Stack Options
The tarow.podman.stacks options allow enabling and configuring various stacks.
Most stacks just require the enable option set to true. Some stacks can optionally be configured to adjust settings or pass environment files (e.g. for secrets).
If you want to make changes that are not possible through the exposed stack options directly, aliases to the services.podman.container options are provided, which let you override or modify any attribute that the stack modules set.
For instance, accessing tarow.podman.stacks.streaming.containers.jellyfin is an alias to services.podman.containers.jellyfin and allows editing any of the known services.podman.containers options, such as networks, volumes and environment files. Usually this should not be necessary though.
The following list contains the options for all available stacks.
tarow.podman.stacks.adguard.enable
Whether to enable adguard.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.adguard.containers.adguard
Alias of services.podman.containers.adguard.
Type: submodule
Declared by:
tarow.podman.stacks.aiostreams.enable
Whether to enable aiostreams.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.aiostreams.containers.aiostreams
Alias of services.podman.containers.aiostreams.
Type: submodule
Declared by:
tarow.podman.stacks.aiostreams.envFile
Path to the environment file for AIOStreams. Can be used to pass secrets.
Type: null or absolute path
Default:
null
Declared by:
tarow.podman.stacks.audiobookshelf.enable
Whether to enable audiobookshelf.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.audiobookshelf.containers.audiobookshelf
Alias of services.podman.containers.audiobookshelf.
Type: submodule
Declared by:
tarow.podman.stacks.beszel.enable
Whether to enable beszel.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.beszel.containers.beszel
Alias of services.podman.containers.beszel.
Type: submodule
Declared by:
tarow.podman.stacks.beszel.containers.beszel-agent
Alias of services.podman.containers.beszel-agent.
Type: submodule
Declared by:
tarow.podman.stacks.beszel.ed25519PrivateKeyFile
Path to private SSH key that will be used by the hub to authenticate against agent If not provided, the hub will generate a new key pair when starting.
Type: null or absolute path
Default:
null
Declared by:
tarow.podman.stacks.beszel.ed25519PublicKeyFile
Path to public SSH key of the hub that will be considered authorized by agent
If not provided, the KEY environment variable should be set to the public key of the hub,
in order for the connection from hub to agent to work.
Type: null or absolute path
Default:
null
Declared by:
tarow.podman.stacks.beszel.settings
System configuration (optional). If provided, on each restart, systems in the database will be updated to match the systems defined in the settings. To see your current configuration, refer to settings -> YAML Config -> Export configuration
The module will automatically provide a configuration to add the local agent to the hub.
Type: null or YAML 1.1 value
Default:
null
Example:
{
systems = [
{
host = "/beszel_socket/beszel.sock";
name = "Local";
port = 45876;
users = [ ];
}
];
}
Declared by:
tarow.podman.stacks.beszel.useSocketProxy
Whether to access the Podman socket through the read-only proxy for the beszel stack. Will be enabled by default if the ‘docker-socket-proxy’ stack is enabled.
Type: boolean
Default:
config.tarow.podman.stacks.docker-socket-proxy.enable
Declared by:
tarow.podman.stacks.blocky.enable
Whether to enable blocky.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.blocky.enableGrafanaDashboard
Whether to enable Grafana Dashboard.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.blocky.enablePrometheusExport
Whether to enable Prometheus Export.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.blocky.containers.blocky
Alias of services.podman.containers.blocky.
Type: submodule
Declared by:
tarow.podman.stacks.blocky.settings
Blocky configuration. Will be converted to the config.yml.
For a full list of options, refer to the Blocky documentation
By default, if Traefik is enabled, the module will automatically setup a DNS override pointing the Traefik domain to your host IP.
Type: YAML 1.1 value
Declared by:
tarow.podman.stacks.bytestash.enable
Whether to enable bytestash.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.bytestash.containers.bytestash
Alias of services.podman.containers.bytestash.
Type: submodule
Declared by:
tarow.podman.stacks.bytestash.env
Additional environment variables passed to the ByteStash container. Can be used to override the preset.
See https://docs.romm.app/latest/Getting-Started/Environment-Variables/
Type: attribute set of (null or boolean or signed integer or string or absolute path or list of (null or boolean or signed integer or string or absolute path))
Default:
{ }
Declared by:
tarow.podman.stacks.bytestash.envFile
Path to the environment file containing atleast the ‘JWT_SECRET’ variable.
See https://github.com/jordan-dalby/ByteStash/wiki/FAQ#environment-variables
Type: null or absolute path
Default:
null
Declared by:
tarow.podman.stacks.calibre.enable
Whether to enable calibre.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.calibre.containers.calibre
Alias of services.podman.containers.calibre.
Type: submodule
Declared by:
tarow.podman.stacks.calibre.containers.calibre-downloader
Alias of services.podman.containers.calibre-downloader.
Type: submodule
Declared by:
tarow.podman.stacks.changedetection.enable
Whether to enable changedetection.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.changedetection.containers.changedetection
Alias of services.podman.containers.changedetection.
Type: submodule
Declared by:
tarow.podman.stacks.changedetection.containers.sockpuppetbrowser
Alias of services.podman.containers.sockpuppetbrowser.
Type: submodule
Declared by:
tarow.podman.stacks.crowdsec.enable
Whether to enable crowdsec.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.crowdsec.acquisSettings
Acquisitions settings for Crowdsec. If Traefik is enabled, the module will automatically setup acquisition for Traefik.
Type: YAML 1.1 value
Default:
{ }
Declared by:
tarow.podman.stacks.crowdsec.containers.crowdsec
Alias of services.podman.containers.crowdsec.
Type: submodule
Declared by:
tarow.podman.stacks.crowdsec.envFile
Path to the env file containing secrets, e.g. the ‘ENROLL_INSTANCE_NAME’ and ‘ENROLL_KEY’ variables.
To automatically monitor Traefik logs and add a Traefik middleware, make sure to configure the traefikIntegration options
Type: null or absolute path
Default:
null
Declared by:
tarow.podman.stacks.crowdsec.traefikIntegration.enable
Wheter to configure aquis settings for Traefik. If enabled, Traefik access logs will be automatically collected.
To also setup a Traefik middleware that makes use of the CrowdSec decisions to block requests, make sure to configure
the bouncerEnvFile option.
Type: boolean
Default:
config.tarow.podman.stacks.traefik.enable
Declared by:
tarow.podman.stacks.crowdsec.traefikIntegration.bouncerEnvFile
Path to env file containing the BOUNCER_KEY_TRAEFIK environment variable.
If this is set, a Bouncer will be setup in CrowdSec. Also a new crowdsec middleware will be registered in Traefik and added to the ‘public’ chain.
This will block requests to exposed services that are detected as malicious by Crowdsec.
Type: null or absolute path
Default:
null
Declared by:
tarow.podman.stacks.crowdsec.traefikIntegration.useSocketProxy
Whether to access the Podman socket through the read-only proxy for the crowdsec stack. Will be enabled by default if the ‘docker-socket-proxy’ stack is enabled.
Type: boolean
Default:
config.tarow.podman.stacks.docker-socket-proxy.enable
Declared by:
tarow.podman.stacks.dockdns.enable
Whether to enable DockDNS. This will run a Cloudflare DNS client that updates DNS records based on Docker labels. The module contains an extension that will automatically create DNS records for services with the ‘public’ Traefik middleware, so they are accessible from the internet. It will also automatically delete DNS records for services, that are no longer exposed (e.g. ‘private’ middleware)
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.dockdns.containers.dockdns
Alias of services.podman.containers.dockdns.
Type: submodule
Declared by:
tarow.podman.stacks.dockdns.envFile
Path to a file containing environment variables for the API token for the domain. E.g. for a domain ‘test.example.com’, the file should contain ‘TEST_EXAMPLE_COM_API_TOKEN=your_api_token’.
Type: absolute path
Default:
null
Declared by:
tarow.podman.stacks.dockdns.settings
Settings for DockDNS. For details, refer to the DockDNS documentation The module will provide a default configuration, that updates DNS records every 10 minutes. DockDNS labels will be automatically added to services with the ‘public’ Traefik middleware.
Type: YAML 1.1 value
Declared by:
tarow.podman.stacks.dockdns.useSocketProxy
Whether to access the Podman socket through the read-only proxy for the dockdns stack. Will be enabled by default if the ‘docker-socket-proxy’ stack is enabled.
Type: boolean
Default:
config.tarow.podman.stacks.docker-socket-proxy.enable
Declared by:
tarow.podman.stacks.docker-socket-proxy.enable
Whether to enable docker-socket-proxy.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.docker-socket-proxy.containers.docker-socket-proxy
Alias of services.podman.containers.docker-socket-proxy.
Type: submodule
Declared by:
tarow.podman.stacks.dozzle.enable
Whether to enable Dozzle.
The module contains an extension that will automatically add all containers to Dozzle groups,
if they stack attribute is set.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.dozzle.containers.dozzle
Alias of services.podman.containers.dozzle.
Type: submodule
Declared by:
tarow.podman.stacks.dozzle.useSocketProxy
Whether to access the Podman socket through the read-only proxy for the dozzle stack. Will be enabled by default if the ‘docker-socket-proxy’ stack is enabled.
Type: boolean
Default:
config.tarow.podman.stacks.docker-socket-proxy.enable
Declared by:
tarow.podman.stacks.filebrowser.enable
Whether to enable filebrowser.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.filebrowser.containers.filebrowser
Alias of services.podman.containers.filebrowser.
Type: submodule
Declared by:
tarow.podman.stacks.filebrowser.mounts
Mount points for the file browser.
Format: { 'hostPath' = 'containerPath' }
By default, the users home directory and the external storage directory (config.tarow.podman.externalStorageBaseDir)
are configured as mounts.
Type: attribute set of string
Example:
{
"/home/foo/media" = "/media";
"/mnt/ext/data" = "/data";
}
Declared by:
tarow.podman.stacks.forgejo.enable
Whether to enable forgejo.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.forgejo.containers.forgejo
Alias of services.podman.containers.forgejo.
Type: submodule
Declared by:
tarow.podman.stacks.forgejo.settings
Optional app settings for Forgejo. For a full list of options, refer to the Forgejo documentation.
Type: null or (attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string)))
Default:
null
Declared by:
tarow.podman.stacks.freshrss.enable
Whether to enable freshrss.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.freshrss.containers.freshrss
Alias of services.podman.containers.freshrss.
Type: submodule
Declared by:
tarow.podman.stacks.freshrss.envFile
Path to the env file containing admin user secrets. The file should contain the variables ‘ADMIN_USERNAME’, ‘ADMIN_EMAIL’, ‘ADMIN_PASSWORD’ and ‘ADMIN_API_PASSWORD’. If the file is not set, automatic user creation will not be triggered. This only effects the first run. For details see https://github.com/FreshRSS/FreshRSS/tree/edge/Docker#environment-variables
Type: null or absolute path
Default:
null
Declared by:
tarow.podman.stacks.gatus.enable
Whether to enable Gatus. The module also provides an extension that will add Gatus options to a container. This allows services to be added to Gatus by settings container options.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.gatus.containers.gatus
Alias of services.podman.containers.gatus.
Type: submodule
Declared by:
tarow.podman.stacks.gatus.containers.gatus-db
Alias of services.podman.containers.gatus-db.
Type: submodule
Declared by:
tarow.podman.stacks.gatus.db.envFile
Path to the environment file for the database. Required if db.type is set to “postgres”. Must contain the environment variables ‘POSTGRES_USER’, and ‘POSTGRES_PASSWORD’.
Type: absolute path
Declared by:
tarow.podman.stacks.gatus.db.type
Type of the database to use. Can be set to “sqlite” or “postgres”. If set to “postgres”, the envFile option must be set.
Type: one of “sqlite”, “postgres”
Declared by:
tarow.podman.stacks.gatus.defaultEndpoint
Default endpoint settings. Will merged with each provided endpoint. Only applies if endpoint does not override the default endpoint settings.
Type: YAML 1.1 value
Default:
{
client = {
insecure = true;
timeout = "10s";
};
conditions = [
"[STATUS] >= 200"
"[STATUS] < 300"
];
group = "core";
interval = "5m";
}
Declared by:
tarow.podman.stacks.gatus.envFile
Path to the environment file for the container. Can be used to e.g. pass secrets that are referenced in the settings.
Type: null or absolute path
Default:
null
Declared by:
tarow.podman.stacks.gatus.extraSettingsFiles
List of additional YAML files to include in the settings. These files will be mounted as is. Can be used to directly provide YAML files containing secrets, e.g. from sops
Type: list of absolute path
Default:
[ ]
Declared by:
tarow.podman.stacks.gatus.settings
Settings for the Gatus container. Will be converted to YAML and passed to the container. To see all valid settings, refer to the projects documentation: https://github.com/TwiN/gatus
Type: YAML 1.1 value
Declared by:
tarow.podman.stacks.healthchecks.enable
Whether to enable healthchecks.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.healthchecks.containers.healthchecks
Alias of services.podman.containers.healthchecks.
Type: submodule
Declared by:
tarow.podman.stacks.healthchecks.envFile
Path to the environment file for Healthchecks. Should contain SECRET_KEY, SUPERUSER_EMAIL and SUPERUSER_PASSWORD envionment variables
Type: absolute path
Declared by:
tarow.podman.stacks.homeassistant.enable
Whether to enable homeassistant.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.homeassistant.containers.homeassistant
Alias of services.podman.containers.homeassistant.
Type: submodule
Declared by:
tarow.podman.stacks.homeassistant.settings
Settings that will be written to the ‘configuration.yaml’ file.
If you want to configure settings through the UI, set this option to null.
In that case, no managed configuration.yaml will be provided.
Type: null or YAML 1.1 value
Declared by:
tarow.podman.stacks.homepage.enable
Whether to enable the Homepage stack.
The services of enabled stacks will be automatically added to Homepage. The module will also automatically configure the docker integration for the local host and setup some widgets.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.homepage.bookmarks
Homepage bookmarks configuration.
See https://gethomepage.dev/configs/bookmarks/.
Type: YAML 1.1 value
Default:
[ ]
Example:
[
{
Developer = [
{
Github = [
{
abbr = "GH";
href = "https://github.com/";
}
];
}
];
}
{
Entertainment = [
{
YouTube = [
{
abbr = "YT";
href = "https://youtube.com/";
}
];
}
];
}
]
Declared by:
tarow.podman.stacks.homepage.containers.homepage
Alias of services.podman.containers.homepage.
Type: submodule
Declared by:
tarow.podman.stacks.homepage.docker
Homepage docker configuration.
See https://gethomepage.dev/configs/docker/.
Type: YAML 1.1 value
Default:
{ }
Declared by:
tarow.podman.stacks.homepage.services
Homepage services configuration.
See https://gethomepage.dev/configs/services/.
Type: YAML 1.1 value
Default:
[ ]
Example:
[
{
"My First Group" = [
{
"My First Service" = {
description = "Homepage is awesome";
href = "http://localhost/";
};
}
];
}
{
"My Second Group" = [
{
"My Second Service" = {
description = "Homepage is the best";
href = "http://localhost/";
};
}
];
}
]
Declared by:
tarow.podman.stacks.homepage.settings
Homepage settings.
See https://gethomepage.dev/configs/settings/.
Type: YAML 1.1 value
Default:
{ }
Declared by:
tarow.podman.stacks.homepage.useSocketProxy
Whether to access the Podman socket through the read-only proxy for the homepage stack. Will be enabled by default if the ‘docker-socket-proxy’ stack is enabled.
Type: boolean
Default:
config.tarow.podman.stacks.docker-socket-proxy.enable
Declared by:
tarow.podman.stacks.homepage.widgets
Homepage widgets configuration.
See https://gethomepage.dev/widgets/.
Type: YAML 1.1 value
Default:
[ ]
Example:
[
{
resources = {
cpu = true;
disk = "/";
memory = true;
};
}
{
search = {
provider = "duckduckgo";
target = "_blank";
};
}
]
Declared by:
tarow.podman.stacks.immich.enable
Whether to enable immich.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.immich.containers.immich
Alias of services.podman.containers.immich.
Type: submodule
Declared by:
tarow.podman.stacks.immich.containers.immich-db
Alias of services.podman.containers.immich-db.
Type: submodule
Declared by:
tarow.podman.stacks.immich.containers.immich-machine-learning
Alias of services.podman.containers.immich-machine-learning.
Type: submodule
Declared by:
tarow.podman.stacks.immich.containers.immich-redis
Alias of services.podman.containers.immich-redis.
Type: submodule
Declared by:
tarow.podman.stacks.immich.db.envFile
Path to the env file containing the ‘POSTGRES_PASSWORD’ variable
Type: absolute path
Declared by:
tarow.podman.stacks.immich.envFile
Path to the env file containing the ‘DB_PASSWORD’ variable
Type: absolute path
Declared by:
tarow.podman.stacks.immich.settings
Settings that will be written to the ‘config.json’ file.
If you want to configure settings through the UI, set this option to null.
In that case, no managed config.json will be provided.
For details to the config file see https://immich.app/docs/install/config-file/
Type: null or JSON value
Declared by:
tarow.podman.stacks.ittools.enable
Whether to enable ittools.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.ittools.containers.ittools
Alias of services.podman.containers.ittools.
Type: submodule
Declared by:
tarow.podman.stacks.karakeep.enable
Whether to enable karakeep.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.karakeep.containers.karakeep
Alias of services.podman.containers.karakeep.
Type: submodule
Declared by:
tarow.podman.stacks.karakeep.containers.karakeep-chrome
Alias of services.podman.containers.karakeep-chrome.
Type: submodule
Declared by:
tarow.podman.stacks.karakeep.containers.karakeep-meilisearch
Alias of services.podman.containers.karakeep-meilisearch.
Type: submodule
Declared by:
tarow.podman.stacks.karakeep.envFile
Path to env file containing atleast ‘NEXTAUTH_SECRET’ and ‘MEILI_MASTER_KEY’
Type: absolute path
Declared by:
tarow.podman.stacks.mealie.enable
Whether to enable mealie.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.mealie.containers.mealie
Alias of services.podman.containers.mealie.
Type: submodule
Declared by:
tarow.podman.stacks.microbin.enable
Whether to enable microbin.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.microbin.containers.microbin
Alias of services.podman.containers.microbin.
Type: submodule
Declared by:
tarow.podman.stacks.microbin.envFile
Path to env file passed to the container. Can be used to optionally pass secrets such as ‘MICROBIN_ADMIN_USERNAME’, ‘MICROBIN_ADMIN_PASSWORD’, ‘MICROBIN_BASIC_AUTH_USERNAME’, ‘MICROBIN_BASIC_AUTH_PASSWORD’ & ‘MICROBIN_UPLOADER_PASSWORD’.
Type: null or absolute path
Default:
null
Declared by:
tarow.podman.stacks.monitoring.enable
Enable the monitoring stack. This stack provides monitoring services including Grafana, Loki, Alloy, and Prometheus. Configuration files for each service will be provided automatically to work out of the box.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.monitoring.alloy.enable
Whether to enable Alloy.
Type: boolean
Default:
true
Example:
true
Declared by:
tarow.podman.stacks.monitoring.alloy.config
Configuration for Alloy.
A default configuration will be automatically provided by this monitoring module.
The default configuration will ship logs of all containers that set the alloy.enable=true option to Loki.
Multiple definitions of this option will be merged together into a single file.
See https://grafana.com/docs/alloy/latest/get-started/configuration-syntax/
Type: strings concatenated with “\n”
Declared by:
tarow.podman.stacks.monitoring.alloy.useSocketProxy
Whether to access the Podman socket through the read-only proxy for the monitoring stack. Will be enabled by default if the ‘docker-socket-proxy’ stack is enabled.
Type: boolean
Default:
config.tarow.podman.stacks.docker-socket-proxy.enable
Declared by:
tarow.podman.stacks.monitoring.containers.alloy
Alias of services.podman.containers.alloy.
Type: submodule
Declared by:
tarow.podman.stacks.monitoring.containers.grafana
Alias of services.podman.containers.grafana.
Type: submodule
Declared by:
tarow.podman.stacks.monitoring.containers.loki
Alias of services.podman.containers.loki.
Type: submodule
Declared by:
tarow.podman.stacks.monitoring.containers.podman-exporter
Alias of services.podman.containers.podman-exporter.
Type: submodule
Declared by:
tarow.podman.stacks.monitoring.containers.prometheus
Alias of services.podman.containers.prometheus.
Type: submodule
Declared by:
tarow.podman.stacks.monitoring.grafana.enable
Whether to enable Grafana.
Type: boolean
Default:
true
Example:
true
Declared by:
tarow.podman.stacks.monitoring.grafana.dashboards
List of paths to Grafana dashboard JSON files.
Type: list of absolute path
Default:
[ ]
Declared by:
tarow.podman.stacks.monitoring.grafana.datasources
Datasource configuration for Grafana. Loki and Prometheus datasources will be automatically configured.
Type: YAML 1.1 value
Declared by:
tarow.podman.stacks.monitoring.grafana.settings
Settings for Grafana. Will be written to the ‘grafana.ini’ file. See https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#configure-grafana
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Declared by:
tarow.podman.stacks.monitoring.loki.enable
Whether to enable Loki.
Type: boolean
Default:
true
Example:
true
Declared by:
tarow.podman.stacks.monitoring.loki.config
Configuration for Loki. A default configuration will be automatically provided by this monitoring module.
See https://grafana.com/docs/loki/latest/configuration/
Type: YAML 1.1 value
Default:
{ }
Declared by:
tarow.podman.stacks.monitoring.podmanExporter.enable
Whether to enable Podman Metrics Exporter.
Type: boolean
Default:
true
Example:
true
Declared by:
tarow.podman.stacks.monitoring.prometheus.enable
Whether to enable Prometheus.
Type: boolean
Default:
true
Example:
true
Declared by:
tarow.podman.stacks.monitoring.prometheus.config
Configuration for Prometheus. A default configuration will be automatically provided by this monitoring module.
See https://prometheus.io/docs/prometheus/latest/configuration/configuration/
Type: YAML 1.1 value
Default:
{ }
Declared by:
tarow.podman.stacks.n8n.enable
Whether to enable n8n.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.n8n.containers.n8n
Alias of services.podman.containers.n8n.
Type: submodule
Declared by:
tarow.podman.stacks.ntfy.enable
Whether to enable ntfy.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.ntfy.enableGrafanaDashboard
Whether to enable Grafana Dashboard.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.ntfy.enablePrometheusExport
Whether to enable Prometheus Export.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.ntfy.containers.ntfy
Alias of services.podman.containers.ntfy.
Type: submodule
Declared by:
tarow.podman.stacks.ntfy.env
Additional environment variables passed to the container
Type: attribute set of (null or boolean or signed integer or string or absolute path or list of (null or boolean or signed integer or string or absolute path))
Default:
{ }
Declared by:
tarow.podman.stacks.ntfy.envFile
Environment file passed to the container. Can be used to pass secrets such as Webpush Keys.
In order to enable web push support, make sure the env file contains ‘NTFY_WEB_PUSH_PUBLIC_KEY’,
‘NTFY_WEB_PUSH_PRIVATE_KEY’ & ‘NTFY_WEB_PUSH_EMAIL_ADDRESS’ variables.
Keys can be generated by running podman run --rm docker.io/binwiederhier/ntfy:latest webpush keys
Type: null or absolute path
Default:
null
Declared by:
tarow.podman.stacks.omnitools.enable
Whether to enable omnitools.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.omnitools.containers.omnitools
Alias of services.podman.containers.omnitools.
Type: submodule
Declared by:
tarow.podman.stacks.paperless.enable
Whether to enable paperless.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.paperless.containers.paperless
Alias of services.podman.containers.paperless.
Type: submodule
Declared by:
tarow.podman.stacks.paperless.containers.paperless-broker
Alias of services.podman.containers.paperless-broker.
Type: submodule
Declared by:
tarow.podman.stacks.paperless.containers.paperless-db
Alias of services.podman.containers.paperless-db.
Type: submodule
Declared by:
tarow.podman.stacks.paperless.containers.paperless-ftp
Alias of services.podman.containers.paperless-ftp.
Type: submodule
Declared by:
tarow.podman.stacks.paperless.db.envFile
Path to the env file containing the ‘POSTGRES_USER’ and ‘POSTGRES_PASSWORD’ variables
Type: absolute path
Declared by:
tarow.podman.stacks.paperless.env
Additional environment variables passed to the Paperless container
Type: attribute set of (null or boolean or signed integer or string or absolute path or list of (null or boolean or signed integer or string or absolute path))
Default:
{ }
Declared by:
tarow.podman.stacks.paperless.envFile
Path to the environment file containing the ‘PAPERLESS_DBUSER’ ‘PAPERLESS_DBPASS’ and ‘PAPERLESS_SECRET_KEY’ variables.
Type: absolute path
Declared by:
tarow.podman.stacks.paperless.ftp.enable
Whether to enable FTP server.
Type: boolean
Default:
true
Example:
true
Declared by:
tarow.podman.stacks.paperless.ftp.envFile
Path to the env file containing the ‘FTP_PASS’ variable. Uploads to the FTP will be placed in the ‘consume’ directory to be ingested by Paperless.
Type: absolute path
Declared by:
tarow.podman.stacks.pocketid.enable
Whether to enable pocketid.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.pocketid.containers.pocketid
Alias of services.podman.containers.pocketid.
Type: submodule
Declared by:
tarow.podman.stacks.pocketid.envFile
Environment file being passed to the container. Can be used to pass additional variables such as ‘MAXMIND_LICENSE_KEY’. Refer to https://pocket-id.org/docs/configuration/environment-variables/ for a full list of available variables
Type: null or absolute path
Default:
null
Declared by:
tarow.podman.stacks.pocketid.traefikIntegration.envFile
Environment file being passed to the Traefik container.
If this is set, a new pocketid middleware will be registered in Traefik.
In order to work, the environment file should contain the secrets
‘POCKET_ID_CLIENT_ID’, ‘POCKET_ID_CLIENT_SECRET’ & ‘OIDC_MIDDLEWARE_SECRET’
‘POCKET_ID_CLIENT_ID’ and ‘POCKET_ID_CLIENT_SECRET’ are the credentials generated within PocketID for the Traefik client. ‘OIDC_MIDDLEWARE_SECRET’ should be a random secret.
Type: null or absolute path
Default:
null
Declared by:
tarow.podman.stacks.romm.enable
Whether to enable romm.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.romm.containers.romm
Alias of services.podman.containers.romm.
Type: submodule
Declared by:
tarow.podman.stacks.romm.containers.romm-db
Alias of services.podman.containers.romm-db.
Type: submodule
Declared by:
tarow.podman.stacks.romm.db.envFile
Path to the env file containing the ‘MARIADB_ROOT_PASSWORD’ and ‘MARIADB_PASSWORD’ variables.
Type: absolute path
Declared by:
tarow.podman.stacks.romm.env
Additional environment variables passed to the RomM container
See https://docs.romm.app/latest/Getting-Started/Environment-Variables/
Type: attribute set of (null or boolean or signed integer or string or absolute path or list of (null or boolean or signed integer or string or absolute path))
Default:
{ }
Declared by:
tarow.podman.stacks.romm.envFile
Path to env file containing the DB_PASSWD and the ROMM_AUTH_SECRET_KEY variables.
The DB_PASSWD should match the MARIA_DB password passed in the db.envFile option.
Can optionally include more secrets and other variables, such as API_KEYS, e.g.
RETROACHIEVEMENTS_API_KEY or STEAMGRIDDB_API_KEY.
See https://docs.romm.app/latest/Getting-Started/Environment-Variables/
Type: absolute path
Declared by:
tarow.podman.stacks.romm.romLibraryPath
Base path on the host where the rom library is stored.
Type: absolute path not in the Nix store
Default:
"${config.tarow.podman.storageBaseDir}/romm/library"
Example:
"${config.tarow.podman.externalStorageBaseDir}/romm/library"
Declared by:
tarow.podman.stacks.romm.settings
RomM settings. If set, will be mounted as the config.yml.
If unset, configuration through UI is possible.
See https://docs.romm.app/latest/Getting-Started/Configuration-File/
Type: null or YAML 1.1 value
Default:
null
Example:
{
platforms = {
gc = "ngc";
psx = "ps";
};
}
Declared by:
tarow.podman.stacks.romm.setupAdminUser
Whether to enable automated admin user provisioning. If enabled, an admin user will be created automatically on startup.
Make sure the file provided in the envFile option contains the variables ADMIN_USERNAME (default ‘admin’),
ADMIN_PASSWORD (default ‘admin’) and ADMIN_EMAIL (default ‘admin@admin.com’).
When disabled, you will be prompted for admin user creation when visiting the RomM UI the first time.
Type: boolean
Default:
false
Declared by:
tarow.podman.stacks.stirling-pdf.enable
Whether to enable stirling-pdf.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.stirling-pdf.containers.stirling-pdf
Alias of services.podman.containers.stirling-pdf.
Type: submodule
Declared by:
tarow.podman.stacks.streaming.enable
Whether to enable streaming.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.streaming.bazarr.enable
Whether to enable bazarr.
Type: boolean
Default:
true
Example:
true
Declared by:
tarow.podman.stacks.streaming.bazarr.envFile
Path to the environment file for bazarr.
Type: null or absolute path
Default:
null
Declared by:
tarow.podman.stacks.streaming.containers.bazarr
Alias of services.podman.containers.bazarr.
Type: submodule
Declared by:
tarow.podman.stacks.streaming.containers.gluetun
Alias of services.podman.containers.gluetun.
Type: submodule
Declared by:
tarow.podman.stacks.streaming.containers.jellyfin
Alias of services.podman.containers.jellyfin.
Type: submodule
Declared by:
tarow.podman.stacks.streaming.containers.prowlarr
Alias of services.podman.containers.prowlarr.
Type: submodule
Declared by:
tarow.podman.stacks.streaming.containers.qbittorrent
Alias of services.podman.containers.qbittorrent.
Type: submodule
Declared by:
tarow.podman.stacks.streaming.containers.radarr
Alias of services.podman.containers.radarr.
Type: submodule
Declared by:
tarow.podman.stacks.streaming.containers.sonarr
Alias of services.podman.containers.sonarr.
Type: submodule
Declared by:
tarow.podman.stacks.streaming.flaresolverr.enable
Whether to enable Flaresolverr.
Type: boolean
Default:
true
Example:
true
Declared by:
tarow.podman.stacks.streaming.gluetun.enable
Whether to enable Gluetun.
Type: boolean
Default:
true
Example:
true
Declared by:
tarow.podman.stacks.streaming.gluetun.envFile
Path to the environment file for Gluetun. Should contain Wireguard credentials such as ‘WIREGUARD_PRIVATE_KEY’, ‘WIREGUARD_ADDRESSES’ and ‘WIREGUARD_PRESHARED_KEY’
Type: absolute path
Declared by:
tarow.podman.stacks.streaming.gluetun.settings
Additional Gluetun configuration settings.
Type: TOML value
Declared by:
tarow.podman.stacks.streaming.gluetun.vpnProvider
The VPN provider to use with Gluetun.
Type: string
Declared by:
tarow.podman.stacks.streaming.jellyfin.enable
Whether to enable Jellyfin.
Type: boolean
Default:
true
Example:
true
Declared by:
tarow.podman.stacks.streaming.prowlarr.enable
Whether to enable prowlarr.
Type: boolean
Default:
true
Example:
true
Declared by:
tarow.podman.stacks.streaming.prowlarr.envFile
Path to the environment file for prowlarr.
Type: null or absolute path
Default:
null
Declared by:
tarow.podman.stacks.streaming.qbittorrent.enable
Whether to enable qBittorrent.
Type: boolean
Default:
true
Example:
true
Declared by:
tarow.podman.stacks.streaming.qbittorrent.envFile
Path to the environment file for qBittorrent.
Type: null or absolute path
Default:
null
Declared by:
tarow.podman.stacks.streaming.radarr.enable
Whether to enable radarr.
Type: boolean
Default:
true
Example:
true
Declared by:
tarow.podman.stacks.streaming.radarr.envFile
Path to the environment file for radarr.
Type: null or absolute path
Default:
null
Declared by:
tarow.podman.stacks.streaming.sonarr.enable
Whether to enable sonarr.
Type: boolean
Default:
true
Example:
true
Declared by:
tarow.podman.stacks.streaming.sonarr.envFile
Path to the environment file for sonarr.
Type: null or absolute path
Default:
null
Declared by:
tarow.podman.stacks.traefik.enable
Wheter to enable Traefik. The Traefik stack ships preconfigured with a dynamic and static configuration.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.traefik.enableGrafanaAccessLogDashboard
Whether to enable Grafana Access Log Dashboard.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.traefik.enableGrafanaMetricsDashboard
Whether to enable Grafana Metrics Dashboard.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.traefik.enablePrometheusExport
Whether to enable Prometheus Export.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.traefik.containers.traefik
Alias of services.podman.containers.traefik.
Type: submodule
Declared by:
tarow.podman.stacks.traefik.domain
Base domain handled by Traefik
Type: string
Declared by:
tarow.podman.stacks.traefik.dynamicConfig
Dynamic configuration for Traefik. By default, the module will setup two middlewares: private & public. The private middleware (applied by default to all services) will only allow access from internal networks. The public middleware (applied by default to all services) will allow access from the internet. It will be configured with a rate limit, security headers and a geoblock plugin (if enabled).
Type: YAML 1.1 value
Default:
{ }
Declared by:
tarow.podman.stacks.traefik.envFile
Path to the environment file for Traefik. Can be used to pass secrets, e.g. the API tokens for the DNS provider.
Type: absolute path
Declared by:
tarow.podman.stacks.traefik.geoblock.enable
Enable the geoblock plugin for Traefik. This will block access to the services based on the country code of the request. The plugin uses the IP2Location database to determine the country code. If enabled, the geoblock will be used in the ‘public’ middleware, allowing only requests from the allowed countries.
Type: boolean
Default:
true
Declared by:
tarow.podman.stacks.traefik.geoblock.allowedCountries
List of allowed country codes (ISO 3166-1 alpha-2 format) See https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements
Type: list of string
Default:
[ ]
Declared by:
tarow.podman.stacks.traefik.network.name
Network name for Podman bridge network. Will be used by the Traefik Docker provider
Type: string
Default:
"traefik-proxy"
Declared by:
tarow.podman.stacks.traefik.staticConfig
Static configuration for Traefik.
By default, for the configured domain, a wildcard certificate will be requested from letsencrypt
and used for all services that are registered with Traefik.
By default Cloudflare with DNS challenge will be used to request the certificate.
This requires the ‘CF_DNS_API_TOKEN’ environment variable to be set in the envFile option file.
The DNS provider as well as any other settings can be overwritten. For an example see https://github.com/Tarow/nix-podman-stacks/blob/main/examples/traefik-dns-provider.nix
Type: YAML 1.1 value
Declared by:
tarow.podman.stacks.traefik.useSocketProxy
Whether to access the Podman socket through the read-only proxy for the traefik stack. Will be enabled by default if the ‘docker-socket-proxy’ stack is enabled.
Type: boolean
Default:
config.tarow.podman.stacks.docker-socket-proxy.enable
Declared by:
tarow.podman.stacks.uptime-kuma.enable
Whether to enable uptime-kuma.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.uptime-kuma.containers.uptime-kuma
Alias of services.podman.containers.uptime-kuma.
Type: submodule
Declared by:
tarow.podman.stacks.vaultwarden.enable
Whether to enable vaultwarden.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.vaultwarden.containers.vaultwarden
Alias of services.podman.containers.vaultwarden.
Type: submodule
Declared by:
tarow.podman.stacks.vaultwarden.env
Additional environment variables passed to the container
Type: attribute set of (null or boolean or signed integer or string or absolute path or list of (null or boolean or signed integer or string or absolute path))
Default:
{ }
Declared by:
tarow.podman.stacks.vaultwarden.envFile
Environment file passed to the container. Can be used to pass secrets such as 'ADMIN_TOKEN; For a list of all environment variables refer to https://github.com/dani-garcia/vaultwarden/blob/main/.env.template
Type: null or absolute path
Default:
null
Declared by:
tarow.podman.stacks.wg-easy.enable
Whether to enable wg-easy.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.wg-easy.containers.wg-easy
Alias of services.podman.containers.wg-easy.
Type: submodule
Declared by:
tarow.podman.stacks.wg-easy.envFile
Path to the environment file. Can be used to pass secrets, e.g. ‘INIT_PASSWORD’.
Type: null or absolute path
Default:
null
Declared by:
tarow.podman.stacks.wg-easy.host
The external domain or IP address of the Wireguard server. Will be used as the ‘endpoint’ when generating client configurations.
Only has an effect during initial setup. See https://wg-easy.github.io/wg-easy/v15.1/advanced/config/unattended-setup/
Type: string
Default:
"vpn.${config.tarow.podman.stacks.traefik.domain}"
Declared by:
tarow.podman.stacks.wg-easy.port
The port on which the Wireguard server will listen. Will be passed as INIT_PORT during initial setup. Only has an effect during initial setup. See https://wg-easy.github.io/wg-easy/v15.1/advanced/config/unattended-setup/
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
51820
Declared by:
tarow.podman.stacks.wg-portal.enable
Whether to enable wg-portal.
Type: boolean
Default:
false
Example:
true
Declared by:
tarow.podman.stacks.wg-portal.containers.wg-portal
Alias of services.podman.containers.wg-portal.
Type: submodule
Declared by:
tarow.podman.stacks.wg-portal.envFile
Path to the environment file. Can be used to pass env variables such as secrets, that are used in the settings.
Type: null or absolute path
Default:
null
Declared by:
tarow.podman.stacks.wg-portal.port
The default port for the first Wireguard interface that will be set up in the UI. Will be exposed and passed as the ‘start_listen_port’ setting in the configuration.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
51820
Declared by:
tarow.podman.stacks.wg-portal.settings
Settings for the wg-portal container. Will be converted to YAML and passed to the container. See https://wgportal.org/latest/documentation/configuration/overview/
Type: YAML 1.1 value
Declared by: