norish

Shared recipe app

• Github

Example

{config, ...}: {
  nps.stacks.norish = {
    enable = true;

    masterKeyFile = config.sops.secrets."norish/master_key".path;
    db.passwordFile = config.sops.secrets."norish/db_password".path;
    oidc = {
      enable = true;
      clientSecretFile = config.sops.secrets."norish/authelia/client_secret".path;
      clientSecretHash = "$pbkdf2-sha512$...";
    };
  };
}

Stack Options

nps.stacks.norish.containers.norish

Alias of {option}services.podman.containers.norish.

Type

submodule

Declaration

<nps/modules/norish>

nps.stacks.norish.containers.norish-browser

Alias of {option}services.podman.containers.norish-browser.

Type

submodule

Declaration

<nps/modules/norish>

nps.stacks.norish.containers.norish-db

Alias of {option}services.podman.containers.norish-db.

Type

submodule

Declaration

<nps/modules/norish>

nps.stacks.norish.containers.norish-redis

Alias of {option}services.podman.containers.norish-redis.

Type

submodule

Declaration

<nps/modules/norish>

nps.stacks.norish.db.passwordFile

Path to the file containing the database password

Type

absolute path

Declaration

<nps/modules/norish>

nps.stacks.norish.db.username

Database user name

Type

string

Default

"norish"

Declaration

<nps/modules/norish>

nps.stacks.norish.enable

Whether to enable norish.

Type

boolean

Default

false

Example

true

Declaration

<nps/modules/norish>

nps.stacks.norish.masterKeyFile

Path to the file containing the master encryption key. Can be generated with openssl rand -base64 32. See https://github.com/norish-recipes/norish?tab=readme-ov-file#required-variables

Type

absolute path

Declaration

<nps/modules/norish>

nps.stacks.norish.oidc.adminGroup

Users of this group will be assigned admin rights

Type

string

Default

"norish_admin"

Declaration

<nps/modules/norish>

nps.stacks.norish.oidc.clientSecretFile

The file containing the client secret for the OIDC client that will be registered in Authelia.

For examples on how to generate a client secret, see

https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#client-secret

Type

string

Example

config.sops.secrets."immich/authelia/client_secret".path"

Declaration

<nps/modules/norish>

nps.stacks.norish.oidc.clientSecretHash

The client secret hash. For examples on how to generate a client secret, see https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#client-secret

The value can be passed in multiple ways:

1. As a literal string
2. As an absolute path to a file containing the hash (toFile)
3. As an absolute oath to a file containing the client_secret, in which case the hash will be automatically computed (toHash)
4. As null

If left unset (null), the client secret will be read from the file specified in the clientSecretFile option and hashed automatically before being passed to the Authelia container.

Type

null or string or (submodule)

Default

null

Example

# Literal String:
"$pbkdf2-sha512$310000$cbOAIWbfz3vCVXIPIp6d2A$J0klwULa6TvPRCU1HAfuKua/dMKTl8gbTYJz2N73ejGUu0LUGz/y3kwmJLuKuAYGg3WQOT0q9ZzVHHUvpKpgvQ"

# Client secret hash stored in a file
{ fromFile = config.sops.secrets."immich/client_secret_hash".path; }

# Client secret stored in a file: Hash will be computed dynamically
{ toHash = config.sops.secrets."immich/client_secret".path; }

# Null (default): Hash will be computed automatically based on the clientSecretFile option
# Equivalent to { toHash = cfg.oidc.clientSecretFile; }
null

Declaration

<nps/modules/norish>

nps.stacks.norish.oidc.enable

Whether to enable OIDC login with Authelia. This will register an OIDC client in Authelia and setup the necessary configuration.

For details, see:

• https://github.com/norish-recipes/norish?tab=readme-ov-file#first-time-auth-provider

Type

boolean

Default

false

Declaration

<nps/modules/norish>

nps.stacks.norish.oidc.userGroup

Users of this group will be able to log in

Type

string

Default

"norish_user"

Declaration

<nps/modules/norish>