freshrss
News feed agregator
Example
{config, ...}: {
nps.stacks.freshrss = {
enable = true;
oidc = {
enable = true;
clientSecretHash = "$pbkdf2-sha512$...";
clientSecretFile = config.sops.secrets."freshrss/authelia/client_secret".path;
cryptoKeyFile = config.sops.secrets."freshrss/authelia/crypto_key".path;
};
};
}Stack Options
nps.stacks.freshrss.adminProvisioning.apiPasswordFile
Path to a file containing the admin API password
nps.stacks.freshrss.adminProvisioning.email
Email address for the admin user
nps.stacks.freshrss.adminProvisioning.enable
Whether to automatically create an admin user on the first run. If set to false, you will be prompted to create an admin user when visiting the FreshRSS web interface for the first time. This only affects the first run of the container.
If you want to use OIDC login, disable this option. The first logged in OIDC user will be admin in that case. See https://freshrss.github.io/FreshRSS/en/admins/16_OpenID-Connect.html
nps.stacks.freshrss.adminProvisioning.passwordFile
Path to a file containing the admin user password
nps.stacks.freshrss.adminProvisioning.username
Username for the admin user
nps.stacks.freshrss.containers.freshrss
Alias of {option}services.podman.containers.freshrss.
nps.stacks.freshrss.enable
Whether to enable freshrss.
nps.stacks.freshrss.oidc.clientSecretFile
The file containing the client secret for the OIDC client that will be registered in Authelia.
For examples on how to generate a client secret, see
https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#client-secret
stringconfig.sops.secrets."immich/authelia/client_secret".path"nps.stacks.freshrss.oidc.clientSecretHash
The client secret hash. For examples on how to generate a client secret, see https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#client-secret
The value can be passed in multiple ways:
- As a literal string
- As an absolute path to a file containing the hash (
toFile) - As an absolute oath to a file containing the client_secret, in which case the hash will be automatically computed (
toHash) - As
null
If left unset (null), the client secret will be read from the file specified in the clientSecretFile option and hashed automatically before being passed to the Authelia container.
null or string or (submodule)null# Literal String:
"$pbkdf2-sha512$310000$cbOAIWbfz3vCVXIPIp6d2A$J0klwULa6TvPRCU1HAfuKua/dMKTl8gbTYJz2N73ejGUu0LUGz/y3kwmJLuKuAYGg3WQOT0q9ZzVHHUvpKpgvQ"
# Client secret hash stored in a file
{ fromFile = config.sops.secrets."immich/client_secret_hash".path; }
# Client secret stored in a file: Hash will be computed dynamically
{ toHash = config.sops.secrets."immich/client_secret".path; }
# Null (default): Hash will be computed automatically based on the clientSecretFile option
# Equivalent to { toHash = cfg.oidc.clientSecretFile; }
nullnps.stacks.freshrss.oidc.cryptoKeyFile
Opaque key used for internal encryption.
nps.stacks.freshrss.oidc.enable
Whether to enable OIDC login with Authelia. This will register an OIDC client in Authelia and setup the necessary configuration.
The first user created with OIDC login on initial setup will be admin. Make sure to follow the 'Initial Setup Process' instructions at https://freshrss.github.io/FreshRSS/en/admins/16_OpenID-Connect.html
For details, see:
nps.stacks.freshrss.oidc.userGroup
Users of this group will be able to log in