shb.arr.bazarr
Configuration for bazarr
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.enable
Whether to enable bazarr.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.authEndpoint
Endpoint to the SSO provider. Leave null to not have SSO configured.
Type: null or string
Default:
null
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.backup
Backup configuration. This is an output option.
Use it to initialize a block implementing the “backup” contract. For example, with the restic block:
shb.restic.instances."bazarr" = {
request = config.shb.bazarr.backup;
settings = {
enable = true;
};
}
Type: submodule (read only)
Default:
{
excludePatterns = [
".db-shm"
".db-wal"
".mono"
];
sourceDirectories = [
"/var/lib/bazarr"
];
user = "bazarr";
}
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.backup.excludePatterns
File patterns to exclude.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.backup.hooks
Hooks to run around the backup.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.backup.hooks.after_backup
Hooks to run after backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.backup.hooks.before_backup
Hooks to run before backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.backup.sourceDirectories
Directories to backup.
Type: non-empty (list of string)
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.backup.user
Unix user doing the backups.
Type: string
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.dataDir
Directory where bazarr stores data.
Type: string
Default:
"/var/lib/bazarr"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.domain
Domain under which bazarr will be served.
Type: string
Example:
"example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.settings
Specific options for bazarr.
Type: XML value
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.settings.LogLevel
Log level.
Type: one of “debug”, “info”
Default:
"info"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.settings.Port
Port on which bazarr listens to incoming requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) (read only)
Default:
6767
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.subdomain
Subdomain under which bazarr will be served.
Type: string
Example:
"bazarr"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett
Configuration for jackett
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.enable
Whether to enable jackett.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.authEndpoint
Endpoint to the SSO provider. Leave null to not have SSO configured.
Type: null or string
Default:
null
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.backup
Backup configuration. This is an output option.
Use it to initialize a block implementing the “backup” contract. For example, with the restic block:
shb.restic.instances."jackett" = {
request = config.shb.jackett.backup;
settings = {
enable = true;
};
}
Type: submodule (read only)
Default:
{
excludePatterns = [
".db-shm"
".db-wal"
".mono"
];
sourceDirectories = [
"/var/lib/jackett"
];
user = "jackett";
}
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.backup.excludePatterns
File patterns to exclude.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.backup.hooks
Hooks to run around the backup.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.backup.hooks.after_backup
Hooks to run after backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.backup.hooks.before_backup
Hooks to run before backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.backup.sourceDirectories
Directories to backup.
Type: non-empty (list of string)
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.backup.user
Unix user doing the backups.
Type: string
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.dataDir
Directory where jackett stores data.
Type: string
Default:
"/var/lib/jackett"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.domain
Domain under which jackett will be served.
Type: string
Example:
"example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings
Specific options for jackett.
Type: JSON value
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.ApiKey
Path to api key secret file.
Type: submodule
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.ApiKey.source
File containing the value.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.ApiKey.transform
An optional function to transform the secret.
Type: raw value
Default:
null
Example:
v: "prefix-$${v}-suffix"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.FlareSolverrUrl
FlareSolverr endpoint.
Type: null or string
Default:
null
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.OmdbApiKey
File containing the Open Movie Database API key.
Type: null or (submodule)
Default:
null
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.OmdbApiKey.source
File containing the value.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.OmdbApiKey.transform
An optional function to transform the secret.
Type: raw value
Default:
null
Example:
v: "prefix-$${v}-suffix"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.Port
Port on which jackett listens to incoming requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) (read only)
Default:
9117
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.ProxyPort
Port of the proxy. Ignored if ProxyType is set to -1
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.ProxyType
-1 = disabled 0 = HTTP 1 = SOCKS4 2 = SOCKS5
Type: one of “-1”, “0”, “1”, “2”
Default:
"-1"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.ProxyUrl
URL of the proxy. Ignored if ProxyType is set to -1
Type: null or string
Default:
null
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.subdomain
Subdomain under which jackett will be served.
Type: string
Example:
"jackett"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr
Configuration for lidarr
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.enable
Whether to enable lidarr.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.authEndpoint
Endpoint to the SSO provider. Leave null to not have SSO configured.
Type: null or string
Default:
null
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.backup
Backup configuration. This is an output option.
Use it to initialize a block implementing the “backup” contract. For example, with the restic block:
shb.restic.instances."lidarr" = {
request = config.shb.lidarr.backup;
settings = {
enable = true;
};
}
Type: submodule (read only)
Default:
{
excludePatterns = [
".db-shm"
".db-wal"
".mono"
];
sourceDirectories = [
"/var/lib/lidarr"
];
user = "lidarr";
}
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.backup.excludePatterns
File patterns to exclude.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.backup.hooks
Hooks to run around the backup.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.backup.hooks.after_backup
Hooks to run after backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.backup.hooks.before_backup
Hooks to run before backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.backup.sourceDirectories
Directories to backup.
Type: non-empty (list of string)
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.backup.user
Unix user doing the backups.
Type: string
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.dataDir
Directory where lidarr stores data.
Type: string
Default:
"/var/lib/lidarr"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.domain
Domain under which lidarr will be served.
Type: string
Example:
"example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.settings
Specific options for lidarr.
Type: XML value
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.settings.LogLevel
Log level.
Type: one of “debug”, “info”
Default:
"info"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.settings.Port
Port on which lidarr listens to incoming requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8686
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.subdomain
Subdomain under which lidarr will be served.
Type: string
Example:
"lidarr"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr
Configuration for radarr
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.enable
Whether to enable radarr.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.authEndpoint
Endpoint to the SSO provider. Leave null to not have SSO configured.
Type: null or string
Default:
null
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.backup
Backup configuration. This is an output option.
Use it to initialize a block implementing the “backup” contract. For example, with the restic block:
shb.restic.instances."radarr" = {
request = config.shb.radarr.backup;
settings = {
enable = true;
};
}
Type: submodule (read only)
Default:
{
excludePatterns = [
".db-shm"
".db-wal"
".mono"
];
sourceDirectories = [
"/var/lib/radarr"
];
user = "radarr";
}
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.backup.excludePatterns
File patterns to exclude.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.backup.hooks
Hooks to run around the backup.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.backup.hooks.after_backup
Hooks to run after backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.backup.hooks.before_backup
Hooks to run before backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.backup.sourceDirectories
Directories to backup.
Type: non-empty (list of string)
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.backup.user
Unix user doing the backups.
Type: string
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.dataDir
Directory where radarr stores data.
Type: string
Default:
"/var/lib/radarr"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.domain
Domain under which radarr will be served.
Type: string
Example:
"example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.settings
Specific options for radarr.
Type: XML value
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.settings.AnalyticsEnabled
Wether to send anonymous data or not.
Type: boolean
Default:
false
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.settings.ApiKey
Path to api key secret file.
Type: submodule
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.settings.ApiKey.source
File containing the value.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.settings.ApiKey.transform
An optional function to transform the secret.
Type: raw value
Default:
null
Example:
v: "prefix-$${v}-suffix"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.settings.LogLevel
Log level.
Type: one of “debug”, “info”
Default:
"info"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.settings.Port
Port on which radarr listens to incoming requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
7878
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.subdomain
Subdomain under which radarr will be served.
Type: string
Example:
"radarr"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr
Configuration for readarr
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.enable
Whether to enable readarr.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.authEndpoint
Endpoint to the SSO provider. Leave null to not have SSO configured.
Type: null or string
Default:
null
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.backup
Backup configuration. This is an output option.
Use it to initialize a block implementing the “backup” contract. For example, with the restic block:
shb.restic.instances."readarr" = {
request = config.shb.readarr.backup;
settings = {
enable = true;
};
}
Type: submodule (read only)
Default:
{
excludePatterns = [
".db-shm"
".db-wal"
".mono"
];
sourceDirectories = [
"/var/lib/readarr"
];
user = "readarr";
}
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.backup.excludePatterns
File patterns to exclude.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.backup.hooks
Hooks to run around the backup.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.backup.hooks.after_backup
Hooks to run after backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.backup.hooks.before_backup
Hooks to run before backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.backup.sourceDirectories
Directories to backup.
Type: non-empty (list of string)
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.backup.user
Unix user doing the backups.
Type: string
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.dataDir
Directory where readarr stores data.
Type: string
Default:
"/var/lib/readarr"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.domain
Domain under which readarr will be served.
Type: string
Example:
"example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.settings
Specific options for readarr.
Type: XML value
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.settings.LogLevel
Log level.
Type: one of “debug”, “info”
Default:
"info"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.settings.Port
Port on which readarr listens to incoming requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8787
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.subdomain
Subdomain under which readarr will be served.
Type: string
Example:
"readarr"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr
Configuration for sonarr
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.enable
Whether to enable sonarr.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.authEndpoint
Endpoint to the SSO provider. Leave null to not have SSO configured.
Type: null or string
Default:
null
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.backup
Backup configuration. This is an output option.
Use it to initialize a block implementing the “backup” contract. For example, with the restic block:
shb.restic.instances."sonarr" = {
request = config.shb.sonarr.backup;
settings = {
enable = true;
};
}
Type: submodule (read only)
Default:
{
excludePatterns = [
".db-shm"
".db-wal"
".mono"
];
sourceDirectories = [
"/var/lib/sonarr"
];
user = "sonarr";
}
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.backup.excludePatterns
File patterns to exclude.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.backup.hooks
Hooks to run around the backup.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.backup.hooks.after_backup
Hooks to run after backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.backup.hooks.before_backup
Hooks to run before backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.backup.sourceDirectories
Directories to backup.
Type: non-empty (list of string)
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.backup.user
Unix user doing the backups.
Type: string
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.dataDir
Directory where sonarr stores data.
Type: string
Default:
"/var/lib/sonarr"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.domain
Domain under which sonarr will be served.
Type: string
Example:
"example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.settings
Specific options for sonarr.
Type: XML value
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.settings.ApiKey
Path to api key secret file.
Type: submodule
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.settings.ApiKey.source
File containing the value.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.settings.ApiKey.transform
An optional function to transform the secret.
Type: raw value
Default:
null
Example:
v: "prefix-$${v}-suffix"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.settings.LogLevel
Log level.
Type: one of “debug”, “info”
Default:
"info"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.settings.Port
Port on which sonarr listens to incoming requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8989
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.subdomain
Subdomain under which sonarr will be served.
Type: string
Example:
"sonarr"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.audiobookshelf.enable
Whether to enable selfhostblocks.audiobookshelf.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.authEndpoint
OIDC endpoint for SSO
Type: string
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.backup
Backup configuration. This is an output option.
Use it to initialize a block implementing the “backup” contract. For example, with the restic block:
shb.restic.instances."audiobookshelf" = {
request = config.shb.audiobookshelf.backup;
settings = {
enable = true;
};
};
Type: submodule (read only)
Default:
{
sourceDirectories = [
"/var/lib/audiobookshelf"
];
user = "audiobookshelf";
}
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.backup.excludePatterns
File patterns to exclude.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.backup.hooks
Hooks to run around the backup.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.backup.hooks.after_backup
Hooks to run after backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.backup.hooks.before_backup
Hooks to run before backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.backup.sourceDirectories
Directories to backup.
Type: non-empty (list of string)
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.backup.user
Unix user doing the backups.
Type: string
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.domain
domain under which audiobookshelf will be served.
Type: string
Example:
"mydomain.com"
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.extraServiceConfig
Extra configuration given to the systemd service file.
Type: attribute set of string
Default:
{ }
Example:
{
MemoryHigh = "512M";
MemoryMax = "900M";
}
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.logLevel
Enable logging.
Type: null or one of “critical”, “error”, “warning”, “info”, “debug”
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.oidcAdminUserGroup
OIDC admin group
Type: string
Default:
"audiobookshelf_admin"
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.oidcClientID
Client ID for the OIDC endpoint
Type: string
Default:
"audiobookshelf"
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.oidcProvider
OIDC provider name
Type: string
Default:
"Authelia"
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.oidcUserGroup
OIDC user group
Type: string
Default:
"audiobookshelf_user"
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.ssoSecret
SSO shared secret.
Type: submodule
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.ssoSecret.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.ssoSecret.request.group
Linux group owning the secret file.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.ssoSecret.request.mode
Mode of the secret file.
Type: string
Default:
"0400"
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.ssoSecret.request.owner
Linux user owning the secret file.
Type: string
Default:
"audiobookshelf"
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.ssoSecret.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"audiobookshelfd.service"
]
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.ssoSecret.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.ssoSecret.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.subdomain
Subdomain under which audiobookshelf will be served.
Type: string
Example:
"abs"
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.webPort
Audiobookshelf web port
Type: signed integer
Default:
8113
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.authelia.enable
Whether to enable selfhostblocks.authelia.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.autheliaUser
System user for this Authelia instance.
Type: string
Default:
"authelia"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.dcdomain
dc domain for ldap.
Type: string
Example:
"dc=mydomain,dc=com"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.domain
domain under which Authelia will be served.
Type: string
Example:
"mydomain.com"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.ldapHostname
Hostname of the LDAP authentication backend.
Type: string
Example:
"ldap.example.com"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.ldapPort
Port of the LDAP authentication backend.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Example:
"389"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.mount
Mount configuration. This is an output option.
Use it to initialize a block implementing the “mount” contract. For example, with a zfs dataset:
shb.zfs.datasets."authelia" = {
poolName = "root";
} // config.shb.authelia.mount;
Type: anything (read only)
Default:
{
path = "/var/lib/authelia-authelia.example.com";
}
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.mount.path
Path to be mounted.
Type: string
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.mountRedis
Mount configuration for Redis. This is an output option.
Use it to initialize a block implementing the “mount” contract. For example, with a zfs dataset:
shb.zfs.datasets."redis-authelia" = {
poolName = "root";
} // config.shb.authelia.mountRedis;
Type: anything (read only)
Default:
{
path = "/var/lib/redis-authelia";
}
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.mountRedis.path
Path to be mounted.
Type: string
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.oidcClients
OIDC clients
Type: list of (attribute set of anything)
Default:
[
{
authorization_policy = "one_factor";
client_id = "dummy_client";
client_name = "Dummy Client so Authelia can start";
client_secret = {
source = <derivation dummy.secret>;
};
public = false;
redirect_uris = [ ];
}
]
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.oidcClients.*.authorization_policy
Require one factor (password) or two factor (device) authentication.
Type: one of “one_factor”, “two_factor”
Default:
"one_factor"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.oidcClients.*.client_id
Unique identifier of the OIDC client.
Type: string
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.oidcClients.*.client_name
Human readable description of the OIDC client.
Type: null or string
Default:
null
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.oidcClients.*.client_secret
File containing the shared secret with the OIDC client.
Generate with:
nix run nixpkgs#authelia -- \
crypto hash generate pbkdf2 \
--variant sha512 \
--random \
--random.length 72 \
--random.charset rfc3986
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.oidcClients.*.client_secret.source
File containing the value.
Type: path
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.oidcClients.*.client_secret.transform
An optional function to transform the secret.
Type: raw value
Default:
null
Example:
v: "prefix-$${v}-suffix"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.oidcClients.*.public
If the OIDC client is public or not.
Type: boolean
Default:
false
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.oidcClients.*.redirect_uris
List of uris that are allowed to be redirected to.
Type: list of string
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.oidcClients.*.scopes
Scopes to ask for
Type: list of string
Default:
[ ]
Example:
[
"openid"
"profile"
"email"
"groups"
]
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.port
If given, adds a port to the <subdomain>.<domain> endpoint.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.rules
Rule based clients
Type: list of anything
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets
Secrets needed by Authelia
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.identityProvidersOIDCHMACSecret
Identity provider OIDC HMAC secret.
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.identityProvidersOIDCHMACSecret.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.identityProvidersOIDCHMACSecret.request.group
Linux group owning the secret file.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.identityProvidersOIDCHMACSecret.request.mode
Mode of the secret file.
Type: string
Default:
"0400"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.identityProvidersOIDCHMACSecret.request.owner
Linux user owning the secret file.
Type: string
Default:
"authelia"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.identityProvidersOIDCHMACSecret.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"authelia-shb.authelia.subdomain.shb.authelia.domain"
]
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.identityProvidersOIDCHMACSecret.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.identityProvidersOIDCHMACSecret.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.identityProvidersOIDCIssuerPrivateKey
Identity provider OIDC issuer private key.
Generate one with nix run nixpkgs#openssl -- genrsa -out keypair.pem 2048
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.identityProvidersOIDCIssuerPrivateKey.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.identityProvidersOIDCIssuerPrivateKey.request.group
Linux group owning the secret file.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.identityProvidersOIDCIssuerPrivateKey.request.mode
Mode of the secret file.
Type: string
Default:
"0400"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.identityProvidersOIDCIssuerPrivateKey.request.owner
Linux user owning the secret file.
Type: string
Default:
"authelia"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.identityProvidersOIDCIssuerPrivateKey.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"authelia-shb.authelia.subdomain.shb.authelia.domain"
]
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.identityProvidersOIDCIssuerPrivateKey.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.identityProvidersOIDCIssuerPrivateKey.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.jwtSecret
JWT secret.
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.jwtSecret.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.jwtSecret.request.group
Linux group owning the secret file.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.jwtSecret.request.mode
Mode of the secret file.
Type: string
Default:
"0400"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.jwtSecret.request.owner
Linux user owning the secret file.
Type: string
Default:
"authelia"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.jwtSecret.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"authelia-shb.authelia.subdomain.shb.authelia.domain"
]
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.jwtSecret.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.jwtSecret.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.ldapAdminPassword
LDAP admin user password.
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.ldapAdminPassword.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.ldapAdminPassword.request.group
Linux group owning the secret file.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.ldapAdminPassword.request.mode
Mode of the secret file.
Type: string
Default:
"0400"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.ldapAdminPassword.request.owner
Linux user owning the secret file.
Type: string
Default:
"authelia"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.ldapAdminPassword.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"authelia-shb.authelia.subdomain.shb.authelia.domain"
]
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.ldapAdminPassword.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.ldapAdminPassword.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.sessionSecret
Session secret.
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.sessionSecret.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.sessionSecret.request.group
Linux group owning the secret file.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.sessionSecret.request.mode
Mode of the secret file.
Type: string
Default:
"0400"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.sessionSecret.request.owner
Linux user owning the secret file.
Type: string
Default:
"authelia"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.sessionSecret.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"authelia-shb.authelia.subdomain.shb.authelia.domain"
]
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.sessionSecret.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.sessionSecret.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.storageEncryptionKey
Storage encryption key.
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.storageEncryptionKey.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.storageEncryptionKey.request.group
Linux group owning the secret file.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.storageEncryptionKey.request.mode
Mode of the secret file.
Type: string
Default:
"0400"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.storageEncryptionKey.request.owner
Linux user owning the secret file.
Type: string
Default:
"authelia"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.storageEncryptionKey.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"authelia-shb.authelia.subdomain.shb.authelia.domain"
]
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.storageEncryptionKey.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.storageEncryptionKey.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.smtp
If a string is given, writes notifications to the given path.Otherwise, send notifications by smtp.
https://www.authelia.com/configuration/notifications/introduction/
Type: string or null or (submodule)
Default:
"/tmp/authelia-notifications"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.subdomain
Subdomain under which Authelia will be served.
Type: string
Example:
"auth"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.certs.cas.selfsigned
Generate a self-signed Certificate Authority.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.cas.selfsigned.<name>.name
Certificate Authority Name. You can put what you want here, it will be displayed by the browser.
Type: string
Default:
"Self Host Blocks Certificate"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.cas.selfsigned.<name>.paths
Paths where CA certs will be located.
This option implements the SSL Generator contract.
Type: anything
Default:
{
cert = "/var/lib/certs/cas/‹name›.cert";
key = "/var/lib/certs/cas/‹name›.key";
}
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.cas.selfsigned.<name>.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.cas.selfsigned.<name>.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.cas.selfsigned.<name>.systemdService
Systemd oneshot service used to generate the certs.
This option implements the SSL Generator contract.
Type: string
Default:
"shb-certs-ca-‹name›.service"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt
Generate certificates signed by Let’s Encrypt.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.additionalEnvironment
Additional environment variables used to configure the DNS provider.
For secrets, use shb.ssl.credentialsFile instead.
See the chosen provider’s documentation for available options.
Type: attribute set of string
Default:
{ }
Example:
{
DNSPROVIDER_TIMEOUT = "10";
DNSPROVIDER_PROPAGATION_TIMEOUT = "240";
}
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.adminEmail
Admin email in case certificate retrieval goes wrong.
Type: string
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.afterAndWants
Systemd service(s) that must start successfully before attempting to reach acme.
Type: list of string
Default:
[ ]
Example:
[ "dnsmasq.service" ]
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.credentialsFile
Credentials file location for the chosen DNS provider.
The content of this file must expose environment variables as written in the documentation of each DNS provider.
For example, if the documentation says the credential must be located in the environment variable DNSPROVIDER_TOKEN, then the file content must be:
DNSPROVIDER_TOKEN=xyz
You can put non-secret environment variables here too or use shb.ssl.additionalcfg instead.
Type: null or path
Default:
null
Example:
"/run/secrets/ssl"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.debug
Enable debug logging
Type: boolean
Default:
false
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.dnsProvider
DNS provider to use.
See https://go-acme.github.io/lego/dns/ for the list of supported providers.
If null is given, use instead the reverse proxy to validate the domain.
Type: null or string
Default:
null
Example:
"linode"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.dnsResolver
IP of a DNS server used to resolve hostnames.
Type: string
Default:
"8.8.8.8"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.domain
Domain to generate a certificate for. This can be a wildcard domain like
*.example.com.
Type: string
Example:
"example.com"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.extraDomains
Other domains to generate a certificate for.
Type: list of string
Default:
[ ]
Example:
[
"sub1.example.com"
"sub2.example.com"
]
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.group
Unix group owning this certificate.
Type: null or string
Default:
"acme"
Example:
"nginx"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.makeAvailableToUser
Make all certificates available to given user.
Type: null or string
Default:
null
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.paths
Paths where certs will be located.
This option implements the SSL Generator contract.
Type: anything
Default:
{
cert = "/var/lib/acme/‹name›/cert.pem";
key = "/var/lib/acme/‹name›/key.pem";
}
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.reloadServices
The list of systemd services to call systemctl try-reload-or-restart on.
Type: list of string
Default:
[ ]
Example:
[
"nginx.service"
]
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.stagingServer
User Let’s Encrypt’s staging server.
Type: boolean
Default:
false
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.systemdService
Systemd oneshot service used to generate the certs.
This option implements the SSL Generator contract.
Type: string
Default:
"shb-certs-cert-letsencrypt-‹name›.service"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned
Generate self-signed certificates signed by a Certificate Authority.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.ca
CA used to generate this certificate. Only used for self-signed.
This contract input takes the contract output of the shb.certs.cas SSL block.
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.ca.paths
Paths where the files for the CA will be located.
This option is the contract output of the shb.certs.cas SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.ca.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.ca.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.ca.systemdService
Systemd oneshot service used to generate the CA. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"ca-generator.service"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.domain
Domain to generate a certificate for. This can be a wildcard domain like
*.example.com.
Type: string
Example:
"example.com"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.extraDomains
Other domains to generate a certificate for.
Type: list of string
Default:
[ ]
Example:
[
"sub1.example.com"
"sub2.example.com"
]
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.group
Unix group owning this certificate.
Type: string
Default:
"root"
Example:
"nginx"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.paths
Paths where certs will be located.
This option implements the SSL Generator contract.
Type: anything
Default:
{
cert = "/var/lib/certs/selfsigned/‹name›.cert";
key = "/var/lib/certs/selfsigned/‹name›.key";
}
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.reloadServices
The list of systemd services to call systemctl try-reload-or-restart on.
Type: list of string
Default:
[ ]
Example:
[
"nginx.service"
]
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.systemdService
Systemd oneshot service used to generate the certs.
This option implements the SSL Generator contract.
Type: string
Default:
"shb-certs-cert-selfsigned-‹name›.service"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.systemdService
Systemd oneshot service used to generate the Certificate Authority bundle.
Type: string
Default:
"shb-ca-bundle.service"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.contracts.backup
Contract for backing up files between a requester module and a provider module.
The requester communicates to the provider
what files to backup
through the request options.
The provider reads from the request options
and backs up the requested files.
It communicates to the requester what script is used
to backup and restore the files
through the result options.
Type: submodule
Declared by:
<selfhostblocks/modules/contracts/backup/dummyModule.nix>
|
shb.contracts.backup.request
Options set by a requester module of the backup contract.
Type: submodule
Declared by:
<selfhostblocks/modules/contracts/backup/dummyModule.nix>
|
shb.contracts.backup.request.excludePatterns
File patterns to exclude.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/contracts/backup/dummyModule.nix>
|
shb.contracts.backup.request.hooks
Hooks to run around the backup.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/contracts/backup/dummyModule.nix>
|
shb.contracts.backup.request.hooks.after_backup
Hooks to run after backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/contracts/backup/dummyModule.nix>
|
shb.contracts.backup.request.hooks.before_backup
Hooks to run before backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/contracts/backup/dummyModule.nix>
|
shb.contracts.backup.request.sourceDirectories
Directories to backup.
Type: non-empty (list of string)
Declared by:
<selfhostblocks/modules/contracts/backup/dummyModule.nix>
|
shb.contracts.backup.request.user
Unix user doing the backups.
Type: string
Declared by:
<selfhostblocks/modules/contracts/backup/dummyModule.nix>
|
shb.contracts.backup.result
Options set by a provider module of the backup contract.
Type: submodule
Declared by:
<selfhostblocks/modules/contracts/backup/dummyModule.nix>
|
shb.contracts.backup.result.backupService
Name of service backing up the database.
This script can be ran manually to backup the database:
$ systemctl start my_backup_service.service
Type: string
Default:
null
Declared by:
<selfhostblocks/modules/contracts/backup/dummyModule.nix>
|
shb.contracts.backup.result.restoreScript
Name of script that can restore the database. One can then list snapshots with:
$ my_restore_script snapshots
And restore the database with:
$ my_restore_script restore latest
Type: string
Default:
null
Declared by:
<selfhostblocks/modules/contracts/backup/dummyModule.nix>
|
shb.contracts.ssl
Contract for SSL Certificate generator.
Type: anything
Declared by:
<selfhostblocks/modules/contracts/ssl/dummyModule.nix>
|
shb.contracts.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/contracts/ssl/dummyModule.nix>
|
shb.contracts.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/contracts/ssl/dummyModule.nix>
|
shb.contracts.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/contracts/ssl/dummyModule.nix>
|
shb.contracts.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/contracts/ssl/dummyModule.nix>
|
shb.davfs.mounts
List of mounts.
Type: list of (submodule)
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/davfs.nix>
|
shb.davfs.mounts.*.automount
Create a systemd automount unit
Type: boolean
Default:
true
Declared by:
<selfhostblocks/modules/blocks/davfs.nix>
|
shb.davfs.mounts.*.directoryMode
Directory creation mode
Type: null or string
Default:
null
Example:
"2775"
Declared by:
<selfhostblocks/modules/blocks/davfs.nix>
|
shb.davfs.mounts.*.fileMode
File creation mode
Type: null or string
Default:
null
Example:
"0664"
Declared by:
<selfhostblocks/modules/blocks/davfs.nix>
|
shb.davfs.mounts.*.gid
Group owner of the mount point.
Type: null or signed integer
Default:
null
Example:
1000
Declared by:
<selfhostblocks/modules/blocks/davfs.nix>
|
shb.davfs.mounts.*.mountPoint
Mount point to mount the webdav endpoint on.
Type: string
Example:
"/mnt"
Declared by:
<selfhostblocks/modules/blocks/davfs.nix>
|
shb.davfs.mounts.*.passwordFile
Password to connect to the webdav endpoint.
Type: string
Declared by:
<selfhostblocks/modules/blocks/davfs.nix>
|
shb.davfs.mounts.*.remoteUrl
Webdav endpoint to connect to.
Type: string
Example:
"https://my.domain.com/dav"
Declared by:
<selfhostblocks/modules/blocks/davfs.nix>
|
shb.davfs.mounts.*.uid
User owner of the mount point.
Type: null or signed integer
Default:
null
Example:
1000
Declared by:
<selfhostblocks/modules/blocks/davfs.nix>
|
shb.davfs.mounts.*.username
Username to connect to the webdav endpoint.
Type: string
Declared by:
<selfhostblocks/modules/blocks/davfs.nix>
|
shb.deluge.enable
Whether to enable selfhostblocks.deluge.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.enabledPlugins
Plugins to enable, can include those from additionalPlugins.
Label is automatically enabled if any of the shb.arr.* service is enabled.
Type: list of string
Default:
[ ]
Example:
[
"Label"
]
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.additionalPlugins
Location of additional plugins. Each item in the list must be the path to the directory containing the plugin .egg file.
Type: list of path
Default:
[ ]
Example:
additionalPlugins = [
(pkgs.callPackage ({ python3, fetchFromGitHub }: python3.pkgs.buildPythonPackage {
name = "deluge-autotracker";
version = "1.0.0";
src = fetchFromGitHub {
owner = "ibizaman";
repo = "deluge-autotracker";
rev = "cc40d816a497bbf1c2ebeb3d8b1176210548a3e6";
sha256 = "sha256-0LpVdv1fak2a5eX4unjhUcN7nMAl9fgpr3X+7XnQE6c=";
} + "/autotracker";
doCheck = false;
format = "other";
nativeBuildInputs = [ python3.pkgs.setuptools ];
buildPhase = ''
mkdir "$out"
python3 setup.py install --install-lib "$out"
'';
doInstallPhase = false;
}) {})
];
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.authEndpoint
OIDC endpoint for SSO
Type: null or string
Default:
null
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.backup
Backup configuration. This is an output option.
Use it to initialize a block implementing the “backup” contract. For example, with the restic block:
shb.restic.instances."vaultwarden" = {
request = config.shb.vaultwarden.backup;
settings = {
enable = true;
};
};
Type: submodule (read only)
Default:
{
sourceDirectories = [
"/var/lib/deluge"
];
user = "deluge";
}
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.backup.excludePatterns
File patterns to exclude.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.backup.hooks
Hooks to run around the backup.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.backup.hooks.after_backup
Hooks to run after backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.backup.hooks.before_backup
Hooks to run before backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.backup.sourceDirectories
Directories to backup.
Type: non-empty (list of string)
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.backup.user
Unix user doing the backups.
Type: string
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.daemonListenPorts
Deluge daemon listen ports
Type: list of signed integer
Default:
[
6881
6889
]
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.daemonPort
Deluge daemon port
Type: signed integer
Default:
58846
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.dataDir
Path where all configuration and state is stored.
Type: string
Default:
"/var/lib/deluge"
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.domain
domain under which deluge will be served.
Type: string
Example:
"mydomain.com"
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.extraServiceConfig
Extra configuration given to the systemd service file.
Type: attribute set of string
Default:
{ }
Example:
{
MemoryHigh = "512M";
MemoryMax = "900M";
}
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.extraUsers
Users having access to this deluge instance. Attrset of username to user options.
Type: attribute set of (submodule)
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.extraUsers.<name>.password
File containing the user password.
Type: submodule
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.extraUsers.<name>.password.source
File containing the value.
Type: path
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.extraUsers.<name>.password.transform
An optional function to transform the secret.
Type: raw value
Default:
null
Example:
v: "prefix-$${v}-suffix"
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.localclientPassword
Password for mandatory localclient user.
Type: submodule
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.localclientPassword.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.localclientPassword.request.group
Linux group owning the secret file.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.localclientPassword.request.mode
Mode of the secret file.
Type: string
Default:
"0400"
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.localclientPassword.request.owner
Linux user owning the secret file.
Type: string
Default:
"deluge"
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.localclientPassword.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"deluged.service"
]
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.localclientPassword.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.localclientPassword.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.logLevel
Enable logging.
Type: null or one of “critical”, “error”, “warning”, “info”, “debug”
Default:
null
Example:
true
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.outgoingInterface
If not null, sets up a deluge to bind all outgoing traffic to the given interface.
Type: null or string
Default:
null
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.prometheusScraperPassword
Password for prometheus scraper. Setting this option will activate the prometheus deluge exporter.
Type: null or (submodule)
Default:
null
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.prometheusScraperPassword.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.prometheusScraperPassword.request.group
Linux group owning the secret file.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.prometheusScraperPassword.request.mode
Mode of the secret file.
Type: string
Default:
"0400"
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.prometheusScraperPassword.request.owner
Linux user owning the secret file.
Type: string
Default:
"deluge"
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.prometheusScraperPassword.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"deluged.service"
"prometheus.service"
]
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.prometheusScraperPassword.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.prometheusScraperPassword.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.proxyPort
If not null, sets up a deluge to forward all traffic to the Proxy listening at that port.
Type: null or signed integer
Default:
null
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings
Deluge operational settings.
Type: submodule
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.dont_count_slow_torrents
Do not count slow torrents towards any limits.
Type: boolean
Default:
true
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.downloadLocation
Folder where torrents gets downloaded
Type: string
Example:
"/srv/torrents"
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_active_downloading
Maximum Active Downloading
Type: signed integer
Default:
30
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_active_limit
Maximum Active Limit
Type: signed integer
Default:
200
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_active_seeding
Maximum Active Seeding
Type: signed integer
Default:
100
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_connections_global
Maximum Connections Global
Type: signed integer
Default:
200
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_connections_per_torrent
Maximum Connections Per Torrent
Type: signed integer
Default:
50
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_download_speed
Maximum Download Speed
Type: signed integer
Default:
1000
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_download_speed_per_torrent
Maximum Download Speed Per Torrent
Type: signed integer
Default:
-1
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_upload_slots_global
Maximum Upload Slots Global
Type: signed integer
Default:
100
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_upload_slots_per_torrent
Maximum Upload Slots Per Torrent
Type: signed integer
Default:
4
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_upload_speed
Maximum Upload Speed
Type: signed integer
Default:
200
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_upload_speed_per_torrent
Maximum Upload Speed Per Torrent
Type: signed integer
Default:
50
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.subdomain
Subdomain under which deluge will be served.
Type: string
Example:
"ha"
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.webPort
Deluge web port
Type: signed integer
Default:
8112
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.forgejo.enable
Whether to enable selfhostblocks.forgejo.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.adminPassword
File containing the Forgejo admin user password.
Type: submodule
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.adminPassword.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.adminPassword.request.group
Linux group owning the secret file.
Type: string
Default:
"forgejo"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.adminPassword.request.mode
Mode of the secret file.
Type: string
Default:
"0440"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.adminPassword.request.owner
Linux user owning the secret file.
Type: string
Default:
"forgejo"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.adminPassword.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"forgejo.service"
]
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.adminPassword.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.adminPassword.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.backup
Backup configuration. This is an output option.
Use it to initialize a block implementing the “backup” contract. For example, with the restic block:
shb.restic.instances."forgejo" = {
request = config.shb.forgejo.backup;
settings = {
enable = true;
};
};
Type: submodule (read only)
Default:
{
sourceDirectories = [
"/var/lib/forgejo/dump"
];
user = "forgejo";
}
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.backup.excludePatterns
File patterns to exclude.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.backup.hooks
Hooks to run around the backup.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.backup.hooks.after_backup
Hooks to run after backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.backup.hooks.before_backup
Hooks to run before backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.backup.sourceDirectories
Directories to backup.
Type: non-empty (list of string)
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.backup.user
Unix user doing the backups.
Type: string
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.databasePassword
File containing the Forgejo database password.
Type: submodule
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.databasePassword.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.databasePassword.request.group
Linux group owning the secret file.
Type: string
Default:
"forgejo"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.databasePassword.request.mode
Mode of the secret file.
Type: string
Default:
"0440"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.databasePassword.request.owner
Linux user owning the secret file.
Type: string
Default:
"forgejo"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.databasePassword.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"forgejo.service"
]
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.databasePassword.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.databasePassword.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.debug
Enable debug logging.
Type: boolean
Default:
false
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.domain
Domain under which Forgejo is served.
<subdomain>.<domain>[:<port>]
Type: string
Example:
"domain.com"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.hostPackages
List of packages, that are available to actions, when the runner is configured with a host execution label.
Type: list of package
Default:
with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
]
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ldap
LDAP Integration.
Type: null or (submodule)
Default:
{ }
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ldap.enable
Whether to enable LDAP integration…
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ldap.adminGroup
Group users must belong to be admins.
Type: string
Default:
"forgejo_admin"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ldap.adminName
Admin user of the LDAP server.
Type: string
Default:
"admin"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ldap.adminPassword
LDAP admin password.
Type: submodule
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ldap.adminPassword.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ldap.adminPassword.request.group
Linux group owning the secret file.
Type: string
Default:
"forgejo"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ldap.adminPassword.request.mode
Mode of the secret file.
Type: string
Default:
"0440"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ldap.adminPassword.request.owner
Linux user owning the secret file.
Type: string
Default:
"forgejo"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ldap.adminPassword.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"forgejo.service"
]
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ldap.adminPassword.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ldap.adminPassword.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ldap.dcdomain
dc domain for ldap.
Type: string
Example:
"dc=mydomain,dc=com"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ldap.host
Host serving the LDAP server.
Type: string
Default:
"127.0.0.1"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ldap.port
Port of the service serving the LDAP server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
389
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ldap.provider
LDAP provider name, used for display.
Type: value “LLDAP” (singular enum)
Default:
"LLDAP"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ldap.userGroup
Group users must belong to be able to login.
Type: string
Default:
"forgejo_user"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.localActionRunner
Enable local action runner that runs for all labels.
Type: boolean
Default:
true
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.mount
Mount configuration. This is an output option.
Use it to initialize a block implementing the “mount” contract. For example, with a zfs dataset:
shb.zfs.datasets."forgejo" = {
poolName = "root";
} // config.shb.forgejo.mount;
Type: anything (read only)
Default:
{
path = "/var/lib/forgejo";
}
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.mount.path
Path to be mounted.
Type: string
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.repositoryRoot
Path where to store the repositories. If null, uses the default under the Forgejo StateDir.
Type: null or string
Default:
null
Example:
"/srv/forgejo"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.smtp
Send notifications by smtp.
Type: null or (submodule)
Default:
null
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.smtp.from_address
SMTP address from which the emails originate.
Type: string
Example:
"authelia@mydomain.com"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.smtp.host
SMTP host to send the emails to.
Type: string
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.smtp.passwordFile
File containing the password to connect to the SMTP host.
Type: string
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.smtp.port
SMTP port to send the emails to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
25
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.smtp.username
Username to connect to the SMTP host.
Type: string
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso
Setup SSO integration.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso.enable
Whether to enable SSO integration…
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso.authorization_policy
Require one factor (password) or two factor (device) authentication.
Type: one of “one_factor”, “two_factor”
Default:
"one_factor"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso.clientID
Client ID for the OIDC endpoint.
Type: string
Default:
"forgejo"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso.endpoint
OIDC endpoint for SSO.
Type: string
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso.provider
OIDC provider name, used for display.
Type: value “Authelia” (singular enum)
Default:
"Authelia"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso.sharedSecret
OIDC shared secret for Forgejo.
Type: submodule
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso.sharedSecret.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso.sharedSecret.request.group
Linux group owning the secret file.
Type: string
Default:
"forgejo"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso.sharedSecret.request.mode
Mode of the secret file.
Type: string
Default:
"0440"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso.sharedSecret.request.owner
Linux user owning the secret file.
Type: string
Default:
"forgejo"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso.sharedSecret.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"forgejo.service"
]
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso.sharedSecret.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso.sharedSecret.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso.sharedSecretForAuthelia
OIDC shared secret for Authelia.
Type: submodule
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso.sharedSecretForAuthelia.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso.sharedSecretForAuthelia.request.group
Linux group owning the secret file.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso.sharedSecretForAuthelia.request.mode
Mode of the secret file.
Type: string
Default:
"0400"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso.sharedSecretForAuthelia.request.owner
Linux user owning the secret file.
Type: string
Default:
"authelia"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso.sharedSecretForAuthelia.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso.sharedSecretForAuthelia.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.sso.sharedSecretForAuthelia.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.forgejo.subdomain
Subdomain under which Forgejo will be served.
<subdomain>.<domain>[:<port>]
Type: string
Example:
"forgejo"
Declared by:
<selfhostblocks/modules/services/forgejo.nix>
|
shb.grocy.enable
Whether to enable selfhostblocks.grocy.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.backup
Backup configuration. This is an output option.
Use it to initialize a block implementing the “backup” contract. For example, with the restic block:
shb.restic.instances."grocy" = {
request = config.shb.grocy.backup;
settings = {
enable = true;
};
};
Type: submodule (read only)
Default:
{
sourceDirectories = [
"/var/lib/grocy"
];
user = "grocy";
}
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.backup.excludePatterns
File patterns to exclude.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.backup.hooks
Hooks to run around the backup.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.backup.hooks.after_backup
Hooks to run after backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.backup.hooks.before_backup
Hooks to run before backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.backup.sourceDirectories
Directories to backup.
Type: non-empty (list of string)
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.backup.user
Unix user doing the backups.
Type: string
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.culture
Display language of the frontend.
Type: one of “de”, “en”, “da”, “en_GB”, “es”, “fr”, “hu”, “it”, “nl”, “no”, “pl”, “pt_BR”, “ru”, “sk_SK”, “sv_SE”, “tr”
Default:
"en"
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.currency
ISO 4217 code for the currency to display.
Type: string
Default:
"USD"
Example:
"NOK"
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.dataDir
Folder where Grocy will store all its data.
Type: string
Default:
"/var/lib/grocy"
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.domain
domain under which grocy will be served.
Type: string
Example:
"mydomain.com"
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.extraServiceConfig
Extra configuration given to the systemd service file.
Type: attribute set of string
Default:
{ }
Example:
{
MemoryHigh = "512M";
MemoryMax = "900M";
}
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.logLevel
Enable logging.
Type: null or one of “critical”, “error”, “warning”, “info”, “debug”
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.subdomain
Subdomain under which grocy will be served.
Type: string
Example:
"grocy"
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.hardcodedsecret
Hardcoded secrets. These should only be used in tests.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
mySecret = {
request = {
user = "me";
mode = "0400";
restartUnits = [ "myservice.service" ];
};
settings.content = "My Secret";
};
}
Declared by:
<selfhostblocks/modules/blocks/hardcodedsecret.nix>
|
shb.hardcodedsecret.<name>.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/blocks/hardcodedsecret.nix>
|
shb.hardcodedsecret.<name>.request.group
Linux group owning the secret file.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/blocks/hardcodedsecret.nix>
|
shb.hardcodedsecret.<name>.request.mode
Mode of the secret file.
Type: string
Default:
"0400"
Declared by:
<selfhostblocks/modules/blocks/hardcodedsecret.nix>
|
shb.hardcodedsecret.<name>.request.owner
Linux user owning the secret file.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/blocks/hardcodedsecret.nix>
|
shb.hardcodedsecret.<name>.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/hardcodedsecret.nix>
|
shb.hardcodedsecret.<name>.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/hardcodedsecrets/hardcodedsecret_‹name›";
}
Declared by:
<selfhostblocks/modules/blocks/hardcodedsecret.nix>
|
shb.hardcodedsecret.<name>.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/hardcodedsecrets/hardcodedsecret_‹name›"
Declared by:
<selfhostblocks/modules/blocks/hardcodedsecret.nix>
|
shb.hardcodedsecret.<name>.settings
Settings specific to the hardcoded secret module.
Give either content or source.
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/hardcodedsecret.nix>
|
shb.hardcodedsecret.<name>.settings.content
Content of the secret as a string.
This will be stored in the nix store and should only be used for testing or maybe in dev.
Type: null or string
Default:
null
Declared by:
<selfhostblocks/modules/blocks/hardcodedsecret.nix>
|
shb.hardcodedsecret.<name>.settings.source
Source of the content of the secret as a path in the nix store.
Type: null or string
Default:
null
Declared by:
<selfhostblocks/modules/blocks/hardcodedsecret.nix>
|
shb.hledger.enable
Whether to enable selfhostblocks.hledger.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.authEndpoint
OIDC endpoint for SSO
Type: string
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.backup
Backup configuration. This is an output option.
Use it to initialize a block implementing the “backup” contract. For example, with the restic block:
shb.restic.instances."hledger" = {
request = config.shb.hledger.backup;
settings = {
enable = true;
};
};
Type: submodule (read only)
Default:
{
sourceDirectories = [
"/var/lib/hledger"
];
user = "hledger";
}
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.backup.excludePatterns
File patterns to exclude.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.backup.hooks
Hooks to run around the backup.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.backup.hooks.after_backup
Hooks to run after backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.backup.hooks.before_backup
Hooks to run before backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.backup.sourceDirectories
Directories to backup.
Type: non-empty (list of string)
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.backup.user
Unix user doing the backups.
Type: string
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.dataDir
Folder where Hledger will store all its data.
Type: string
Default:
"/var/lib/hledger"
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.domain
domain under which Authelia will be served.
Type: string
Example:
"mydomain.com"
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.localNetworkIPRange
Local network range, to restrict access to the UI to only those IPs.
Type: string
Default:
null
Example:
"192.168.1.1/24"
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.port
HLedger port
Type: signed integer
Default:
5000
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.subdomain
Subdomain under which Authelia will be served.
Type: string
Example:
"ha"
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.home-assistant.enable
Whether to enable selfhostblocks.home-assistant.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.backup
Backup configuration. This is an output option.
Use it to initialize a block implementing the “backup” contract. For example, with the restic block:
shb.restic.instances."home-assistant" = {
request = config.shb.home-assistant.backup;
settings = {
enable = true;
};
};
Type: submodule (read only)
Default:
{
sourceDirectories = [
"/var/lib/hass/backups"
];
user = "hass";
}
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.backup.excludePatterns
File patterns to exclude.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.backup.hooks
Hooks to run around the backup.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.backup.hooks.after_backup
Hooks to run after backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.backup.hooks.before_backup
Hooks to run before backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.backup.sourceDirectories
Directories to backup.
Type: non-empty (list of string)
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.backup.user
Unix user doing the backups.
Type: string
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.config
See all available settings at https://www.home-assistant.io/docs/configuration/basic/
Type: attribute set of string
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.config.country
Two letter country code where this instance is located.
Type: string or (submodule)
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.config.latitude
Latitude where this instance is located.
Type: string or (submodule)
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.config.longitude
Longitude where this instance is located.
Type: string or (submodule)
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.config.name
Name of the Home Assistant instance.
Type: string or (submodule)
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.config.time_zone
Timezone of this instance.
Type: string or (submodule)
Example:
"America/Los_Angeles"
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.config.unit_system
Timezone of this instance.
Type: string or one of “metric”, “us_customary”
Example:
"America/Los_Angeles"
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.domain
domain under which home-assistant will be served.
Type: string
Example:
"mydomain.com"
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ldap
LDAP Integration App. Manual
Enabling this app will create a new LDAP configuration or update one that exists with the given host.
Also, enabling LDAP will skip onboarding otherwise Home Assistant gets into a cyclic lock.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ldap.enable
Whether to enable LDAP app…
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ldap.host
Host serving the LDAP server.
If set, the Home Assistant auth will be disabled. To keep it, set
keepDefaultAuth to true.
Type: string
Default:
"127.0.0.1"
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ldap.keepDefaultAuth
Keep Home Assistant auth active, even if LDAP is configured. Usually, you want to enable this to transfer existing users to LDAP and then you can disabled it.
Type: boolean
Default:
false
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ldap.port
Port of the service serving the LDAP server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
389
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ldap.userGroup
Group users must belong to to be able to login to Nextcloud.
Type: string
Default:
"homeassistant_user"
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.subdomain
Subdomain under which home-assistant will be served.
Type: string
Example:
"ha"
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.jellyfin.enable
Whether to enable shb jellyfin.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.backup
Backup configuration. This is an output option.
Use it to initialize a block implementing the “backup” contract. For example, with the restic block:
shb.restic.instances."jellyfin" = {
request = config.shb.jellyfin.backup;
settings = {
enable = true;
};
};
Type: submodule (read only)
Default:
{
sourceDirectories = [
"/var/lib/jellyfin"
];
user = "jellyfin";
}
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.backup.excludePatterns
File patterns to exclude.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.backup.hooks
Hooks to run around the backup.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.backup.hooks.after_backup
Hooks to run after backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.backup.hooks.before_backup
Hooks to run before backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.backup.sourceDirectories
Directories to backup.
Type: non-empty (list of string)
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.backup.user
Unix user doing the backups.
Type: string
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.domain
Domain to serve sites under.
Type: string
Example:
"domain.com"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap
LDAP configuration.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap.enable
Whether to enable LDAP.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap.adminGroup
LDAP admin group
Type: string
Default:
"jellyfin_admin"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap.adminPassword
LDAP admin password.
Type: submodule
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap.adminPassword.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap.adminPassword.request.group
Linux group owning the secret file.
Type: string
Default:
"jellyfin"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap.adminPassword.request.mode
Mode of the secret file.
Type: string
Default:
"0440"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap.adminPassword.request.owner
Linux user owning the secret file.
Type: string
Default:
"jellyfin"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap.adminPassword.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"jellyfin.service"
]
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap.adminPassword.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap.adminPassword.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap.dcdomain
DC domain for LDAP.
Type: string
Example:
"dc=mydomain,dc=com"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap.host
Host serving the LDAP server.
Type: string
Example:
"127.0.0.1"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap.port
Port where the LDAP server is listening.
Type: signed integer
Example:
389
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap.userGroup
LDAP user group
Type: string
Default:
"jellyfin_user"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso
SSO configuration.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.enable
Whether to enable SSO.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.adminUserGroup
OIDC admin group
Type: string
Default:
"jellyfin_admin"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.authorization_policy
Require one factor (password) or two factor (device) authentication.
Type: one of “one_factor”, “two_factor”
Default:
"one_factor"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.clientID
Client ID for the OIDC endpoint
Type: string
Default:
"jellyfin"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.endpoint
OIDC endpoint for SSO
Type: string
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.provider
OIDC provider name
Type: string
Default:
"Authelia"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.sharedSecret
OIDC shared secret for Jellyfin.
Type: submodule
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.sharedSecret.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.sharedSecret.request.group
Linux group owning the secret file.
Type: string
Default:
"jellyfin"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.sharedSecret.request.mode
Mode of the secret file.
Type: string
Default:
"0440"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.sharedSecret.request.owner
Linux user owning the secret file.
Type: string
Default:
"jellyfin"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.sharedSecret.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"jellyfin.service"
]
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.sharedSecret.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.sharedSecret.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.sharedSecretForAuthelia
OIDC shared secret for Authelia.
Type: submodule
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.sharedSecretForAuthelia.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.sharedSecretForAuthelia.request.group
Linux group owning the secret file.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.sharedSecretForAuthelia.request.mode
Mode of the secret file.
Type: string
Default:
"0400"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.sharedSecretForAuthelia.request.owner
Linux user owning the secret file.
Type: string
Default:
"authelia"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.sharedSecretForAuthelia.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.sharedSecretForAuthelia.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.sharedSecretForAuthelia.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.userGroup
OIDC user group
Type: string
Default:
"jellyfin_user"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.subdomain
Subdomain under which home-assistant will be served.
Type: string
Example:
"jellyfin"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.ldap.enable
Whether to enable the LDAP service.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.backup
Backup configuration. This is an output option.
Use it to initialize a block implementing the “backup” contract. For example, with the restic block:
shb.restic.instances."lldap" = {
request = config.shb.lldap.backup;
settings = {
enable = true;
};
};
Type: submodule (read only)
Default:
{
sourceDirectories = [
"/var/lib/private/lldap"
];
user = "root";
}
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.backup.excludePatterns
File patterns to exclude.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.backup.hooks
Hooks to run around the backup.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.backup.hooks.after_backup
Hooks to run after backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.backup.hooks.before_backup
Hooks to run before backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.backup.sourceDirectories
Directories to backup.
Type: non-empty (list of string)
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.backup.user
Unix user doing the backups.
Type: string
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.dcdomain
dc domain to serve.
Type: string
Example:
"dc=mydomain,dc=com"
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.debug
Enable debug logging.
Type: boolean
Default:
false
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.domain
Domain under which the LDAP service will be served.
Type: string
Example:
"mydomain.com"
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.jwtSecret
JWT secret.
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.jwtSecret.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.jwtSecret.request.group
Linux group owning the secret file.
Type: string
Default:
"lldap"
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.jwtSecret.request.mode
Mode of the secret file.
Type: string
Default:
"0440"
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.jwtSecret.request.owner
Linux user owning the secret file.
Type: string
Default:
"lldap"
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.jwtSecret.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"lldap.service"
]
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.jwtSecret.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.jwtSecret.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.ldapPort
Port on which the server listens for the LDAP protocol.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3890
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.ldapUserPassword
LDAP admin user secret.
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.ldapUserPassword.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.ldapUserPassword.request.group
Linux group owning the secret file.
Type: string
Default:
"lldap"
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.ldapUserPassword.request.mode
Mode of the secret file.
Type: string
Default:
"0440"
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.ldapUserPassword.request.owner
Linux user owning the secret file.
Type: string
Default:
"lldap"
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.ldapUserPassword.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"lldap.service"
]
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.ldapUserPassword.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.ldapUserPassword.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.mount
Mount configuration. This is an output option.
Use it to initialize a block implementing the “mount” contract. For example, with a zfs dataset:
shb.zfs.datasets."ldap" = {
poolName = "root";
} // config.shb.ldap.mount;
Type: anything (read only)
Default:
{
path = "/var/lib/lldap";
}
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.mount.path
Path to be mounted.
Type: string
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.restrictAccessIPRange
Set a local network range to restrict access to the UI to only those IPs.
Type: null or string
Default:
null
Example:
"192.168.1.1/24"
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.subdomain
Subdomain under which the LDAP service will be served.
Type: string
Example:
"grafana"
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.webUIListenPort
Port on which the web UI is exposed.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
17170
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.monitoring.enable
Whether to enable selfhostblocks.monitoring.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.adminPassword
Initial admin password.
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.adminPassword.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.adminPassword.request.group
Linux group owning the secret file.
Type: string
Default:
"grafana"
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.adminPassword.request.mode
Mode of the secret file.
Type: string
Default:
"0400"
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.adminPassword.request.owner
Linux user owning the secret file.
Type: string
Default:
"grafana"
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.adminPassword.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"grafana.service"
]
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.adminPassword.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.adminPassword.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.contactPoints
List of email addresses to send alerts to
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.debugLog
Set to true to enable debug logging of the infrastructure serving Grafana.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.domain
domain under which home-assistant will be served.
Type: string
Example:
"mydomain.com"
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.grafanaPort
Port where Grafana listens to HTTP requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3000
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.lokiMajorVersion
Switching from version 2 to 3 requires manual intervention https://grafana.com/docs/loki/latest/setup/upgrade/#main–unreleased. So this let’s the user upgrade at their own pace.
Type: one of 2, 3
Default:
2
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.lokiPort
Port where Loki listens to HTTP requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3002
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.orgId
Org ID where all self host blocks related config will be stored.
Type: signed integer
Default:
1
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.prometheusPort
Port where Prometheus listens to HTTP requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3001
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.provisionDashboards
Provision Self Host Blocks dashboards under ‘Self Host Blocks’ folder.
Type: boolean
Default:
true
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.secretKey
Secret key used for signing.
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.secretKey.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.secretKey.request.group
Linux group owning the secret file.
Type: string
Default:
"grafana"
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.secretKey.request.mode
Mode of the secret file.
Type: string
Default:
"0400"
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.secretKey.request.owner
Linux user owning the secret file.
Type: string
Default:
"grafana"
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.secretKey.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"grafana.service"
]
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.secretKey.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.secretKey.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.smtp
SMTP options.
Type: null or (submodule)
Default:
null
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.smtp.from_address
SMTP address from which the emails originate.
Type: string
Example:
"vaultwarden@mydomain.com"
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.smtp.from_name
SMTP name from which the emails originate.
Type: string
Default:
"Vaultwarden"
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.smtp.host
SMTP host to send the emails to.
Type: string
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.smtp.passwordFile
File containing the password to connect to the SMTP host.
Type: string
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.smtp.port
SMTP port to send the emails to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
25
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.smtp.username
Username to connect to the SMTP host.
Type: string
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.subdomain
Subdomain under which home-assistant will be served.
Type: string
Example:
"grafana"
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.nextcloud.enable
Whether to enable selfhostblocks.nextcloud-server.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.adminPass
Nextcloud admin password.
Type: submodule
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.adminPass.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.adminPass.request.group
Linux group owning the secret file.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.adminPass.request.mode
Mode of the secret file.
Type: string
Default:
"0400"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.adminPass.request.owner
Linux user owning the secret file.
Type: string
Default:
"nextcloud"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.adminPass.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"phpfpm-nextcloud.service"
]
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.adminPass.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.adminPass.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.adminUser
Username of the initial admin user.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.alwaysApplyExpensiveMigrations
Run occ maintenance:repair --include-expensive on service start.
Larger instances should disable this and run the command at a convenient time but Self Host Blocks assumes that it will not be the case for most users.
Type: boolean
Default:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps
Applications to enable in Nextcloud. Enabling an application here will also configure various services needed for this application.
Enabled apps will automatically be installed, enabled and configured, so no need to do that through the UI. You can still make changes but they will be overridden on next deploy. You can still install and configure other apps through the UI.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.externalStorage
External Storage App. Manual
Set userLocalMount to automatically add a local directory as an external storage.
Use this option if you want to store user data in another folder or another hard drive
altogether.
In the directory option, you can use either $user and/or $home which will be
replaced by the user’s name and home directory.
Recommended use of this option is to have the Nextcloud’s dataDir on a SSD and the
userLocalRooDirectory on a HDD. Indeed, a SSD is much quicker than a spinning hard
drive, which is well suited for randomly accessing small files like thumbnails. On the
other side, a spinning hard drive can store more data which is well suited for storing
user data.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.externalStorage.enable
Whether to enable Nextcloud External Storage App.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.externalStorage.userLocalMount
If set, adds a local mount as external storage.
Type: null or (submodule)
Default:
null
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.externalStorage.userLocalMount.directory
Local directory on the filesystem to mount. Use $user and/or $home
which will be replaced by the user’s name and home directory.
Type: string
Example:
"/srv/nextcloud/$user"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.externalStorage.userLocalMount.mountName
Path of the mount in Nextcloud. Use / to mount as the root.
Type: string
Default:
""
Example:
[
"home"
"/"
]
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap
LDAP Integration App. Manual
Enabling this app will create a new LDAP configuration or update one that exists with the given host.
Type: null or (submodule)
Default:
{ }
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.enable
Whether to enable LDAP app…
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.adminName
Admin user of the LDAP server.
Type: string
Default:
"admin"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.adminPassword
LDAP server admin password.
Type: submodule
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.adminPassword.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.adminPassword.request.group
Linux group owning the secret file.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.adminPassword.request.mode
Mode of the secret file.
Type: string
Default:
"0400"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.adminPassword.request.owner
Linux user owning the secret file.
Type: string
Default:
"nextcloud"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.adminPassword.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"phpfpm-nextcloud.service"
]
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.adminPassword.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.adminPassword.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.configID
Multiple LDAP configs can co-exist with only one active at a time.This option sets the config ID used by Self Host Blocks.
Type: signed integer
Default:
50
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.dcdomain
dc domain for ldap.
Type: string
Example:
"dc=mydomain,dc=com"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.host
Host serving the LDAP server.
Type: string
Default:
"127.0.0.1"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.port
Port of the service serving the LDAP server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
389
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.userGroup
Group users must belong to to be able to login to Nextcloud.
Type: string
Default:
"nextcloud_user"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice
Only Office App. Nextcloud App Store
Enabling this app will also start an OnlyOffice instance accessible at the given subdomain from the given network range.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.enable
Whether to enable Nextcloud OnlyOffice App.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.jwtSecretFile
File containing the JWT secret. This option is required.
Must be readable by the nextcloud system user.
Type: null or path
Default:
null
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.localNetworkIPRange
Local network range, to restrict access to Open Office to only those IPs.
Type: string
Default:
"192.168.1.1/24"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.subdomain
Subdomain under which Only Office will be served.
Type: string
Default:
"oo"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.previewgenerator
Preview Generator App. Nextcloud App Store
Enabling this app will create a cron job running every minute to generate thumbnails for new and updated files.
To generate thumbnails for already existing files, run:
nextcloud-occ -vvv preview:generate-all
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.previewgenerator.enable
Whether to enable Nextcloud Preview Generator App.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.previewgenerator.debug
Enable more verbose logging.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.previewgenerator.recommendedSettings
Better defaults than the defaults. Taken from this article.
Sets the following options:
nextcloud-occ config:app:set previewgenerator squareSizes --value="32 256"
nextcloud-occ config:app:set previewgenerator widthSizes --value="256 384"
nextcloud-occ config:app:set previewgenerator heightSizes --value="256"
nextcloud-occ config:system:set preview_max_x --value 2048
nextcloud-occ config:system:set preview_max_y --value 2048
nextcloud-occ config:system:set jpeg_quality --value 60
nextcloud-occ config:app:set preview jpeg_quality --value="60"
Type: boolean
Default:
true
Example:
false
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso
SSO Integration App. Manual
Enabling this app will create a new LDAP configuration or update one that exists with the given host.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.enable
Whether to enable SSO app…
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.authorization_policy
Require one factor (password) or two factor (device) authentication.
Type: one of “one_factor”, “two_factor”
Default:
"one_factor"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.clientID
Client ID for the OIDC endpoint.
Type: string
Default:
"nextcloud"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.endpoint
OIDC endpoint for SSO.
Type: string
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.fallbackDefaultAuth
Fallback to normal Nextcloud auth if something goes wrong with the SSO app. Usually, you want to enable this to transfer existing users to LDAP and then you can disabled it.
Type: boolean
Default:
false
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.port
If given, adds a port to the endpoint.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.provider
OIDC provider name, used for display.
Type: value “Authelia” (singular enum)
Default:
"Authelia"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.secret
OIDC shared secret.
Type: submodule
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.secret.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.secret.request.group
Linux group owning the secret file.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.secret.request.mode
Mode of the secret file.
Type: string
Default:
"0400"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.secret.request.owner
Linux user owning the secret file.
Type: string
Default:
"nextcloud"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.secret.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"phpfpm-nextcloud.service"
]
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.secret.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.secret.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.secretForAuthelia
OIDC shared secret. Content must be the same as secretFile option.
Type: submodule
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.secretForAuthelia.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.secretForAuthelia.request.group
Linux group owning the secret file.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.secretForAuthelia.request.mode
Mode of the secret file.
Type: string
Default:
"0400"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.secretForAuthelia.request.owner
Linux user owning the secret file.
Type: string
Default:
"authelia"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.secretForAuthelia.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.secretForAuthelia.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.secretForAuthelia.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.autoDisableMaintenanceModeOnStart
Upon starting the service, disable maintenance mode if set.
This is useful if a deploy failed and you try to redeploy.
Type: boolean
Default:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.backup
Backup configuration. This is an output option.
Use it to initialize a block implementing the “backup” contract. For example, with the restic block:
shb.restic.instances."nextcloud" = {
request = config.shb.nextcloud.backup;
settings = {
enable = true;
};
};
Type: submodule (read only)
Default:
{
excludePatterns = [
".rnd"
];
sourceDirectories = [
"/var/lib/nextcloud"
];
user = "nextcloud";
}
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.backup.excludePatterns
File patterns to exclude.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.backup.hooks
Hooks to run around the backup.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.backup.hooks.after_backup
Hooks to run after backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.backup.hooks.before_backup
Hooks to run before backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.backup.sourceDirectories
Directories to backup.
Type: non-empty (list of string)
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.backup.user
Unix user doing the backups.
Type: string
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.dataDir
Folder where Nextcloud will store all its data.
Type: string
Default:
"/var/lib/nextcloud"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.debug
Enable more verbose logging.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.defaultPhoneRegion
Two letters region defining default region.
Type: string
Example:
"US"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.domain
Domain under which Nextcloud is served.
<subdomain>.<domain>[:<port>]
Type: string
Example:
"domain.com"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.externalFqdn
External fqdn used to access Nextcloud. Defaults to <subdomain>.<domain>. This should only be set if you include the port when accessing Nextcloud.
Type: null or string
Default:
null
Example:
"nextcloud.domain.com:8080"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.extraApps
Extra apps to install.
Should be a function returning an attrSet of appid as keys to packages as values,
like generated by fetchNextcloudApp.
The appid must be identical to the id value in the apps’
appinfo/info.xml.
Search in nixpkgs for the NN.json files for existing apps.
You can still install apps through the appstore.
Type: raw value
Default:
null
Example:
apps: {
inherit (apps) mail calendar contact;
phonetrack = pkgs.fetchNextcloudApp {
name = "phonetrack";
sha256 = "0qf366vbahyl27p9mshfma1as4nvql6w75zy2zk5xwwbp343vsbc";
url = "https://gitlab.com/eneiluj/phonetrack-oc/-/wikis/uploads/931aaaf8dca24bf31a7e169a83c17235/phonetrack-0.6.9.tar.gz";
version = "0.6.9";
};
}
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.maxUploadSize
The upload limit for files. This changes the relevant options in php.ini and nginx if enabled.
Type: string
Default:
"4G"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.mountPointServices
If given, all the systemd services and timers will depend on the specified mount point systemd services.
Type: list of string
Default:
[ ]
Example:
["var.mount"]
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.phpFpmPoolSettings
Settings for PHPFPM.
Type: null or (attribute set of anything)
Default:
null
Example:
{
"pm" = "dynamic";
"pm.max_children" = 50;
"pm.start_servers" = 25;
"pm.min_spare_servers" = 10;
"pm.max_spare_servers" = 20;
"pm.max_spawn_rate" = 50;
"pm.max_requests" = 50;
"pm.process_idle_timeout" = "20s";
}
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.port
Port under which Nextcloud will be served. If null is given, then the port is omitted.
<subdomain>.<domain>[:<port>]
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.postgresSettings
Settings for the PostgreSQL database.
Go to https://pgtune.leopard.in.ua/ and copy the generated configuration here.
Type: null or (attribute set of string)
Default:
null
Example:
{
# From https://pgtune.leopard.in.ua/ with:
# DB Version: 14
# OS Type: linux
# DB Type: dw
# Total Memory (RAM): 7 GB
# CPUs num: 4
# Connections num: 100
# Data Storage: ssd
max_connections = "100";
shared_buffers = "1792MB";
effective_cache_size = "5376MB";
maintenance_work_mem = "896MB";
checkpoint_completion_target = "0.9";
wal_buffers = "16MB";
default_statistics_target = "500";
random_page_cost = "1.1";
effective_io_concurrency = "200";
work_mem = "4587kB";
huge_pages = "off";
min_wal_size = "4GB";
max_wal_size = "16GB";
max_worker_processes = "4";
max_parallel_workers_per_gather = "2";
max_parallel_workers = "4";
max_parallel_maintenance_workers = "2";
}
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.subdomain
Subdomain under which Nextcloud will be served.
<subdomain>.<domain>[:<port>]
Type: string
Example:
"nextcloud"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.tracing
Enable xdebug tracing.
To trigger writing a trace to /var/log/xdebug, add a the following header:
XDEBUG_TRACE <shb.nextcloud.tracing value>
The response will contain the following header:
x-xdebug-profile-filename /var/log/xdebug/cachegrind.out.63484
Type: null or string
Default:
null
Example:
"debug_me"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.version
Nextcloud version to choose from.
Type: one of 28, 29
Default:
28
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nginx.accessLog
Log all requests
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.debugLog
Verbose debug of internal. This will print what servers were matched and why.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.vhosts
Endpoints to be protected by authelia.
Type: list of (submodule)
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.vhosts.*.authEndpoint
Optional auth endpoint for SSO.
Type: null or string
Default:
null
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.vhosts.*.autheliaRules
Authelia rule configuration
Type: list of attribute set of anything
Default:
[ ]
Example:
[{
policy = "two_factor";
subject = ["group:service_user"];
}]
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.vhosts.*.domain
Domain of the subdomain.
Type: string
Example:
"mydomain.com"
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.vhosts.*.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.vhosts.*.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.vhosts.*.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.vhosts.*.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.vhosts.*.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.vhosts.*.subdomain
Subdomain which must be protected.
Type: string
Example:
"subdomain"
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.vhosts.*.upstream
Upstream url to be protected.
Type: string
Example:
"http://127.0.0.1:1234"
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.postgresql.enableTCPIP
Enable TCP/IP connection on given port.
Type: boolean
Default:
false
Declared by:
<selfhostblocks/modules/blocks/postgresql.nix>
|
shb.postgresql.databasebackup
Backup configuration. This is an output option.
Use it to initialize a block implementing the “backup” contract. For example, with the restic block:
shb.restic.instances."postgresql" = {
request = config.shb.postgresl.backup;
settings = {
enable = true;
};
};
Type: submodule
Default:
{
backupCmd = ''
''${pkgs.postgresql}/bin/pg_dumpall | ''${pkgs.gzip}/bin/gzip --rsyncable
'';
backupName = "postgres.sql";
restoreCmd = ''
''${pkgs.gzip}/bin/gunzip | ''${pkgs.postgresql}/bin/psql postgres
'';
user = "postgres";
}
Declared by:
<selfhostblocks/modules/blocks/postgresql.nix>
|
shb.postgresql.databasebackup.backupCmd
Command that produces the database dump on stdout.
Type: string
Example:
${pkgs.postgresql}/bin/pg_dumpall | ${pkgs.gzip}/bin/gzip --rsyncable
Declared by:
<selfhostblocks/modules/blocks/postgresql.nix>
|
shb.postgresql.databasebackup.backupName
Name of the backup in the repository.
Type: string
Default:
"dump"
Example:
"postgresql.sql"
Declared by:
<selfhostblocks/modules/blocks/postgresql.nix>
|
shb.postgresql.databasebackup.restoreCmd
Command that reads the database dump on stdin and restores the database.
Type: string
Example:
${pkgs.gzip}/bin/gunzip | ${pkgs.postgresql}/bin/psql postgres
Declared by:
<selfhostblocks/modules/blocks/postgresql.nix>
|
shb.postgresql.databasebackup.user
Unix user doing the backups.
This should be an admin user having access to all databases.
Type: string
Example:
"postgres"
Declared by:
<selfhostblocks/modules/blocks/postgresql.nix>
|
shb.postgresql.debug
Enable debugging options.
Currently enables shared_preload_libraries = “auto_explain, pg_stat_statements”
See https://www.postgresql.org/docs/current/pgstatstatements.html
Type: boolean
Default:
false
Declared by:
<selfhostblocks/modules/blocks/postgresql.nix>
|
shb.postgresql.ensures
List of username, database and/or passwords that should be created.
Type: list of (submodule)
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/postgresql.nix>
|
shb.postgresql.ensures.*.database
Postgres database.
Type: string
Declared by:
<selfhostblocks/modules/blocks/postgresql.nix>
|
shb.postgresql.ensures.*.passwordFile
Optional password file for the postgres user. If not given, only peer auth is accepted for this user, otherwise password auth is allowed.
Type: null or string
Default:
null
Example:
"/run/secrets/postgresql/password"
Declared by:
<selfhostblocks/modules/blocks/postgresql.nix>
|
shb.postgresql.ensures.*.username
Postgres user name.
Type: string
Declared by:
<selfhostblocks/modules/blocks/postgresql.nix>
|
shb.restic.databases
Databases to backup following the database backup contract.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.request
Request part of the backup contract.
Accepts values from a requester.
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.request.backupCmd
Command that produces the database dump on stdout.
Type: string
Example:
${pkgs.postgresql}/bin/pg_dumpall | ${pkgs.gzip}/bin/gzip --rsyncable
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.request.backupName
Name of the backup in the repository.
Type: string
Default:
"dump"
Example:
"postgresql.sql"
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.request.restoreCmd
Command that reads the database dump on stdin and restores the database.
Type: string
Example:
${pkgs.gzip}/bin/gunzip | ${pkgs.postgresql}/bin/psql postgres
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.request.user
Unix user doing the backups.
This should be an admin user having access to all databases.
Type: string
Example:
"postgres"
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.result
Result part of the backup contract.
Contains the output of the Restic provider.
Type: submodule
Default:
{
backupServiceText = "restic-backups-<name>_path_to_repository.service";
restoreScriptText = "restic-backups-<name>_path_to_repository";
}
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.result.backupService
Name of service backing up the database.
This script can be ran manually to backup the database:
$ systemctl start restic-backups-<name>_path_to_repository.service
Type: string
Default:
"restic-backups-<name>_path_to_repository.service"
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.result.restoreScript
Name of script that can restore the database. One can then list snapshots with:
$ restic-backups-<name>_path_to_repository snapshots
And restore the database with:
$ restic-backups-<name>_path_to_repository restore latest
Type: string
Default:
"restic-backups-<name>_path_to_repository"
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.settings
Settings specific to the Restic provider.
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.settings.enable
Whether to enable this backup intance.
A disabled instance will not backup data anymore but still provides the helper tool to restore snapshots .
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.settings.limitDownloadKiBs
Limit download bandwidth to the given KiB/s amount.
Type: null or signed integer
Default:
null
Example:
8000
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.settings.limitUploadKiBs
Limit upload bandwidth to the given KiB/s amount.
Type: null or signed integer
Default:
null
Example:
8000
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.settings.passphrase
Encryption key for the backup repository.
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.settings.passphrase.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default: { mode = 0400; owner = shb.restic.databases.<name>.request.user; group = root; restartUnits = [ shb.restic.databases.<name>.settings.repository ]; }
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.settings.passphrase.request.group
Linux group owning the secret file.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.settings.passphrase.request.mode
Mode of the secret file.
Type: string
Default:
"0400"
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.settings.passphrase.request.owner
Linux user owning the secret file.
Type: string
Default: shb.restic.databases.<name>.request.user
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.settings.passphrase.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default: [ shb.restic.databases.<name>.settings.repository ]
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.settings.passphrase.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.settings.passphrase.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.settings.repository
Repositories to back this instance to.
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.settings.repository.path
Repository location
Type: string
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.settings.repository.secrets
Secrets needed to access the repository where the backups will be stored.
See s3 config for an example and list for the list of all secrets.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
AWS_ACCESS_KEY_ID.source = <path/to/secret>;
AWS_SECRET_ACCESS_KEY.source = <path/to/secret>;
}
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.settings.repository.secrets.<name>.source
File containing the value.
Type: path
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.settings.repository.secrets.<name>.transform
An optional function to transform the secret.
Type: raw value
Default:
null
Example:
v: "prefix-$${v}-suffix"
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.settings.repository.timerConfig
When to run the backup. See systemd.timer(5) for details.
Type: attribute set of (systemd option)
Default:
{
OnCalendar = "daily";
Persistent = true;
}
Example:
{
OnCalendar = "00:05";
Persistent = true;
RandomizedDelaySec = "5h";
}
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.databases.<name>.settings.retention
For how long to keep backup files.
Type: attribute set of (signed integer or non-empty string)
Default:
{
keep_daily = 7;
keep_hourly = 24;
keep_monthly = 6;
keep_weekly = 4;
keep_within = "1d";
}
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances
Files to backup following the backup contract.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.request
Request part of the backup contract.
Accepts values from a requester.
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.request.excludePatterns
File patterns to exclude.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.request.hooks
Hooks to run around the backup.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.request.hooks.after_backup
Hooks to run after backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.request.hooks.before_backup
Hooks to run before backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.request.sourceDirectories
Directories to backup.
Type: non-empty (list of string)
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.request.user
Unix user doing the backups.
Type: string
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.result
Result part of the backup contract.
Contains the output of the Restic provider.
Type: submodule
Default:
{
backupServiceText = "restic-backups-<name>_path_to_repository.service";
restoreScriptText = "restic-backups-<name>_path_to_repository";
}
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.result.backupService
Name of service backing up the database.
This script can be ran manually to backup the database:
$ systemctl start restic-backups-<name>_path_to_repository.service
Type: string
Default:
"restic-backups-<name>_path_to_repository.service"
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.result.restoreScript
Name of script that can restore the database. One can then list snapshots with:
$ restic-backups-<name>_path_to_repository snapshots
And restore the database with:
$ restic-backups-<name>_path_to_repository restore latest
Type: string
Default:
"restic-backups-<name>_path_to_repository"
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.settings
Settings specific to the Restic provider.
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.settings.enable
Whether to enable this backup intance.
A disabled instance will not backup data anymore but still provides the helper tool to restore snapshots .
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.settings.limitDownloadKiBs
Limit download bandwidth to the given KiB/s amount.
Type: null or signed integer
Default:
null
Example:
8000
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.settings.limitUploadKiBs
Limit upload bandwidth to the given KiB/s amount.
Type: null or signed integer
Default:
null
Example:
8000
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.settings.passphrase
Encryption key for the backup repository.
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.settings.passphrase.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default: { mode = 0400; owner = shb.restic.instances.<name>.request.user; group = root; restartUnits = [ shb.restic.instances.<name>.settings.repository ]; }
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.settings.passphrase.request.group
Linux group owning the secret file.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.settings.passphrase.request.mode
Mode of the secret file.
Type: string
Default:
"0400"
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.settings.passphrase.request.owner
Linux user owning the secret file.
Type: string
Default: shb.restic.instances.<name>.request.user
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.settings.passphrase.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default: [ shb.restic.instances.<name>.settings.repository ]
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.settings.passphrase.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.settings.passphrase.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.settings.repository
Repositories to back this instance to.
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.settings.repository.path
Repository location
Type: string
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.settings.repository.secrets
Secrets needed to access the repository where the backups will be stored.
See s3 config for an example and list for the list of all secrets.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
AWS_ACCESS_KEY_ID.source = <path/to/secret>;
AWS_SECRET_ACCESS_KEY.source = <path/to/secret>;
}
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.settings.repository.secrets.<name>.source
File containing the value.
Type: path
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.settings.repository.secrets.<name>.transform
An optional function to transform the secret.
Type: raw value
Default:
null
Example:
v: "prefix-$${v}-suffix"
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.settings.repository.timerConfig
When to run the backup. See systemd.timer(5) for details.
Type: attribute set of (systemd option)
Default:
{
OnCalendar = "daily";
Persistent = true;
}
Example:
{
OnCalendar = "00:05";
Persistent = true;
RandomizedDelaySec = "5h";
}
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.instances.<name>.settings.retention
For how long to keep backup files.
Type: attribute set of (signed integer or non-empty string)
Default:
{
keep_daily = 7;
keep_hourly = 24;
keep_monthly = 6;
keep_weekly = 4;
keep_within = "1d";
}
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.performance
Reduce performance impact of backup jobs.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.performance.ioPriority
ionice priority, defaults to 7 for lowest priority IO. Only used for restic backup, restic forget and restic check commands.
Type: null or integer between 0 and 7 (both inclusive)
Default:
7
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.performance.ioSchedulingClass
ionice scheduling class, defaults to best-effort IO. Only used for restic backup, restic forget and restic check commands.
Type: one of “idle”, “best-effort”, “realtime”
Default:
"best-effort"
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.restic.performance.niceness
nice priority adjustment, defaults to 15 for ~20% CPU time of normal-priority process
Type: integer between -20 and 19 (both inclusive)
Default:
15
Declared by:
<selfhostblocks/modules/blocks/restic.nix>
|
shb.tinyproxy
Tinyproxy instances.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<selfhostblocks/modules/blocks/tinyproxy.nix>
|
shb.tinyproxy.<name>.enable
Whether to enable Tinyproxy daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/tinyproxy.nix>
|
shb.tinyproxy.<name>.package
The tinyproxy package to use.
Type: package
Default:
pkgs.tinyproxy
Declared by:
<selfhostblocks/modules/blocks/tinyproxy.nix>
|
shb.tinyproxy.<name>.dynamicBindFile
File holding the IP to bind to.
Type: unspecified value
Default:
""
Declared by:
<selfhostblocks/modules/blocks/tinyproxy.nix>
|
shb.tinyproxy.<name>.settings
Configuration for tinyproxy.
Type: attribute set of (atom (null, bool, int, float or string) or a list of them for duplicate keys)
Default:
{ }
Example:
{
Port 8888;
Listen 127.0.0.1;
Timeout 600;
Allow 127.0.0.1;
Anonymous = ['"Host"' '"Authorization"'];
ReversePath = '"/example/" "http://www.example.com/"';
}
Declared by:
<selfhostblocks/modules/blocks/tinyproxy.nix>
|
shb.tinyproxy.<name>.settings.Anonymous
If an Anonymous keyword is present, then anonymous proxying is enabled. The
headers listed with Anonymous are allowed through, while all others are denied.
If no Anonymous keyword is present, then all headers are allowed through. You must
include quotes around the headers.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/tinyproxy.nix>
|
shb.tinyproxy.<name>.settings.Filter
Tinyproxy supports filtering of web sites based on URLs or domains. This option specifies the location of the file containing the filter rules, one rule per line.
Type: null or path
Default:
null
Declared by:
<selfhostblocks/modules/blocks/tinyproxy.nix>
|
shb.tinyproxy.<name>.settings.Listen
Specify which address to listen to.
Type: string
Default:
"127.0.0.1"
Declared by:
<selfhostblocks/modules/blocks/tinyproxy.nix>
|
shb.tinyproxy.<name>.settings.Port
Specify which port to listen to.
Type: signed integer
Default:
8888
Declared by:
<selfhostblocks/modules/blocks/tinyproxy.nix>
|
shb.vaultwarden.enable
Whether to enable selfhostblocks.vaultwarden.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.authEndpoint
OIDC endpoint for SSO
Type: null or string
Default:
null
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.backup
Backup configuration. This is an output option.
Use it to initialize a block implementing the “backup” contract. For example, with the restic block:
shb.restic.instances."vaultwarden" = {
request = config.shb.vaultwarden.backup;
settings = {
enable = true;
};
};
Type: submodule (read only)
Default:
{
sourceDirectories = [
"/var/lib/vaultwarden"
];
user = "vaultwarden";
}
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.backup.excludePatterns
File patterns to exclude.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.backup.hooks
Hooks to run around the backup.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.backup.hooks.after_backup
Hooks to run after backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.backup.hooks.before_backup
Hooks to run before backup.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.backup.sourceDirectories
Directories to backup.
Type: non-empty (list of string)
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.backup.user
Unix user doing the backups.
Type: string
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.databasePassword
File containing the Vaultwarden database password.
Type: submodule
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.databasePassword.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.databasePassword.request.group
Linux group owning the secret file.
Type: string
Default:
"postgres"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.databasePassword.request.mode
Mode of the secret file.
Type: string
Default:
"0440"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.databasePassword.request.owner
Linux user owning the secret file.
Type: string
Default:
"vaultwarden"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.databasePassword.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"vaultwarden.service"
"postgresql.service"
]
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.databasePassword.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.databasePassword.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.debug
Set to true to enable debug logging.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.domain
domain under which Authelia will be served.
Type: string
Example:
"mydomain.com"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.mount
Mount configuration. This is an output option.
Use it to initialize a block implementing the “mount” contract. For example, with a zfs dataset:
shb.zfs.datasets."vaultwarden" = {
poolName = "root";
} // config.shb.vaultwarden.mount;
Type: anything (read only)
Default:
{
path = "/var/lib/vaultwarden";
}
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.mount.path
Path to be mounted.
Type: string
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.port
Port on which vaultwarden service listens.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8222
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp
SMTP options.
Type: null or (submodule)
Default:
null
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.auth_mechanism
Auth mechanism.
Type: value “Login” (singular enum)
Default:
"Login"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.from_address
SMTP address from which the emails originate.
Type: string
Example:
"vaultwarden@mydomain.com"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.from_name
SMTP name from which the emails originate.
Type: string
Default:
"Vaultwarden"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.host
SMTP host to send the emails to.
Type: string
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.password
File containing the password to connect to the SMTP host.
Type: submodule
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.password.request
Request part of the secret contract.
Options set by the requester module enforcing some properties the secret should have.
Type: submodule
Default:
""
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.password.request.group
Linux group owning the secret file.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.password.request.mode
Mode of the secret file.
Type: string
Default:
"0400"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.password.request.owner
Linux user owning the secret file.
Type: string
Default:
"vaultwarden"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.password.request.restartUnits
Systemd units to restart after the secret is updated.
Type: list of string
Default:
[
"vaultwarden.service"
]
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.password.result
Result part of the secret contract.
Options set by the provider module that indicates where the secret can be found.
Type: submodule
Default:
{
path = "/run/secrets/secret";
}
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.password.result.path
Path to the file containing the secret generated out of band.
This path will exist after deploying to a target host, it is not available through the nix store.
Type: path
Default:
"/run/secrets/secret"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.port
SMTP port to send the emails to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
25
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.security
Security expected by SMTP host.
Type: one of “starttls”, “force_tls”, “off”
Default:
"starttls"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.username
Username to connect to the SMTP host.
Type: string
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.subdomain
Subdomain under which Authelia will be served.
Type: string
Example:
"ha"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vpn
OpenVPN instances.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<selfhostblocks/modules/blocks/vpn.nix>
|
shb.vpn.<name>.enable
Whether to enable OpenVPN config.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/vpn.nix>
|
shb.vpn.<name>.package
The openvpn package to use.
Type: package
Default:
pkgs.openvpn
Declared by:
<selfhostblocks/modules/blocks/vpn.nix>
|
shb.vpn.<name>.authFile
Location of file holding authentication secrets for provider.
Type: anything
Declared by:
<selfhostblocks/modules/blocks/vpn.nix>
|
shb.vpn.<name>.dev
Name of the interface.
Type: string
Example:
"tun0"
Declared by:
<selfhostblocks/modules/blocks/vpn.nix>
|
shb.vpn.<name>.provider
VPN provider, if given uses ready-made configuration.
Type: null or value “nordvpn” (singular enum)
Default:
null
Declared by:
<selfhostblocks/modules/blocks/vpn.nix>
|
shb.vpn.<name>.proxyPort
If not null, sets up a proxy that listens on the given port and sends traffic to the VPN.
Type: null or signed integer
Default:
null
Declared by:
<selfhostblocks/modules/blocks/vpn.nix>
|
shb.vpn.<name>.remoteServerIP
IP of the VPN server to connect to.
Type: string
Declared by:
<selfhostblocks/modules/blocks/vpn.nix>
|
shb.vpn.<name>.routingNumber
Unique number used to route packets.
Type: signed integer
Example:
10
Declared by:
<selfhostblocks/modules/blocks/vpn.nix>
|
shb.zfs.datasets
ZFS Datasets.
Each entry in the attrset will be created and mounted in the given path. The attrset name is the dataset name.
This block implements the following contracts:
mount
Type: attribute set of (submodule)
Default:
{ }
Example:
shb.zfs."safe/postgresql".path = "/var/lib/postgresql";
Declared by:
<selfhostblocks/modules/blocks/zfs.nix>
|
shb.zfs.datasets.<name>.enable
Whether to enable shb.zfs.datasets.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/zfs.nix>
|
shb.zfs.datasets.<name>.path
Path this dataset should be mounted on.
Type: string
Declared by:
<selfhostblocks/modules/blocks/zfs.nix>
|
shb.zfs.datasets.<name>.poolName
ZFS pool name this dataset should be created on. Overrides the defaultPoolName.
Type: null or string
Default:
null
Declared by:
<selfhostblocks/modules/blocks/zfs.nix>
|
shb.zfs.defaultPoolName
ZFS pool name datasets should be created on if no pool name is given in the dataset.
Type: null or string
Default:
null
Declared by:
<selfhostblocks/modules/blocks/zfs.nix>
|