Nix Podman Stacks

nps.stacks.pocketid.enable

Whether to enable pocketid.

Type: boolean

Default: false

Example: true

Declared by:

• <nix-podman-stacks/modules/pocket-id>

nps.stacks.pocketid.containers.pocketid

Alias of services.podman.containers.pocketid.

Type: submodule

Declared by:

• <nix-podman-stacks/modules/pocket-id>

nps.stacks.pocketid.env

Additional environment variables passed to the Pocket ID container See https://pocket-id.org/docs/configuration/environment-variables

Type: attribute set of (null or boolean or signed integer or string or absolute path or list of (null or boolean or signed integer or string or absolute path))

Default: { }

Declared by:

• <nix-podman-stacks/modules/pocket-id>

nps.stacks.pocketid.extraEnv

Extra environment variables to set for the container. Variables can be either set directly or sourced from a file (e.g. for secrets).

See https://pocket-id.org/docs/configuration/environment-variables

Type: attribute set of (null or boolean or signed integer or string or absolute path or (submodule))

Default: { }

Example:

{
  FOO = "bar";
  MAXMIND_LICENSE_KEY = {
    fromFile = "/run/secrets/maxmind_key";
  };
}

Declared by:

• <nix-podman-stacks/modules/pocket-id>

nps.stacks.pocketid.ldap.enableSynchronisation

Whether to sync users and groups from an the LDAP server. Requires the LLDAP stack to be enabled.

Type: boolean

Default: config.nps.stacks.lldap.enable

Declared by:

• <nix-podman-stacks/modules/pocket-id>

nps.stacks.pocketid.ldap.passwordFile

The password for the LDAP user that is used when connecting to the LDAP backend.

Type: absolute path

Default: config.nps.stacks.lldap.adminPasswordFile

Declared by:

• <nix-podman-stacks/modules/pocket-id>

nps.stacks.pocketid.ldap.username

The username that will be used when binding to the LDAP backend.

Type: string

Default: config.nps.stacks.lldap.adminUsername

Declared by:

• <nix-podman-stacks/modules/pocket-id>

nps.stacks.pocketid.traefikIntegration.enable

Whether to setup a pocketid middleware in Traefik. The middleware will use the https://github.com/sevensolutions/traefik-oidc-auth plugin to secure upstream services.

Type: boolean

Default: config.nps.stacks.traefik.enable

Declared by:

• <nix-podman-stacks/modules/pocket-id>

nps.stacks.pocketid.traefikIntegration.clientId

The client ID used by the Traefik OIDC middleware.

Type: string

Example: "traefik"

Declared by:

• <nix-podman-stacks/modules/pocket-id>

nps.stacks.pocketid.traefikIntegration.clientSecretFile

The file containing the client secret used by the Traefik OIDC middleware.

Type: absolute path

Declared by:

• <nix-podman-stacks/modules/pocket-id>

nps.stacks.pocketid.traefikIntegration.encryptionSecretFile

The file containing the encryption secret used by the Traefik OIDC middleware. This should be a random secret.

See https://traefik-oidc-auth.sevensolutions.cc/docs/getting-started/middleware-configuration

Type: absolute path

Declared by:

• <nix-podman-stacks/modules/pocket-id>