beszel
Lightweight server monitoring platform
Example
{config, ...}: {
nps.stacks.beszel = {
enable = true;
ed25519PrivateKeyFile = config.sops.secrets."beszel/ssh_key".path;
ed25519PublicKeyFile = config.sops.secrets."beszel/ssh_pub_key".path;
oidc = {
registerClient = true;
clientSecretHash = "$pbkdf2-sha512$...";
};
};
}Stack Options
nps.stacks.beszel.containers.beszel
Alias of {option}services.podman.containers.beszel.
nps.stacks.beszel.containers.beszel-agent
Alias of {option}services.podman.containers.beszel-agent.
nps.stacks.beszel.ed25519PrivateKeyFile
Path to private SSH key that will be used by the hub to authenticate against agent If not provided, the hub will generate a new key pair when starting.
nps.stacks.beszel.ed25519PublicKeyFile
Path to public SSH key of the hub that will be considered authorized by agent
If not provided, the KEY environment variable should be set to the public key of the hub,
in order for the connection from hub to agent to work.
nps.stacks.beszel.enable
Whether to enable beszel.
nps.stacks.beszel.oidc.clientSecretHash
The client secret hash. For examples on how to generate a client secret, see
https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#client-secret
The value can be passed in multiple ways:
- As a literal string
- As an absolute path to a file containing the hash (
toFile) - As an absolute oath to a file containing the client_secret, in which case the hash will be automatically computed (
toHash)
string or (submodule)# Literal String:
"$pbkdf2-sha512$310000$cbOAIWbfz3vCVXIPIp6d2A$J0klwULa6TvPRCU1HAfuKua/dMKTl8gbTYJz2N73ejGUu0LUGz/y3kwmJLuKuAYGg3WQOT0q9ZzVHHUvpKpgvQ"
# Client secret hash stored in a file
{ fromFile = config.sops.secrets."immich/client_secret_hash".path; }
# Client secret stored in a file: Hash will be computed dynamically
{ toHash = config.sops.secrets."immich/client_secret".path; }nps.stacks.beszel.oidc.registerClient
Whether to register a Beszel OIDC client in Authelia.
If enabled you need to provide a hashed secret in the client_secret option.
To enable OIDC Login for Beszel, you will have to set it up in Beszels Web-UI. For details, see:
nps.stacks.beszel.oidc.userGroup
Users of this group will be able to log in
nps.stacks.beszel.settings
System configuration (optional). If provided, on each restart, systems in the database will be updated to match the systems defined in the settings. To see your current configuration, refer to settings -> YAML Config -> Export configuration
null or YAML 1.1 valuenull{
systems = [
{
host = "/beszel_socket/beszel.sock";
name = "Local";
port = 45876;
users = [
"admin@example.com"
];
}
];
}nps.stacks.beszel.useSocketProxy
Whether to access the Podman socket through the read-only proxy for the beszel stack. Will be enabled by default if the 'docker-socket-proxy' stack is enabled.
booleanconfig.nps.stacks.docker-socket-proxy.enable