"âšnameâş"
Declared by:
nps.stacks.authelia.oidc.hmacSecretFile
Path to the file containing the HMAC secret. See https://www.authelia.com/configuration/identity-providers/openid-connect/provider/#hmac_secret
Type: absolute path
Declared by:
nps.stacks.authelia.oidc.jwksRsaKeyFile
Path to the file containing the JWKS RSA (RS256) private key.
For example, a keypair can be generated and printed out like this:
podman run --rm authelia/authelia sh -c "authelia crypto certificate rsa generate --common-name authelia.example.com && cat public.crt && cat private.pem"
See https://www.authelia.com/configuration/identity-providers/openid-connect/provider/#key
Type: absolute path
Declared by:
nps.stacks.authelia.sessionSecretFile
Path to the file containing the session secret. See https://www.authelia.com/configuration/session/introduction/#secret
Type: absolute path
Declared by:
nps.stacks.authelia.settings
Additional Authelia settings. Will be provided in the configuration.yml.
Type: YAML 1.1 value
Declared by:
nps.stacks.authelia.storageEncryptionKeyFile
Path to the file containing the storage encryption key. See https://www.authelia.com/configuration/storage/introduction/#encryption_key
Type: absolute path
Declared by:
nps.stacks.beszel.enable
Whether to enable beszel.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.beszel.authelia.clientSecretHash
The hashed client_secret. For examples on how to generate a client secret, see
https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#client-secret
Type: string
Declared by:
nps.stacks.beszel.authelia.registerClient
Whether to register a Beszel OIDC client in Authelia.
If enabled you need to provide a hashed secret in the client_secret option.
To enable OIDC Login for Beszel, you will have to set it up in Beszels Web-UI. For details, see:
Type: boolean
Default:
false
Declared by:
nps.stacks.beszel.containers.beszel
Alias of services.podman.containers.beszel.
Type: submodule
Declared by:
nps.stacks.beszel.containers.beszel-agent
Alias of services.podman.containers.beszel-agent.
Type: submodule
Declared by:
nps.stacks.beszel.ed25519PrivateKeyFile
Path to private SSH key that will be used by the hub to authenticate against agent If not provided, the hub will generate a new key pair when starting.
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.beszel.ed25519PublicKeyFile
Path to public SSH key of the hub that will be considered authorized by agent
If not provided, the KEY environment variable should be set to the public key of the hub,
in order for the connection from hub to agent to work.
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.beszel.settings
System configuration (optional). If provided, on each restart, systems in the database will be updated to match the systems defined in the settings. To see your current configuration, refer to settings -> YAML Config -> Export configuration
Type: null or YAML 1.1 value
Default:
null
Example:
{
systems = [
{
host = "/beszel_socket/beszel.sock";
name = "Local";
port = 45876;
users = [
"admin@example.com"
];
}
];
}
Declared by:
nps.stacks.beszel.useSocketProxy
Whether to access the Podman socket through the read-only proxy for the beszel stack. Will be enabled by default if the âdocker-socket-proxyâ stack is enabled.
Type: boolean
Default:
config.nps.stacks.docker-socket-proxy.enable
Declared by:
nps.stacks.blocky.enable
Whether to enable blocky.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.blocky.enableGrafanaDashboard
Whether to enable Grafana Dashboard.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.blocky.enablePrometheusExport
Whether to enable Prometheus Export.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.blocky.containers.blocky
Alias of services.podman.containers.blocky.
Type: submodule
Declared by:
nps.stacks.blocky.settings
Blocky configuration. Will be converted to the config.yml.
For a full list of options, refer to the Blocky documentation
By default, if Traefik is enabled, the module will automatically setup a DNS override pointing the Traefik domain to your host IP.
Type: YAML 1.1 value
Declared by:
nps.stacks.bytestash.enable
Whether to enable bytestash.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.bytestash.containers.bytestash
Alias of services.podman.containers.bytestash.
Type: submodule
Declared by:
nps.stacks.bytestash.env
Additional environment variables passed to the ByteStash container. Can be used to override the preset.
See https://docs.romm.app/latest/Getting-Started/Environment-Variables/
Type: attribute set of (null or boolean or signed integer or string or absolute path or list of (null or boolean or signed integer or string or absolute path))
Default:
{ }
Declared by:
nps.stacks.bytestash.envFile
Path to the environment file containing atleast the âJWT_SECRETâ variable.
See https://github.com/jordan-dalby/ByteStash/wiki/FAQ#environment-variables
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.calibre.enable
Whether to enable calibre.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.calibre.containers.calibre
Alias of services.podman.containers.calibre.
Type: submodule
Declared by:
nps.stacks.calibre.containers.calibre-downloader
Alias of services.podman.containers.calibre-downloader.
Type: submodule
Declared by:
nps.stacks.changedetection.enable
Whether to enable changedetection.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.changedetection.containers.changedetection
Alias of services.podman.containers.changedetection.
Type: submodule
Declared by:
nps.stacks.changedetection.containers.sockpuppetbrowser
Alias of services.podman.containers.sockpuppetbrowser.
Type: submodule
Declared by:
nps.stacks.crowdsec.enable
Whether to enable crowdsec.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.crowdsec.acquisSettings
Acquisitions settings for Crowdsec. If Traefik is enabled, the module will automatically setup acquisition for Traefik.
Type: YAML 1.1 value
Default:
{ }
Declared by:
nps.stacks.crowdsec.containers.crowdsec
Alias of services.podman.containers.crowdsec.
Type: submodule
Declared by:
nps.stacks.crowdsec.envFile
Path to the env file containing secrets, e.g. the âENROLL_INSTANCE_NAMEâ and âENROLL_KEYâ variables.
To automatically monitor Traefik logs and add a Traefik middleware, make sure to configure the traefikIntegration options
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.crowdsec.traefikIntegration.enable
Wheter to configure aquis settings for Traefik. If enabled, Traefik access logs will be automatically collected.
To also setup a Traefik middleware that makes use of the CrowdSec decisions to block requests, make sure to configure
the bouncerEnvFile option.
Type: boolean
Default:
config.nps.stacks.traefik.enable
Declared by:
nps.stacks.crowdsec.traefikIntegration.bouncerEnvFile
Path to env file containing the BOUNCER_KEY_TRAEFIK environment variable.
If this is set, a Bouncer will be setup in CrowdSec. Also a new crowdsec middleware will be registered in Traefik and added to the âpublicâ chain.
This will block requests to exposed services that are detected as malicious by Crowdsec.
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.crowdsec.traefikIntegration.useSocketProxy
Whether to access the Podman socket through the read-only proxy for the crowdsec stack. Will be enabled by default if the âdocker-socket-proxyâ stack is enabled.
Type: boolean
Default:
config.nps.stacks.docker-socket-proxy.enable
Declared by:
nps.stacks.dockdns.enable
Whether to enable DockDNS. This will run a Cloudflare DNS client that updates DNS records based on Docker labels. The module contains an extension that will automatically create DNS records for services with the âpublicâ Traefik middleware, so they are accessible from the internet. It will also automatically delete DNS records for services, that are no longer exposed (e.g. âprivateâ middleware)
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.dockdns.containers.dockdns
Alias of services.podman.containers.dockdns.
Type: submodule
Declared by:
nps.stacks.dockdns.envFile
Path to a file containing environment variables for the API token for the domain. E.g. for a domain âtest.example.comâ, the file should contain âTEST_EXAMPLE_COM_API_TOKEN=your_api_tokenâ.
Type: absolute path
Default:
null
Declared by:
nps.stacks.dockdns.settings
Settings for DockDNS. For details, refer to the DockDNS documentation The module will provide a default configuration, that updates DNS records every 10 minutes. DockDNS labels will be automatically added to services with the âpublicâ Traefik middleware.
Type: YAML 1.1 value
Declared by:
nps.stacks.dockdns.useSocketProxy
Whether to access the Podman socket through the read-only proxy for the dockdns stack. Will be enabled by default if the âdocker-socket-proxyâ stack is enabled.
Type: boolean
Default:
config.nps.stacks.docker-socket-proxy.enable
Declared by:
nps.stacks.docker-socket-proxy.enable
Whether to enable docker-socket-proxy.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.docker-socket-proxy.containers.docker-socket-proxy
Alias of services.podman.containers.docker-socket-proxy.
Type: submodule
Declared by:
nps.stacks.dozzle.enable
Whether to enable Dozzle.
The module contains an extension that will automatically add all containers to Dozzle groups,
if they stack attribute is set.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.dozzle.containers.dozzle
Alias of services.podman.containers.dozzle.
Type: submodule
Declared by:
nps.stacks.dozzle.useSocketProxy
Whether to access the Podman socket through the read-only proxy for the dozzle stack. Will be enabled by default if the âdocker-socket-proxyâ stack is enabled.
Type: boolean
Default:
config.nps.stacks.docker-socket-proxy.enable
Declared by:
nps.stacks.filebrowser.enable
Whether to enable filebrowser.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.filebrowser.containers.filebrowser
Alias of services.podman.containers.filebrowser.
Type: submodule
Declared by:
nps.stacks.filebrowser.mounts
Mount points for the file browser.
Format: { 'hostPath' = 'containerPath' }
By default, the users home directory and the external storage directory (config.nps.externalStorageBaseDir)
are configured as mounts.
Type: attribute set of string
Example:
{
"/home/foo/media" = "/media";
"/mnt/ext/data" = "/data";
}
Declared by:
nps.stacks.forgejo.enable
Whether to enable forgejo.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.forgejo.containers.forgejo
Alias of services.podman.containers.forgejo.
Type: submodule
Declared by:
nps.stacks.forgejo.settings
Optional app settings for Forgejo. For a full list of options, refer to the Forgejo documentation.
Type: null or (attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string)))
Default:
null
Declared by:
nps.stacks.freshrss.enable
Whether to enable freshrss.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.freshrss.containers.freshrss
Alias of services.podman.containers.freshrss.
Type: submodule
Declared by:
nps.stacks.freshrss.envFile
Path to the env file containing admin user secrets. The file should contain the variables âADMIN_USERNAMEâ, âADMIN_EMAILâ, âADMIN_PASSWORDâ and âADMIN_API_PASSWORDâ. If the file is not set, automatic user creation will not be triggered. This only effects the first run. For details see https://github.com/FreshRSS/FreshRSS/tree/edge/Docker#environment-variables
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.gatus.enable
Whether to enable Gatus. The module also provides an extension that will add Gatus options to a container. This allows services to be added to Gatus by settings container options.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.gatus.authelia.enable
Whether to enable OIDC login with Authelia. This will register an OIDC client in Authelia and setup the necessary configuration.
For details, see:
- https://www.authelia.com/integration/openid-connect/clients/gatus/
- https://github.com/TwiN/gatus?tab=readme-ov-file#oidc
Type: boolean
Default:
false
Declared by:
nps.stacks.gatus.authelia.allowedSubjects
List of allowed subjects. If not set, all subjects will be allowed.
Type: list of string
Default:
[ ]
Declared by:
nps.stacks.gatus.authelia.clientSecretEnvName
Name of the environment variable that contains the client_secret.
You will have to provide a variable with the given name in the env_file option.
E.g. when setting clientSecretEnvName = AUTHELIA_CLIENT_SECRET, then the envFile should be a file containing the variable:
AUTHELIA_CLIENT_SECRET=some_secret
Type: string
Declared by:
nps.stacks.gatus.authelia.clientSecretHash
The hashed client_secret. Will be set in the Authelia client config. For examples on how to generate a client secret, see
https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#client-secret
Type: string
Declared by:
nps.stacks.gatus.containers.gatus
Alias of services.podman.containers.gatus.
Type: submodule
Declared by:
nps.stacks.gatus.containers.gatus-db
Alias of services.podman.containers.gatus-db.
Type: submodule
Declared by:
nps.stacks.gatus.db.envFile
Path to the environment file for the database. Required if db.type is set to âpostgresâ. Must contain the environment variables âPOSTGRES_USERâ, and âPOSTGRES_PASSWORDâ.
Type: absolute path
Declared by:
nps.stacks.gatus.db.type
Type of the database to use. Can be set to âsqliteâ or âpostgresâ. If set to âpostgresâ, the envFile option must be set.
Type: one of âsqliteâ, âpostgresâ
Declared by:
nps.stacks.gatus.defaultEndpoint
Default endpoint settings. Will merged with each provided endpoint. Only applies if endpoint does not override the default endpoint settings.
Type: YAML 1.1 value
Default:
{
client = {
insecure = true;
timeout = "10s";
};
conditions = [
"[STATUS] >= 200"
"[STATUS] < 300"
];
group = "core";
interval = "5m";
}
Declared by:
nps.stacks.gatus.envFile
Path to the environment file for the container. Can be used to e.g. pass secrets that are referenced in the settings.
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.gatus.extraSettingsFiles
List of additional YAML files to include in the settings. These files will be mounted as is. Can be used to directly provide YAML files containing secrets, e.g. from sops
Type: list of absolute path
Default:
[ ]
Declared by:
nps.stacks.gatus.settings
Settings for the Gatus container. Will be converted to YAML and passed to the container. To see all valid settings, refer to the projects documentation: https://github.com/TwiN/gatus
Type: YAML 1.1 value
Declared by:
nps.stacks.healthchecks.enable
Whether to enable healthchecks.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.healthchecks.containers.healthchecks
Alias of services.podman.containers.healthchecks.
Type: submodule
Declared by:
nps.stacks.healthchecks.envFile
Path to the environment file for Healthchecks. Should contain SECRET_KEY, SUPERUSER_EMAIL and SUPERUSER_PASSWORD envionment variables
Type: absolute path
Declared by:
nps.stacks.homeassistant.enable
Whether to enable homeassistant.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.homeassistant.containers.homeassistant
Alias of services.podman.containers.homeassistant.
Type: submodule
Declared by:
nps.stacks.homeassistant.settings
Settings that will be written to the âconfiguration.yamlâ file.
If you want to configure settings through the UI, set this option to null.
In that case, no managed configuration.yaml will be provided.
Type: null or YAML 1.1 value
Declared by:
nps.stacks.homepage.enable
Whether to enable the Homepage stack.
The services of enabled stacks will be automatically added to Homepage. The module will also automatically configure the docker integration for the local host and setup some widgets.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.homepage.bookmarks
Homepage bookmarks configuration.
See https://gethomepage.dev/configs/bookmarks/.
Type: YAML 1.1 value
Default:
[ ]
Example:
[
{
Developer = [
{
Github = [
{
abbr = "GH";
href = "https://github.com/";
}
];
}
];
}
{
Entertainment = [
{
YouTube = [
{
abbr = "YT";
href = "https://youtube.com/";
}
];
}
];
}
]
Declared by:
nps.stacks.homepage.containers.homepage
Alias of services.podman.containers.homepage.
Type: submodule
Declared by:
nps.stacks.homepage.docker
Homepage docker configuration.
See https://gethomepage.dev/configs/docker/.
Type: YAML 1.1 value
Default:
{ }
Declared by:
nps.stacks.homepage.services
Homepage services configuration.
See https://gethomepage.dev/configs/services/.
Type: YAML 1.1 value
Default:
[ ]
Example:
[
{
"My First Group" = [
{
"My First Service" = {
description = "Homepage is awesome";
href = "http://localhost/";
};
}
];
}
{
"My Second Group" = [
{
"My Second Service" = {
description = "Homepage is the best";
href = "http://localhost/";
};
}
];
}
]
Declared by:
nps.stacks.homepage.settings
Homepage settings.
See https://gethomepage.dev/configs/settings/.
Type: YAML 1.1 value
Default:
{ }
Declared by:
nps.stacks.homepage.useSocketProxy
Whether to access the Podman socket through the read-only proxy for the homepage stack. Will be enabled by default if the âdocker-socket-proxyâ stack is enabled.
Type: boolean
Default:
config.nps.stacks.docker-socket-proxy.enable
Declared by:
nps.stacks.homepage.widgets
Homepage widgets configuration.
See https://gethomepage.dev/widgets/.
Type: YAML 1.1 value
Default:
[ ]
Example:
[
{
resources = {
cpu = true;
disk = "/";
memory = true;
};
}
{
search = {
provider = "duckduckgo";
target = "_blank";
};
}
]
Declared by:
nps.stacks.immich.enable
Whether to enable immich.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.immich.authelia.enable
Whether to enable OIDC login with Authelia. This will register an OIDC client in Authelia and setup the necessary configuration in Immich.
For details, see:
- https://www.authelia.com/integration/openid-connect/clients/immich/
- https://immich.app/docs/administration/oauth/
Type: boolean
Default:
false
Declared by:
nps.stacks.immich.authelia.clientSecretFile
Path to the file containing that client secret that will be used to authenticate against Authelia.
Type: absolute path
Declared by:
nps.stacks.immich.authelia.clientSecretHash
The hashed client_secret. Will be set in the Authelia client config. For examples on how to generate a client secret, see
https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#client-secret
Type: string
Declared by:
nps.stacks.immich.containers.immich
Alias of services.podman.containers.immich.
Type: submodule
Declared by:
nps.stacks.immich.containers.immich-db
Alias of services.podman.containers.immich-db.
Type: submodule
Declared by:
nps.stacks.immich.containers.immich-machine-learning
Alias of services.podman.containers.immich-machine-learning.
Type: submodule
Declared by:
nps.stacks.immich.containers.immich-redis
Alias of services.podman.containers.immich-redis.
Type: submodule
Declared by:
nps.stacks.immich.db.envFile
Path to the env file containing the âPOSTGRES_PASSWORDâ variable
Type: absolute path
Declared by:
nps.stacks.immich.envFile
Path to the env file containing the âDB_PASSWORDâ variable
Type: absolute path
Declared by:
nps.stacks.immich.settings
Settings that will be written to the âconfig.jsonâ file.
If you want to configure settings through the UI, set this option to null.
In that case, no managed config.json will be provided.
For details to the config file see https://immich.app/docs/install/config-file/
Type: null or JSON value
Declared by:
nps.stacks.ittools.enable
Whether to enable ittools.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.ittools.containers.ittools
Alias of services.podman.containers.ittools.
Type: submodule
Declared by:
nps.stacks.karakeep.enable
Whether to enable karakeep.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.karakeep.containers.karakeep
Alias of services.podman.containers.karakeep.
Type: submodule
Declared by:
nps.stacks.karakeep.containers.karakeep-chrome
Alias of services.podman.containers.karakeep-chrome.
Type: submodule
Declared by:
nps.stacks.karakeep.containers.karakeep-meilisearch
Alias of services.podman.containers.karakeep-meilisearch.
Type: submodule
Declared by:
nps.stacks.karakeep.envFile
Path to env file containing atleast âNEXTAUTH_SECRETâ and âMEILI_MASTER_KEYâ
Type: absolute path
Declared by:
nps.stacks.kimai.enable
Whether to enable kimai.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.kimai.containers.kimai
Alias of services.podman.containers.kimai.
Type: submodule
Declared by:
nps.stacks.kimai.containers.kimai-db
Alias of services.podman.containers.kimai-db.
Type: submodule
Declared by:
nps.stacks.kimai.db.envFile
Path to env file containing the MYSQL_DATABASE, MYSQL_USER, MYSQL_PASSWORD and
MYSQL_ROOT_PASSWORD variables.
Type: absolute path
Declared by:
nps.stacks.kimai.envFile
Path to env file containing the ADMINMAIL, ADMINPASS and
DATABASE_URL variables. The ADMINPASS should have at least 8 characters for the
provisioning to succeed.
The DATABASE_URL variable should be in the format DATABASE_URL=mysql://<<DATABASE_USER>>:<<DATABASE_PASSWORD>>@kimai-db/<<DATABASE_NAME>>?charset=utf8mb4
with the variables matching the ones passed in the db.envFile option.
Type: absolute path
Declared by:
nps.stacks.lldap.enable
Whether to enable lldap.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.lldap.adminPasswordFile
Path to the file containing the admin password.
Type: absolute path
Declared by:
nps.stacks.lldap.adminUsername
Admin username for LDAP as well as the web interface.
Type: string
Default:
"admin"
Declared by:
nps.stacks.lldap.baseDn
The starting point in the LDAP directory tree from which searches begin.
Type: string
Default:
"DC=example,DC=com"
Example:
"DC=mydomain,DC=net"
Declared by:
nps.stacks.lldap.bootstrap.cleanUp
Whether to delete groups and users not specified in the config, also remove users from groups that they do not belong to
Type: boolean
Default:
false
Declared by:
nps.stacks.lldap.bootstrap.groupSchemas
Group schemas. Can be used to create custom group attributes.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
nps.stacks.lldap.bootstrap.groupSchemas.<name>.attributeType
Type of the attribute
Type: one of âSTRINGâ, âINTEGERâ, âJPGEGâ, âDATE_TIMEâ
Declared by:
nps.stacks.lldap.bootstrap.groupSchemas.<name>.isEditable
Whether the attribute is editable by users
Type: boolean
Default:
false
Declared by:
nps.stacks.lldap.bootstrap.groupSchemas.<name>.isList
Whether the attribute can have multiple values
Type: boolean
Default:
false
Declared by:
nps.stacks.lldap.bootstrap.groupSchemas.<name>.isVisible
Whether the attribute is visible by users
Type: boolean
Default:
true
Declared by:
nps.stacks.lldap.bootstrap.groupSchemas.<name>.name
Name of field, case insensitve - you should use lowercase
Type: string matching the pattern ^[a-zA-Z0-9-]+$
Default:
<name>
Declared by:
nps.stacks.lldap.bootstrap.groups
Groups that will be created.
Besides the name, you can also specify custom attributes for the group, if they are defined in the groupSchemas option.
Type: attribute set of (string or signed integer or boolean)
Default:
{ }
Declared by:
nps.stacks.lldap.bootstrap.groups.<name>.name
Name of the group. Defaults to the name of the attribute.
Type: string
Default:
<name>
Declared by:
nps.stacks.lldap.bootstrap.userSchemas
User schema. Can be used to create custom user attributes.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
nps.stacks.lldap.bootstrap.userSchemas.<name>.attributeType
Type of the attribute
Type: one of âSTRINGâ, âINTEGERâ, âJPGEGâ, âDATE_TIMEâ
Declared by:
nps.stacks.lldap.bootstrap.userSchemas.<name>.isEditable
Whether the attribute is editable by users
Type: boolean
Default:
false
Declared by:
nps.stacks.lldap.bootstrap.userSchemas.<name>.isList
Whether the attribute can have multiple values
Type: boolean
Default:
false
Declared by:
nps.stacks.lldap.bootstrap.userSchemas.<name>.isVisible
Whether the attribute is visible by users
Type: boolean
Default:
true
Declared by:
nps.stacks.lldap.bootstrap.userSchemas.<name>.name
Name of field, case insensitve - you should use lowercase
Type: string matching the pattern ^[a-zA-Z0-9-]+$
Default:
<name>
Declared by:
nps.stacks.lldap.bootstrap.users
LLDAP users that will be provisioned at startup.
You can also specify custom attributes for the user, if they are defined in the useSchemas option.
Type: attribute set of (string or signed integer or boolean)
Default:
[ ]
Declared by:
nps.stacks.lldap.bootstrap.users.<name>.avatar_url
Must be a valid URL to jpeg file. (ignored if gravatar_avatar specified)
Type: null or string
Default:
null
Declared by:
nps.stacks.lldap.bootstrap.users.<name>.displayName
Display name of the user
Type: null or string
Default:
null
Declared by:
nps.stacks.lldap.bootstrap.users.<name>.email
E-Mail of the user
Type: string
Declared by:
nps.stacks.lldap.bootstrap.users.<name>.firstName
First name of the user
Type: null or string
Default:
null
Declared by:
nps.stacks.lldap.bootstrap.users.<name>.gravatar_avatar
the script will try to get an avatar from gravatar by previously specified email
Type: boolean
Default:
false
Declared by:
nps.stacks.lldap.bootstrap.users.<name>.groups
An array of groups the user would be a member of (all the groups must be specified in the group option)
Type: list of string
Default:
[ ]
Declared by:
nps.stacks.lldap.bootstrap.users.<name>.id
ID of the user. Defaults to the name of the attribute.
Type: string
Default:
<name>
Declared by:
nps.stacks.lldap.bootstrap.users.<name>.lastName
Last name of the user
Type: null or string
Default:
null
Declared by:
nps.stacks.lldap.bootstrap.users.<name>.password_file
Path to the file containing the user password
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.lldap.containers.lldap
Alias of services.podman.containers.lldap.
Type: submodule
Declared by:
nps.stacks.lldap.envFile
Path to the environment file for LLDAP. Can be used to pass additional variables or secrets.
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.lldap.jwtSecretFile
Path to the file containing the JWT secret
Type: absolute path
Declared by:
nps.stacks.lldap.keySeedFile
Path to the file containing the key seed
Type: absolute path
Declared by:
nps.stacks.lldap.settings
Additional lldap configuration.
If provided, will be mounted as lldap_config.toml;
See https://github.com/lldap/lldap/blob/main/lldap_config.docker_template.toml
Type: null or TOML value
Declared by:
nps.stacks.mealie.enable
Whether to enable mealie.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.mealie.containers.mealie
Alias of services.podman.containers.mealie.
Type: submodule
Declared by:
nps.stacks.microbin.enable
Whether to enable microbin.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.microbin.containers.microbin
Alias of services.podman.containers.microbin.
Type: submodule
Declared by:
nps.stacks.microbin.envFile
Path to env file passed to the container. Can be used to optionally pass secrets such as âMICROBIN_ADMIN_USERNAMEâ, âMICROBIN_ADMIN_PASSWORDâ, âMICROBIN_BASIC_AUTH_USERNAMEâ, âMICROBIN_BASIC_AUTH_PASSWORDâ & âMICROBIN_UPLOADER_PASSWORDâ.
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.monitoring.enable
Enable the monitoring stack. This stack provides monitoring services including Grafana, Loki, Alloy, and Prometheus. Configuration files for each service will be provided automatically to work out of the box.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.monitoring.alloy.enable
Whether to enable Alloy.
Type: boolean
Default:
true
Example:
true
Declared by:
nps.stacks.monitoring.alloy.config
Configuration for Alloy.
A default configuration will be automatically provided by this monitoring module.
The default configuration will ship logs of all containers that set the alloy.enable=true option to Loki.
Multiple definitions of this option will be merged together into a single file.
See https://grafana.com/docs/alloy/latest/get-started/configuration-syntax/
Type: strings concatenated with â\nâ
Declared by:
nps.stacks.monitoring.alloy.useSocketProxy
Whether to access the Podman socket through the read-only proxy for the monitoring stack. Will be enabled by default if the âdocker-socket-proxyâ stack is enabled.
Type: boolean
Default:
config.nps.stacks.docker-socket-proxy.enable
Declared by:
nps.stacks.monitoring.containers.alloy
Alias of services.podman.containers.alloy.
Type: submodule
Declared by:
nps.stacks.monitoring.containers.grafana
Alias of services.podman.containers.grafana.
Type: submodule
Declared by:
nps.stacks.monitoring.containers.loki
Alias of services.podman.containers.loki.
Type: submodule
Declared by:
nps.stacks.monitoring.containers.podman-exporter
Alias of services.podman.containers.podman-exporter.
Type: submodule
Declared by:
nps.stacks.monitoring.containers.prometheus
Alias of services.podman.containers.prometheus.
Type: submodule
Declared by:
nps.stacks.monitoring.grafana.enable
Whether to enable Grafana.
Type: boolean
Default:
true
Example:
true
Declared by:
nps.stacks.monitoring.grafana.dashboards
List of paths to Grafana dashboard JSON files.
Type: list of absolute path
Default:
[ ]
Declared by:
nps.stacks.monitoring.grafana.datasources
Datasource configuration for Grafana. Loki and Prometheus datasources will be automatically configured.
Type: YAML 1.1 value
Declared by:
nps.stacks.monitoring.grafana.settings
Settings for Grafana. Will be written to the âgrafana.iniâ file. See https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#configure-grafana
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Declared by:
nps.stacks.monitoring.loki.enable
Whether to enable Loki.
Type: boolean
Default:
true
Example:
true
Declared by:
nps.stacks.monitoring.loki.config
Configuration for Loki. A default configuration will be automatically provided by this monitoring module.
See https://grafana.com/docs/loki/latest/configuration/
Type: YAML 1.1 value
Default:
{ }
Declared by:
nps.stacks.monitoring.podmanExporter.enable
Whether to enable Podman Metrics Exporter.
Type: boolean
Default:
true
Example:
true
Declared by:
nps.stacks.monitoring.prometheus.enable
Whether to enable Prometheus.
Type: boolean
Default:
true
Example:
true
Declared by:
nps.stacks.monitoring.prometheus.config
Configuration for Prometheus. A default configuration will be automatically provided by this monitoring module.
See https://prometheus.io/docs/prometheus/latest/configuration/configuration/
Type: YAML 1.1 value
Default:
{ }
Declared by:
nps.stacks.n8n.enable
Whether to enable n8n.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.n8n.containers.n8n
Alias of services.podman.containers.n8n.
Type: submodule
Declared by:
nps.stacks.ntfy.enable
Whether to enable ntfy.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.ntfy.enableGrafanaDashboard
Whether to enable Grafana Dashboard.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.ntfy.enablePrometheusExport
Whether to enable Prometheus Export.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.ntfy.containers.ntfy
Alias of services.podman.containers.ntfy.
Type: submodule
Declared by:
nps.stacks.ntfy.env
Additional environment variables passed to the container
Type: attribute set of (null or boolean or signed integer or string or absolute path or list of (null or boolean or signed integer or string or absolute path))
Default:
{ }
Declared by:
nps.stacks.ntfy.envFile
Environment file passed to the container. Can be used to pass secrets such as Webpush Keys.
In order to enable web push support, make sure the env file contains âNTFY_WEB_PUSH_PUBLIC_KEYâ,
âNTFY_WEB_PUSH_PRIVATE_KEYâ & âNTFY_WEB_PUSH_EMAIL_ADDRESSâ variables.
Keys can be generated by running podman run --rm docker.io/binwiederhier/ntfy:latest webpush keys
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.omnitools.enable
Whether to enable omnitools.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.omnitools.containers.omnitools
Alias of services.podman.containers.omnitools.
Type: submodule
Declared by:
nps.stacks.paperless.enable
Whether to enable paperless.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.paperless.authelia.clientSecretHash
The hashed client_secret. For examples on how to generate a client secret, see
https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#client-secret
Type: string
Declared by:
nps.stacks.paperless.authelia.registerClient
Whether to register a Paperless OIDC client in Authelia.
If enabled you need to provide a hashed secret in the client_secret option.
To enable OIDC Login for Paperless, you will have to provide the environment variables PAPERLESS_APPS and PAPERLESS_SOCIALACCOUNT_PROVIDERS,
e.g. in the envFile option.
For details, see:
- https://www.authelia.com/integration/openid-connect/clients/paperless/
- https://docs.paperless-ngx.com/advanced_usage/#openid-connect-and-social-authentication
Type: boolean
Default:
false
Declared by:
nps.stacks.paperless.containers.paperless
Alias of services.podman.containers.paperless.
Type: submodule
Declared by:
nps.stacks.paperless.containers.paperless-broker
Alias of services.podman.containers.paperless-broker.
Type: submodule
Declared by:
nps.stacks.paperless.containers.paperless-db
Alias of services.podman.containers.paperless-db.
Type: submodule
Declared by:
nps.stacks.paperless.containers.paperless-ftp
Alias of services.podman.containers.paperless-ftp.
Type: submodule
Declared by:
nps.stacks.paperless.db.envFile
Path to the env file containing the âPOSTGRES_USERâ and âPOSTGRES_PASSWORDâ variables
Type: absolute path
Declared by:
nps.stacks.paperless.env
Additional environment variables passed to the Paperless container
Type: attribute set of (null or boolean or signed integer or string or absolute path or list of (null or boolean or signed integer or string or absolute path))
Default:
{ }
Declared by:
nps.stacks.paperless.envFile
Path to the environment file containing the âPAPERLESS_DBUSERâ âPAPERLESS_DBPASSâ and âPAPERLESS_SECRET_KEYâ variables.
Type: absolute path
Declared by:
nps.stacks.paperless.ftp.enable
Whether to enable FTP server.
Type: boolean
Default:
true
Example:
true
Declared by:
nps.stacks.paperless.ftp.envFile
Path to the env file containing the âFTP_PASSâ variable. Uploads to the FTP will be placed in the âconsumeâ directory to be ingested by Paperless.
Type: absolute path
Declared by:
nps.stacks.pocketid.enable
Whether to enable pocketid.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.pocketid.containers.pocketid
Alias of services.podman.containers.pocketid.
Type: submodule
Declared by:
nps.stacks.pocketid.env
Additional environment variables passed to the Pocket ID container See https://pocket-id.org/docs/configuration/environment-variables
Type: attribute set of (null or boolean or signed integer or string or absolute path or list of (null or boolean or signed integer or string or absolute path))
Default:
{ }
Declared by:
nps.stacks.pocketid.envFile
Environment file being passed to the container. Can be used to pass additional variables such as âMAXMIND_LICENSE_KEYâ. Refer to https://pocket-id.org/docs/configuration/environment-variables/ for a full list of available variables
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.pocketid.ldap.enableSynchronisation
Whether to sync users and groups from an the LDAP server. Requires the LLDAP stack to be enabled.
Type: boolean
Default:
config.nps.stacks.lldap.enable
Declared by:
nps.stacks.pocketid.ldap.passwordFile
The password for the LDAP user that is used when connecting to the LDAP backend.
Type: absolute path
Default:
config.nps.stacks.lldap.adminPasswordFile
Declared by:
nps.stacks.pocketid.ldap.user
The username that will be used when binding to the LDAP backend.
Type: string
Default:
config.nps.stacks.lldap.adminUsername
Declared by:
nps.stacks.pocketid.traefikIntegration.envFile
Environment file being passed to the Traefik container.
If this is set, a new pocketid middleware will be registered in Traefik.
In order to work, the environment file should contain the secrets
âPOCKET_ID_CLIENT_IDâ, âPOCKET_ID_CLIENT_SECRETâ & âOIDC_MIDDLEWARE_SECRETâ
âPOCKET_ID_CLIENT_IDâ and âPOCKET_ID_CLIENT_SECRETâ are the credentials generated within PocketID for the Traefik client. âOIDC_MIDDLEWARE_SECRETâ should be a random secret.
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.romm.enable
Whether to enable romm.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.romm.authelia.enable
Whether to enable OIDC login with Authelia. This will register an OIDC client in Authelia and setup the necessary environment variables in RomM.
For details, see:
- https://www.authelia.com/integration/openid-connect/clients/romm/
- https://docs.romm.app/latest/OIDC-Guides/OIDC-Setup-With-Authelia/
Type: boolean
Default:
false
Declared by:
nps.stacks.romm.authelia.clientSecretFile
Path to the file containing that client secret that will be used by RomM to authenticate against Authelia.
Type: absolute path
Declared by:
nps.stacks.romm.authelia.clientSecretHash
The hashed client_secret. Will be set in the Authelia client config. For examples on how to generate a client secret, see
https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#client-secret
Type: string
Declared by:
nps.stacks.romm.containers.romm
Alias of services.podman.containers.romm.
Type: submodule
Declared by:
nps.stacks.romm.containers.romm-db
Alias of services.podman.containers.romm-db.
Type: submodule
Declared by:
nps.stacks.romm.db.envFile
Path to the env file containing the âMARIADB_ROOT_PASSWORDâ and âMARIADB_PASSWORDâ variables.
Type: absolute path
Declared by:
nps.stacks.romm.env
Additional environment variables passed to the RomM container
See https://docs.romm.app/latest/Getting-Started/Environment-Variables/
Type: attribute set of (null or boolean or signed integer or string or absolute path or list of (null or boolean or signed integer or string or absolute path))
Default:
{ }
Declared by:
nps.stacks.romm.envFile
Path to env file containing the DB_PASSWD and the ROMM_AUTH_SECRET_KEY variables.
The DB_PASSWD should match the MARIA_DB password passed in the db.envFile option.
Can optionally include more secrets and other variables, such as API_KEYS, e.g.
RETROACHIEVEMENTS_API_KEY or STEAMGRIDDB_API_KEY.
See https://docs.romm.app/latest/Getting-Started/Environment-Variables/
Type: absolute path
Declared by:
nps.stacks.romm.romLibraryPath
Base path on the host where the rom library is stored.
Type: absolute path not in the Nix store
Default:
"${config.nps.storageBaseDir}/romm/library"
Example:
"${config.nps.externalStorageBaseDir}/romm/library"
Declared by:
nps.stacks.romm.settings
RomM settings. If set, will be mounted as the config.yml.
If unset, configuration through UI is possible.
See https://docs.romm.app/latest/Getting-Started/Configuration-File/
Type: null or YAML 1.1 value
Default:
null
Example:
{
platforms = {
gc = "ngc";
psx = "ps";
};
}
Declared by:
nps.stacks.romm.setupAdminUser
Whether to enable automated admin user provisioning. If enabled, an admin user will be created automatically on startup.
Make sure the file provided in the envFile option contains the variables ADMIN_USERNAME (default âadminâ),
ADMIN_PASSWORD (default âadminâ) and ADMIN_EMAIL (default âadmin@admin.comâ).
When disabled, you will be prompted for admin user creation when visiting the RomM UI the first time.
Type: boolean
Default:
false
Declared by:
nps.stacks.stirling-pdf.enable
Whether to enable stirling-pdf.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.stirling-pdf.containers.stirling-pdf
Alias of services.podman.containers.stirling-pdf.
Type: submodule
Declared by:
nps.stacks.streaming.enable
Whether to enable streaming.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.streaming.bazarr.enable
Whether to enable bazarr.
Type: boolean
Default:
true
Example:
true
Declared by:
nps.stacks.streaming.bazarr.envFile
Path to the environment file for bazarr.
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.streaming.containers.bazarr
Alias of services.podman.containers.bazarr.
Type: submodule
Declared by:
nps.stacks.streaming.containers.gluetun
Alias of services.podman.containers.gluetun.
Type: submodule
Declared by:
nps.stacks.streaming.containers.jellyfin
Alias of services.podman.containers.jellyfin.
Type: submodule
Declared by:
nps.stacks.streaming.containers.prowlarr
Alias of services.podman.containers.prowlarr.
Type: submodule
Declared by:
nps.stacks.streaming.containers.qbittorrent
Alias of services.podman.containers.qbittorrent.
Type: submodule
Declared by:
nps.stacks.streaming.containers.radarr
Alias of services.podman.containers.radarr.
Type: submodule
Declared by:
nps.stacks.streaming.containers.sonarr
Alias of services.podman.containers.sonarr.
Type: submodule
Declared by:
nps.stacks.streaming.flaresolverr.enable
Whether to enable Flaresolverr.
Type: boolean
Default:
true
Example:
true
Declared by:
nps.stacks.streaming.gluetun.enable
Whether to enable Gluetun.
Type: boolean
Default:
true
Example:
true
Declared by:
nps.stacks.streaming.gluetun.envFile
Path to the environment file for Gluetun. Should contain Wireguard credentials such as âWIREGUARD_PRIVATE_KEYâ, âWIREGUARD_ADDRESSESâ and âWIREGUARD_PRESHARED_KEYâ
Type: absolute path
Declared by:
nps.stacks.streaming.gluetun.settings
Additional Gluetun configuration settings.
Type: TOML value
Declared by:
nps.stacks.streaming.gluetun.vpnProvider
The VPN provider to use with Gluetun.
Type: string
Declared by:
nps.stacks.streaming.jellyfin.enable
Whether to enable Jellyfin.
Type: boolean
Default:
true
Example:
true
Declared by:
nps.stacks.streaming.prowlarr.enable
Whether to enable prowlarr.
Type: boolean
Default:
true
Example:
true
Declared by:
nps.stacks.streaming.prowlarr.envFile
Path to the environment file for prowlarr.
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.streaming.qbittorrent.enable
Whether to enable qBittorrent.
Type: boolean
Default:
true
Example:
true
Declared by:
nps.stacks.streaming.qbittorrent.envFile
Path to the environment file for qBittorrent.
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.streaming.radarr.enable
Whether to enable radarr.
Type: boolean
Default:
true
Example:
true
Declared by:
nps.stacks.streaming.radarr.envFile
Path to the environment file for radarr.
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.streaming.sonarr.enable
Whether to enable sonarr.
Type: boolean
Default:
true
Example:
true
Declared by:
nps.stacks.streaming.sonarr.envFile
Path to the environment file for sonarr.
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.traefik.enable
Wheter to enable Traefik. The Traefik stack ships preconfigured with a dynamic and static configuration.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.traefik.enableGrafanaAccessLogDashboard
Whether to enable Grafana Access Log Dashboard.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.traefik.enableGrafanaMetricsDashboard
Whether to enable Grafana Metrics Dashboard.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.traefik.enablePrometheusExport
Whether to enable Prometheus Export.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.traefik.containers.traefik
Alias of services.podman.containers.traefik.
Type: submodule
Declared by:
nps.stacks.traefik.domain
Base domain handled by Traefik
Type: string
Declared by:
nps.stacks.traefik.dynamicConfig
Dynamic configuration for Traefik. By default, the module will setup two middlewares: private & public. The private middleware (applied by default to all services) will only allow access from internal networks. The public middleware (applied by default to all services) will allow access from the internet. It will be configured with a rate limit, security headers and a geoblock plugin (if enabled).
Type: YAML 1.1 value
Default:
{ }
Declared by:
nps.stacks.traefik.envFile
Path to the environment file for Traefik. Can be used to pass secrets, e.g. the API tokens for the DNS provider.
Type: absolute path
Declared by:
nps.stacks.traefik.geoblock.enable
Enable the geoblock plugin for Traefik. This will block access to the services based on the country code of the request. The plugin uses the IP2Location database to determine the country code. If enabled, the geoblock will be used in the âpublicâ middleware, allowing only requests from the allowed countries.
Type: boolean
Default:
true
Declared by:
nps.stacks.traefik.geoblock.allowedCountries
List of allowed country codes (ISO 3166-1 alpha-2 format) See https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements
Type: list of string
Default:
[ ]
Declared by:
nps.stacks.traefik.network.name
Network name for Podman bridge network. Will be used by the Traefik Docker provider
Type: string
Default:
"traefik-proxy"
Declared by:
nps.stacks.traefik.staticConfig
Static configuration for Traefik.
By default, for the configured domain, a wildcard certificate will be requested from letsencrypt
and used for all services that are registered with Traefik.
By default Cloudflare with DNS challenge will be used to request the certificate.
This requires the âCF_DNS_API_TOKENâ environment variable to be set in the envFile option file.
The DNS provider as well as any other settings can be overwritten. For an example see https://github.com/Tarow/nix-podman-stacks/blob/main/examples/traefik-dns-provider.nix
Type: YAML 1.1 value
Declared by:
nps.stacks.traefik.useSocketProxy
Whether to access the Podman socket through the read-only proxy for the traefik stack. Will be enabled by default if the âdocker-socket-proxyâ stack is enabled.
Type: boolean
Default:
config.nps.stacks.docker-socket-proxy.enable
Declared by:
nps.stacks.uptime-kuma.enable
Whether to enable uptime-kuma.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.uptime-kuma.containers.uptime-kuma
Alias of services.podman.containers.uptime-kuma.
Type: submodule
Declared by:
nps.stacks.vaultwarden.enable
Whether to enable vaultwarden.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.vaultwarden.containers.vaultwarden
Alias of services.podman.containers.vaultwarden.
Type: submodule
Declared by:
nps.stacks.vaultwarden.env
Additional environment variables passed to the container
Type: attribute set of (null or boolean or signed integer or string or absolute path or list of (null or boolean or signed integer or string or absolute path))
Default:
{ }
Declared by:
nps.stacks.vaultwarden.envFile
Environment file passed to the container. Can be used to pass secrets such as 'ADMIN_TOKEN; For a list of all environment variables refer to https://github.com/dani-garcia/vaultwarden/blob/main/.env.template
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.wg-easy.enable
Whether to enable wg-easy.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.wg-easy.containers.wg-easy
Alias of services.podman.containers.wg-easy.
Type: submodule
Declared by:
nps.stacks.wg-easy.envFile
Path to the environment file. Can be used to pass secrets, e.g. âINIT_PASSWORDâ.
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.wg-easy.host
The external domain or IP address of the Wireguard server. Will be used as the âendpointâ when generating client configurations.
Only has an effect during initial setup. See https://wg-easy.github.io/wg-easy/v15.1/advanced/config/unattended-setup/
Type: string
Default:
"vpn.${config.nps.stacks.traefik.domain}"
Declared by:
nps.stacks.wg-easy.port
The port on which the Wireguard server will listen. Will be passed as INIT_PORT during initial setup. Only has an effect during initial setup. See https://wg-easy.github.io/wg-easy/v15.1/advanced/config/unattended-setup/
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
51820
Declared by:
nps.stacks.wg-portal.enable
Whether to enable wg-portal.
Type: boolean
Default:
false
Example:
true
Declared by:
nps.stacks.wg-portal.containers.wg-portal
Alias of services.podman.containers.wg-portal.
Type: submodule
Declared by:
nps.stacks.wg-portal.envFile
Path to the environment file. Can be used to pass env variables such as secrets, that are used in the settings.
Type: null or absolute path
Default:
null
Declared by:
nps.stacks.wg-portal.port
The default port for the first Wireguard interface that will be set up in the UI. Will be exposed and passed as the âstart_listen_portâ setting in the configuration.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
51820
Declared by:
nps.stacks.wg-portal.settings
Settings for the wg-portal container. Will be converted to YAML and passed to the container. See https://wgportal.org/latest/documentation/configuration/overview/
Type: YAML 1.1 value
Declared by:
Container Options
This project extends Home Managers existing services.podman.containers options, to provide additional abstractions for example for Traefik or Homepage.
The options can be set directly on services.podman.container level, or through the stack aliases provided with this project.
For example, the following two configurations are equivalent:
nps.stacks = {
streaming.containers.jellyfin.traefik.middlewares = ["public"];
};
services.podman.containers.jellyfin.traefik.middlewares = ["public"];
The following lists all extension options that will be added by this project.
services.podman.containers.<name>.alloy.enable
Whether to enable Alloy Log Scraping. If enabled, Alloy will scrape logs from the container and ship them to Loki.; .
Type: boolean
Default:
false
Example:
true
Declared by:
services.podman.containers.<name>.dependsOn
List of systemd resources that this container depends on.
When specifying a dependency on another container, use the option dependsOnContainer instead.
Type: list of string
Default:
[ ]
Declared by:
services.podman.containers.<name>.dependsOnContainer
List of containers that this container depends on.
Similar to dependsOn, but will automatically apply correct pre- and suffix for
the generated systemd services.
Type: list of string
Default:
[ ]
Declared by:
services.podman.containers.<name>.fileEnvMount
Convenience wrapper option, that simplifies passing _FILE based environment variables.
For each attribute in the attrset, a volume mapping from sourcePath to destPath will be added,
and an environment variable will be set to the destPath.
Example:
API_KEY_FILE = {
srcPath = "/host/api-key.txt";
dstPath = "/container/api-key.txt";
};
will add a volume to the container, e.g.:
volumes = [${sourcePath}:${destPath}];
and also add an environment variable:
env.API_KEY_FILE = destPath;
You can also provide a simple path, which will be treated as the sourcePath:
DB_PASSWORD_FILE = ./secrets/db-password.txt;
The destPath will be inferred.
Type: attribute set of (absolute path or (submodule))
Default:
{ }
Example:
{
API_KEY_FILE = {
destPath = "/app/config/api-key.txt";
sourcePath = "/secrets/api-key.txt";
};
DB_PASSWORD_FILE = /nix/store/75jxs9649716dnjqq73rj28ycby5wj9q-source/modules/secrets/db-password.txt;
}
Declared by:
services.podman.containers.<name>.gatus.enable
Whether to enable gatus.
Type: boolean
Default:
false
Example:
true
Declared by:
services.podman.containers.<name>.gatus.settings
Endpoint Settings for the container. Will be added to the Gatus endpoint configuration.
Type: YAML 1.1 value
Default:
{ }
Declared by:
services.podman.containers.<name>.homepage.enable
Whether to add the container as a service to the Homepage dashboard.
Type: boolean
Default:
true
Declared by:
services.podman.containers.<name>.homepage.category
The category under which the service will be listed on the Homepage dashboard.
Type: null or string
Default:
null
Declared by:
services.podman.containers.<name>.homepage.name
The name of the service as it will appear on the Homepage dashboard. If not set, the container name will be used.
Type: null or string
Default:
lib.toSentenceCase <containerName>
Declared by:
services.podman.containers.<name>.homepage.settings
Settings for the Homepage service. This can include icon, href, description, widget configuration, etc. See https://gethomepage.dev/configs/services/#services/
Type: YAML 1.1 value
Default:
{ }
Declared by:
services.podman.containers.<name>.port
Main port that Traefik will forward traffic to. If Traefik is disabled, it will instead be added to the âportsâ section
Type: null or string or signed integer
Default:
null
Declared by:
services.podman.containers.<name>.socketActivation
List of socket activation configurations for this container. Each entry should specify a port and optionally a file descriptor name. This will create a systemd socket that activates the container when accessed.
Will be used by containers like Traefik by default. Allows the container to access real-ip without the request being proxied through pasta/slirp4netns.
For details regarding rootless Podman networking and socket activation, see: https://github.com/eriksjolund/podman-networking-docs
Type: list of (submodule)
Default:
[ ]
Declared by:
services.podman.containers.<name>.socketActivation.*.fileDescriptorName
Name of the file descriptor that the socket should use.
Type: null or string
Default:
null
Declared by:
services.podman.containers.<name>.socketActivation.*.port
Port that the socket should listen on
Type: string or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
services.podman.containers.<name>.stack
Stack that a container is part of. For every stack, a Podman networking will be crearted that the respective container will be connected to.
Type: null or string
Default:
null
Declared by:
services.podman.containers.<name>.traefik.middlewares
A list of middlewares to apply to the service. These will be applied in the order they are listed.
Type: list of impossible (empty enum)
Default:
[
"private"
]
Declared by:
services.podman.containers.<name>.traefik.name
The name of the service as it will be registered in Traefik. Will be used as a default for the subdomain.
If not set (null), the service will not be registered in Traefik.
Type: null or string
Default:
null
Declared by:
services.podman.containers.<name>.traefik.serviceAddressInternal
The internal main address of the service. Can be used for internal communication without going through Traefik, when inside the same Podman network.
Type: string (read only)
Default:
"${containerName}${containerCfg.port}"
Declared by:
services.podman.containers.<name>.traefik.serviceDomain
The full domain of the service as it will be registered in Traefik. This will be the serviceHost including the âhttps://â prefix.
Type: string (read only)
Default:
"https://${traefikCfg.serviceHost}"
Declared by:
services.podman.containers.<name>.traefik.serviceHost
The host name of the service as it will be registered in Traefik.
Type: string (read only)
Default:
"${traefikCfg.subDomain}.${nps.stacks.traefik.domain}"
Declared by:
services.podman.containers.<name>.traefik.subDomain
The subdomain of the service as it will be registered in Traefik.
Type: string
Default:
"traefikCfg.name"
Declared by: