tandoor
Example
{config, ...}: {
tandoor = {
enable = true;
secretKeyFile = config.sops.secrets."tandoor/secret_key".path;
db.passwordFile = config.sops.secrets."tandoor/db_password".path;
oidc = {
enable = true;
clientSecretFile = config.sops.secrets."tandoor/authelia/client_secret".path;
clientSecretHash = "$pbkdf2-sha512$...";
};
containers.tandoor.extraEnv = {
# https://docs.tandoor.dev/system/configuration/#default-permissions
SOCIAL_DEFAULT_ACCESS = 1;
SOCIAL_DEFAULT_GROUP = "user";
};
};
}Stack Options
nps.stacks.tandoor.containers.tandoor
Alias of {option}services.podman.containers.tandoor.
nps.stacks.tandoor.containers.tandoor-db
Alias of {option}services.podman.containers.tandoor-db.
nps.stacks.tandoor.db.passwordFile
Path to the file containing the database password
nps.stacks.tandoor.db.username
Database user name
nps.stacks.tandoor.enable
Whether to enable tandoor.
nps.stacks.tandoor.oidc.clientSecretFile
The file containing the client secret for the OIDC client that will be registered in Authelia.
nps.stacks.tandoor.oidc.clientSecretHash
The hashed client_secret. Will be set in the Authelia client config. For examples on how to generate a client secret, see
https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#client-secret
nps.stacks.tandoor.oidc.enable
Whether to enable OIDC login with Authelia. This will register an OIDC client in Authelia and setup the necessary configuration.
For details, see:
nps.stacks.tandoor.oidc.userGroup
Users must be a part of this group to be able to log in.
nps.stacks.tandoor.secretKeyFile
Path to the file containing the Paperless secret key
See https://docs.tandoor.dev/system/configuration/#secret-key