shb.arr.bazarr
Configuration for bazarr
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.enable
Whether to enable bazarr.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.authEndpoint
Endpoint to the SSO provider. Leave null to not have SSO configured.
Type: null or string
Default:
null
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.backupCfg
Backup configuration for bazarr.
Type: anything
Default:
{ }
Example:
{
backend = "restic";
repositories = [ ];
}
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.dataDir
Directory where bazarr stores data.
Type: string
Default:
"/var/lib/bazarr"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.domain
Domain under which bazarr will be served.
Type: string
Example:
"example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.settings
Specific options for bazarr.
Type: XML value
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.settings.LogLevel
Log level.
Type: one of “debug”, “info”
Default:
"info"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.settings.Port
Port on which bazarr listens to incoming requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) (read only)
Default:
6767
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.bazarr.subdomain
Subdomain under which bazarr will be served.
Type: string
Example:
"bazarr"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett
Configuration for jackett
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.enable
Whether to enable jackett.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.authEndpoint
Endpoint to the SSO provider. Leave null to not have SSO configured.
Type: null or string
Default:
null
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.backupCfg
Backup configuration for jackett.
Type: anything
Default:
{ }
Example:
{
backend = "restic";
repositories = [ ];
}
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.dataDir
Directory where jackett stores data.
Type: string
Default:
"/var/lib/jackett"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.domain
Domain under which jackett will be served.
Type: string
Example:
"example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings
Specific options for jackett.
Type: JSON value
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.APIKey
Path to api key secret file.
Type: submodule
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.APIKey.source
File containing the value.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.APIKey.transform
An optional function to transform the secret.
Type: raw value
Default:
null
Example:
v: "prefix-$${v}-suffix"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.FlareSolverrUrl
FlareSolverr endpoint.
Type: null or string
Default:
null
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.OmdbApiKey
File containing the Open Movie Database API key.
Type: null or (submodule)
Default:
null
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.OmdbApiKey.source
File containing the value.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.OmdbApiKey.transform
An optional function to transform the secret.
Type: raw value
Default:
null
Example:
v: "prefix-$${v}-suffix"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.Port
Port on which jackett listens to incoming requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) (read only)
Default:
9117
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.ProxyPort
Port of the proxy. Ignored if ProxyType is set to -1
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.ProxyType
-1 = disabled 0 = HTTP 1 = SOCKS4 2 = SOCKS5
Type: one of “-1”, “0”, “1”, “2”
Default:
"-1"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.settings.ProxyUrl
URL of the proxy. Ignored if ProxyType is set to -1
Type: null or string
Default:
null
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.jackett.subdomain
Subdomain under which jackett will be served.
Type: string
Example:
"jackett"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr
Configuration for lidarr
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.enable
Whether to enable lidarr.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.authEndpoint
Endpoint to the SSO provider. Leave null to not have SSO configured.
Type: null or string
Default:
null
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.backupCfg
Backup configuration for lidarr.
Type: anything
Default:
{ }
Example:
{
backend = "restic";
repositories = [ ];
}
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.dataDir
Directory where lidarr stores data.
Type: string
Default:
"/var/lib/lidarr"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.domain
Domain under which lidarr will be served.
Type: string
Example:
"example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.settings
Specific options for lidarr.
Type: XML value
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.settings.LogLevel
Log level.
Type: one of “debug”, “info”
Default:
"info"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.settings.Port
Port on which lidarr listens to incoming requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8686
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.lidarr.subdomain
Subdomain under which lidarr will be served.
Type: string
Example:
"lidarr"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr
Configuration for radarr
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.enable
Whether to enable radarr.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.authEndpoint
Endpoint to the SSO provider. Leave null to not have SSO configured.
Type: null or string
Default:
null
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.backupCfg
Backup configuration for radarr.
Type: anything
Default:
{ }
Example:
{
backend = "restic";
repositories = [ ];
}
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.dataDir
Directory where radarr stores data.
Type: string
Default:
"/var/lib/radarr"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.domain
Domain under which radarr will be served.
Type: string
Example:
"example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.settings
Specific options for radarr.
Type: XML value
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.settings.APIKey
Path to api key secret file.
Type: submodule
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.settings.APIKey.source
File containing the value.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.settings.APIKey.transform
An optional function to transform the secret.
Type: raw value
Default:
null
Example:
v: "prefix-$${v}-suffix"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.settings.AnalyticsEnabled
Wether to send anonymous data or not.
Type: boolean
Default:
false
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.settings.LogLevel
Log level.
Type: one of “debug”, “info”
Default:
"info"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.settings.Port
Port on which radarr listens to incoming requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
7878
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.radarr.subdomain
Subdomain under which radarr will be served.
Type: string
Example:
"radarr"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr
Configuration for readarr
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.enable
Whether to enable readarr.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.authEndpoint
Endpoint to the SSO provider. Leave null to not have SSO configured.
Type: null or string
Default:
null
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.backupCfg
Backup configuration for readarr.
Type: anything
Default:
{ }
Example:
{
backend = "restic";
repositories = [ ];
}
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.dataDir
Directory where readarr stores data.
Type: string
Default:
"/var/lib/readarr"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.domain
Domain under which readarr will be served.
Type: string
Example:
"example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.settings
Specific options for readarr.
Type: XML value
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.settings.LogLevel
Log level.
Type: one of “debug”, “info”
Default:
"info"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.settings.Port
Port on which readarr listens to incoming requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8787
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.readarr.subdomain
Subdomain under which readarr will be served.
Type: string
Example:
"readarr"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr
Configuration for sonarr
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.enable
Whether to enable sonarr.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.authEndpoint
Endpoint to the SSO provider. Leave null to not have SSO configured.
Type: null or string
Default:
null
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.backupCfg
Backup configuration for sonarr.
Type: anything
Default:
{ }
Example:
{
backend = "restic";
repositories = [ ];
}
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.dataDir
Directory where sonarr stores data.
Type: string
Default:
"/var/lib/sonarr"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.domain
Domain under which sonarr will be served.
Type: string
Example:
"example.com"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.settings
Specific options for sonarr.
Type: XML value
Default:
{ }
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.settings.APIKey
Path to api key secret file.
Type: submodule
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.settings.APIKey.source
File containing the value.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.settings.APIKey.transform
An optional function to transform the secret.
Type: raw value
Default:
null
Example:
v: "prefix-$${v}-suffix"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.settings.LogLevel
Log level.
Type: one of “debug”, “info”
Default:
"info"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.settings.Port
Port on which sonarr listens to incoming requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8989
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.arr.sonarr.subdomain
Subdomain under which sonarr will be served.
Type: string
Example:
"sonarr"
Declared by:
<selfhostblocks/modules/services/arr.nix>
|
shb.audiobookshelf.enable
Whether to enable selfhostblocks.audiobookshelf.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.authEndpoint
OIDC endpoint for SSO
Type: string
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.domain
domain under which audiobookshelf will be served.
Type: string
Example:
"mydomain.com"
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.extraServiceConfig
Extra configuration given to the systemd service file.
Type: attribute set of string
Default:
{ }
Example:
{
MemoryHigh = "512M";
MemoryMax = "900M";
}
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.logLevel
Enable logging.
Type: null or one of “critical”, “error”, “warning”, “info”, “debug”
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.oidcAdminUserGroup
OIDC admin group
Type: string
Default:
"audiobookshelf_admin"
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.oidcClientID
Client ID for the OIDC endpoint
Type: string
Default:
"audiobookshelf"
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.oidcProvider
OIDC provider name
Type: string
Default:
"Authelia"
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.oidcUserGroup
OIDC user group
Type: string
Default:
"audiobookshelf_user"
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.ssoSecretFile
File containing the SSO shared secret.
Type: path
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.subdomain
Subdomain under which audiobookshelf will be served.
Type: string
Example:
"abs"
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.audiobookshelf.webPort
Audiobookshelf web port
Type: signed integer
Default:
8113
Declared by:
<selfhostblocks/modules/services/audiobookshelf.nix>
|
shb.authelia.enable
Whether to enable selfhostblocks.authelia.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.autheliaUser
System user for this Authelia instance.
Type: string
Default:
"authelia"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.dcdomain
dc domain for ldap.
Type: string
Example:
"dc=mydomain,dc=com"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.domain
domain under which Authelia will be served.
Type: string
Example:
"mydomain.com"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.ldapEndpoint
Endpoint for LDAP authentication backend.
Type: string
Example:
"ldap.example.com"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.oidcClients
OIDC clients
Type: list of (attribute set of anything)
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.oidcClients.*.authorization_policy
Require one factor (password) or two factor (device) authentication.
Type: one of “one_factor”, “two_factor”
Default:
"one_factor"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.oidcClients.*.description
Human readable description of the OIDC client.
Type: null or string
Default:
null
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.oidcClients.*.id
Unique identifier of the OIDC client.
Type: string
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.oidcClients.*.public
If the OIDC client is public or not.
Type: boolean
Default:
false
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.oidcClients.*.redirect_uris
List of uris that are allowed to be redirected to.
Type: list of string
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.oidcClients.*.scopes
Scopes to ask for
Type: list of string
Default:
[ ]
Example:
[
"openid"
"profile"
"email"
"groups"
]
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.oidcClients.*.secret
File containing the shared secret with the OIDC client.
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.oidcClients.*.secret.source
File containing the value.
Type: path
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.oidcClients.*.secret.transform
An optional function to transform the secret.
Type: raw value
Default:
null
Example:
v: "prefix-$${v}-suffix"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.port
If given, adds a port to the <subdomain>.<domain> endpoint.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.rules
Rule based clients
Type: list of anything
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets
Secrets needed by Authelia
Type: submodule
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.identityProvidersOIDCHMACSecretFile
File containing the identity provider OIDC HMAC secret.
Type: path
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.identityProvidersOIDCIssuerPrivateKeyFile
File containing the identity provider OIDC issuer private key.
Generate one with nix run nixpkgs#openssl -- genrsa -out keypair.pem 2048
Type: path
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.jwtSecretFile
File containing the JWT secret.
Type: path
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.ldapAdminPasswordFile
File containing the LDAP admin user password.
Type: path
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.sessionSecretFile
File containing the session secret.
Type: path
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.secrets.storageEncryptionKeyFile
File containing the storage encryption key.
Type: path
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.smtp
If a string is given, writes notifications to the given path.Otherwise, send notifications by smtp.
https://www.authelia.com/configuration/notifications/introduction/
Type: string or null or (submodule)
Default:
"/tmp/authelia-notifications"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.authelia.subdomain
Subdomain under which Authelia will be served.
Type: string
Example:
"auth"
Declared by:
<selfhostblocks/modules/blocks/authelia.nix>
|
shb.backup.borgServer
Add borgbackup package so external backups can use this server as a remote.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.group
Unix group doing the backups.
Type: string
Default:
"backup"
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.instances
Each instance is a backup setting
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.instances.<name>.enable
Whether to enable shb backup instance.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.instances.<name>.backend
What program to use to make the backups.
Type: one of “borgmatic”, “restic”
Example:
"borgmatic"
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.instances.<name>.consistency
Consistency frequency options. Only applicable for borgmatic
Type: attribute set of non-empty string
Default:
{ }
Example:
{
archives = "1 month";
repository = "2 weeks";
}
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.instances.<name>.environmentFile
Add environment file to be read by the systemd service.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.instances.<name>.excludePatterns
Borgmatic exclude patterns.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.instances.<name>.hooks
Borgmatic hooks.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.instances.<name>.hooks.after_backup
Hooks to run after backup
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.instances.<name>.hooks.before_backup
Hooks to run before backup
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.instances.<name>.keySopsFile
Sops file that holds this instance’s Borgmatic repository key and passphrase.
Type: path
Example:
"secrets/backup.yaml"
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.instances.<name>.repositories
Repositories to back this instance to.
Type: non-empty (list of (submodule))
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.instances.<name>.repositories.*.path
Repository location
Type: string
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.instances.<name>.repositories.*.timerConfig
When to run the backup. See systemd.timer(5) for details.
Type: attribute set of (systemd option)
Default:
{
OnCalendar = "daily";
Persistent = true;
}
Example:
{
OnCalendar = "00:05";
Persistent = true;
RandomizedDelaySec = "5h";
}
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.instances.<name>.retention
Retention options.
Type: attribute set of (signed integer or non-empty string)
Default:
{
keep_daily = 7;
keep_hourly = 24;
keep_monthly = 6;
keep_weekly = 4;
keep_within = "1d";
}
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.instances.<name>.secretName
Secret name, if null use the name of the backup instance.
Type: null or string
Default:
null
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.instances.<name>.sourceDirectories
Borgmatic source directories.
Type: non-empty (list of string)
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.onlyOnAC
Run backups only if AC power is plugged in.
Type: boolean
Default:
true
Example:
false
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.performance
Reduce performance impact of backup jobs.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.performance.ioPriority
ionice priority, defaults to 7 for lowest priority IO. Only used for restic backup, restic forget and restic check commands.
Type: null or integer between 0 and 7 (both inclusive)
Default:
7
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.performance.ioSchedulingClass
ionice scheduling class, defaults to best-effort IO. Only used for restic backup, restic forget and restic check commands.
Type: one of “idle”, “best-effort”, “realtime”
Default:
"best-effort"
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.performance.niceness
nice priority adjustment, defaults to 15 for ~20% CPU time of normal-priority process
Type: integer between -20 and 19 (both inclusive)
Default:
15
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.backup.user
Unix user doing the backups.
Type: string
Default:
"backup"
Declared by:
<selfhostblocks/modules/blocks/backup.nix>
|
shb.certs.cas.selfsigned
Generate a self-signed Certificate Authority.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.cas.selfsigned.<name>.name
Certificate Authority Name. You can put what you want here, it will be displayed by the browser.
Type: string
Default:
"Self Host Blocks Certificate"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.cas.selfsigned.<name>.paths
Paths where CA certs will be located.
This option implements the SSL Generator contract.
Type: anything
Default:
{
cert = "/var/lib/certs/cas/‹name›.cert";
key = "/var/lib/certs/cas/‹name›.key";
}
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.cas.selfsigned.<name>.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.cas.selfsigned.<name>.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.cas.selfsigned.<name>.systemdService
Systemd oneshot service used to generate the certs.
This option implements the SSL Generator contract.
Type: string
Default:
"shb-certs-ca-‹name›.service"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt
Generate certificates signed by Let’s Encrypt.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.additionalEnvironment
Additional environment variables used to configure the DNS provider.
For secrets, use shb.ssl.credentialsFile instead.
See the chosen provider’s documentation for available options.
Type: attribute set of string
Example:
{
DNSPROVIDER_TIMEOUT = "10";
DNSPROVIDER_PROPAGATION_TIMEOUT = "240";
}
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.adminEmail
Admin email in case certificate retrieval goes wrong.
Type: string
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.credentialsFile
Credentials file location for the chosen DNS provider.
The content of this file must expose environment variables as written in the documentation of each DNS provider.
For example, if the documentation says the credential must be located in the environment variable DNSPROVIDER_TOKEN, then the file content must be:
DNSPROVIDER_TOKEN=xyz
You can put non-secret environment variables here too or use shb.ssl.additionalcfg instead.
Type: null or path
Default:
null
Example:
"/run/secrets/ssl"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.debug
Enable debug logging
Type: boolean
Default:
false
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.dnsProvider
DNS provider to use. See https://go-acme.github.io/lego/dns/ for the list of supported providers.
Type: null or string
Default:
null
Example:
"linode"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.dnsResolver
IP of a DNS server used to resolve hostnames.
Type: string
Default:
"8.8.8.8"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.domain
Domain to generate a certificate for. This can be a wildcard domain like
*.example.com.
Type: string
Example:
"example.com"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.extraDomains
Other domains to generate a certificate for.
Type: list of string
Default:
[ ]
Example:
[
"sub1.example.com"
"sub2.example.com"
]
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.group
Unix group owning this certificate.
Type: null or string
Default:
"acme"
Example:
"nginx"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.makeAvailableToUser
Make all certificates available to given user.
Type: null or string
Default:
null
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.paths
Paths where certs will be located.
This option implements the SSL Generator contract.
Type: anything
Default:
{
cert = "/var/lib/acme/‹name›/cert.pem";
key = "/var/lib/acme/‹name›/key.pem";
}
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.reloadServices
The list of systemd services to call systemctl try-reload-or-restart on.
Type: list of string
Default:
[ ]
Example:
[
"nginx.service"
]
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.letsencrypt.<name>.systemdService
Systemd oneshot service used to generate the certs.
This option implements the SSL Generator contract.
Type: string
Default:
"shb-certs-cert-letsencrypt-‹name›.service"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned
Generate self-signed certificates signed by a Certificate Authority.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.ca
CA used to generate this certificate. Only used for self-signed.
This contract input takes the contract output of the shb.certs.cas SSL block.
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.ca.paths
Paths where the files for the CA will be located.
This option is the contract output of the shb.certs.cas SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.ca.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.ca.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.ca.systemdService
Systemd oneshot service used to generate the CA. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"ca-generator.service"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.domain
Domain to generate a certificate for. This can be a wildcard domain like
*.example.com.
Type: string
Example:
"example.com"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.extraDomains
Other domains to generate a certificate for.
Type: list of string
Default:
[ ]
Example:
[
"sub1.example.com"
"sub2.example.com"
]
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.group
Unix group owning this certificate.
Type: string
Default:
"root"
Example:
"nginx"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.paths
Paths where certs will be located.
This option implements the SSL Generator contract.
Type: anything
Default:
{
cert = "/var/lib/certs/selfsigned/‹name›.cert";
key = "/var/lib/certs/selfsigned/‹name›.key";
}
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.reloadServices
The list of systemd services to call systemctl try-reload-or-restart on.
Type: list of string
Default:
[ ]
Example:
[
"nginx.service"
]
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.certs.selfsigned.<name>.systemdService
Systemd oneshot service used to generate the certs.
This option implements the SSL Generator contract.
Type: string
Default:
"shb-certs-cert-selfsigned-‹name›.service"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.certs.systemdService
Systemd oneshot service used to generate the Certificate Authority bundle.
Type: string
Default:
"shb-ca-bundle.service"
Declared by:
<selfhostblocks/modules/blocks/ssl.nix>
|
shb.contracts.ssl
Contract for SSL Certificate generator.
Type: anything
Declared by:
<selfhostblocks/modules/contracts/ssl/dummyModule.nix>
|
shb.contracts.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/contracts/ssl/dummyModule.nix>
|
shb.contracts.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/contracts/ssl/dummyModule.nix>
|
shb.contracts.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/contracts/ssl/dummyModule.nix>
|
shb.contracts.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/contracts/ssl/dummyModule.nix>
|
shb.davfs.mounts
List of mounts.
Type: list of (submodule)
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/davfs.nix>
|
shb.davfs.mounts.*.automount
Create a systemd automount unit
Type: boolean
Default:
true
Declared by:
<selfhostblocks/modules/blocks/davfs.nix>
|
shb.davfs.mounts.*.directoryMode
Directory creation mode
Type: null or string
Default:
null
Example:
"2775"
Declared by:
<selfhostblocks/modules/blocks/davfs.nix>
|
shb.davfs.mounts.*.fileMode
File creation mode
Type: null or string
Default:
null
Example:
"0664"
Declared by:
<selfhostblocks/modules/blocks/davfs.nix>
|
shb.davfs.mounts.*.gid
Group owner of the mount point.
Type: null or signed integer
Default:
null
Example:
1000
Declared by:
<selfhostblocks/modules/blocks/davfs.nix>
|
shb.davfs.mounts.*.mountPoint
Mount point to mount the webdav endpoint on.
Type: string
Example:
"/mnt"
Declared by:
<selfhostblocks/modules/blocks/davfs.nix>
|
shb.davfs.mounts.*.passwordFile
Password to connect to the webdav endpoint.
Type: string
Declared by:
<selfhostblocks/modules/blocks/davfs.nix>
|
shb.davfs.mounts.*.remoteUrl
Webdav endpoint to connect to.
Type: string
Example:
"https://my.domain.com/dav"
Declared by:
<selfhostblocks/modules/blocks/davfs.nix>
|
shb.davfs.mounts.*.uid
User owner of the mount point.
Type: null or signed integer
Default:
null
Example:
1000
Declared by:
<selfhostblocks/modules/blocks/davfs.nix>
|
shb.davfs.mounts.*.username
Username to connect to the webdav endpoint.
Type: string
Declared by:
<selfhostblocks/modules/blocks/davfs.nix>
|
shb.deluge.enable
Whether to enable selfhostblocks.deluge.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.enabledPlugins
Plugins to enable, can include those from additionalPlugins.
Type: list of string
Default:
[ ]
Example:
[
"Label"
]
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.additionalPlugins
Location of additional plugins. Each item in the list must be the path to the directory containing the plugin .egg file.
Type: list of path
Default:
[ ]
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.authEndpoint
OIDC endpoint for SSO
Type: string
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.authFile
File containing auth lines in the format expected by deluge. See https://dev.deluge-torrent.org/wiki/UserGuide/Authentication.
Type: path
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.daemonListenPorts
Deluge daemon listen ports
Type: list of signed integer
Default:
[
6881
6889
]
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.daemonPort
Deluge daemon port
Type: signed integer
Default:
58846
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.domain
domain under which deluge will be served.
Type: string
Example:
"mydomain.com"
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.extraServiceConfig
Extra configuration given to the systemd service file.
Type: attribute set of string
Default:
{ }
Example:
{
MemoryHigh = "512M";
MemoryMax = "900M";
}
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.logLevel
Enable logging.
Type: null or one of “critical”, “error”, “warning”, “info”, “debug”
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.outgoingInterface
If not null, sets up a deluge to bind all outgoing traffic to the given interface.
Type: null or string
Default:
null
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.proxyPort
If not null, sets up a deluge to forward all traffic to the Proxy listening at that port.
Type: null or signed integer
Default:
null
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings
Deluge operational settings.
Type: submodule
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.dont_count_slow_torrents
Do not count slow torrents towards any limits.
Type: boolean
Default:
true
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.downloadLocation
Folder where torrents gets downloaded
Type: string
Example:
"/srv/torrents"
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_active_downloading
Maximum Active Downloading
Type: signed integer
Default:
30
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_active_limit
Maximum Active Limit
Type: signed integer
Default:
200
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_active_seeding
Maximum Active Seeding
Type: signed integer
Default:
100
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_connections_global
Maximum Connections Global
Type: signed integer
Default:
200
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_connections_per_torrent
Maximum Connections Per Torrent
Type: signed integer
Default:
50
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_download_speed
Maximum Download Speed
Type: signed integer
Default:
1000
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_download_speed_per_torrent
Maximum Download Speed Per Torrent
Type: signed integer
Default:
-1
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_upload_slots_global
Maximum Upload Slots Global
Type: signed integer
Default:
100
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_upload_slots_per_torrent
Maximum Upload Slots Per Torrent
Type: signed integer
Default:
4
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_upload_speed
Maximum Upload Speed
Type: signed integer
Default:
200
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.settings.max_upload_speed_per_torrent
Maximum Upload Speed Per Torrent
Type: signed integer
Default:
50
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.subdomain
Subdomain under which deluge will be served.
Type: string
Example:
"ha"
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.deluge.webPort
Deluge web port
Type: signed integer
Default:
8112
Declared by:
<selfhostblocks/modules/services/deluge.nix>
|
shb.grocy.enable
Whether to enable selfhostblocks.grocy.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.culture
Display language of the frontend.
Type: one of “de”, “en”, “da”, “en_GB”, “es”, “fr”, “hu”, “it”, “nl”, “no”, “pl”, “pt_BR”, “ru”, “sk_SK”, “sv_SE”, “tr”
Default:
"en"
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.currency
ISO 4217 code for the currency to display.
Type: string
Default:
"USD"
Example:
"NOK"
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.dataDir
Folder where Grocy will store all its data.
Type: string
Default:
"/var/lib/grocy"
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.domain
domain under which grocy will be served.
Type: string
Example:
"mydomain.com"
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.extraServiceConfig
Extra configuration given to the systemd service file.
Type: attribute set of string
Default:
{ }
Example:
{
MemoryHigh = "512M";
MemoryMax = "900M";
}
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.logLevel
Enable logging.
Type: null or one of “critical”, “error”, “warning”, “info”, “debug”
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.grocy.subdomain
Subdomain under which grocy will be served.
Type: string
Example:
"grocy"
Declared by:
<selfhostblocks/modules/services/grocy.nix>
|
shb.hledger.enable
Whether to enable selfhostblocks.hledger.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.authEndpoint
OIDC endpoint for SSO
Type: string
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.domain
domain under which Authelia will be served.
Type: string
Example:
"mydomain.com"
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.localNetworkIPRange
Local network range, to restrict access to the UI to only those IPs.
Type: string
Default:
null
Example:
"192.168.1.1/24"
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.port
HLedger port
Type: signed integer
Default:
5000
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.hledger.subdomain
Subdomain under which Authelia will be served.
Type: string
Example:
"ha"
Declared by:
<selfhostblocks/modules/services/hledger.nix>
|
shb.home-assistant.enable
Whether to enable selfhostblocks.home-assistant.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.backupCfg
Backup configuration for home-assistant
Type: anything
Default:
{ }
Example:
{
backend = "restic";
repositories = [ ];
}
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.config
See all available settings at https://www.home-assistant.io/docs/configuration/basic/
Type: attribute set of string
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.config.country
Two letter country code where this instance is located.
Type: string or (submodule)
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.config.latitude
Latitude where this instance is located.
Type: string or (submodule)
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.config.longitude
Longitude where this instance is located.
Type: string or (submodule)
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.config.name
Name of the Home Assistant instance.
Type: string or (submodule)
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.config.time_zone
Timezone of this instance.
Type: string or (submodule)
Example:
"America/Los_Angeles"
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.config.unit_system
Timezone of this instance.
Type: string or one of “metric”, “us_customary”
Example:
"America/Los_Angeles"
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.domain
domain under which home-assistant will be served.
Type: string
Example:
"mydomain.com"
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ldap
LDAP Integration App. Manual
Enabling this app will create a new LDAP configuration or update one that exists with the given host.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ldap.enable
Whether to enable LDAP app…
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ldap.host
Host serving the LDAP server.
If set, the Home Assistant auth will be disabled. To keep it, set
keepDefaultAuth to true.
Type: string
Default:
"127.0.0.1"
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ldap.keepDefaultAuth
Keep Home Assistant auth active, even if LDAP is configured. Usually, you want to enable this to transfer existing users to LDAP and then you can disabled it.
Type: boolean
Default:
false
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ldap.port
Port of the service serving the LDAP server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
389
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ldap.userGroup
Group users must belong to to be able to login to Nextcloud.
Type: string
Default:
"homeassistant_user"
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.home-assistant.subdomain
Subdomain under which home-assistant will be served.
Type: string
Example:
"ha"
Declared by:
<selfhostblocks/modules/services/home-assistant.nix>
|
shb.jellyfin.enable
Whether to enable shb jellyfin.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.domain
Domain to serve sites under.
Type: string
Example:
"domain.com"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap
LDAP configuration.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap.enable
Whether to enable LDAP.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap.adminGroup
LDAP admin group
Type: string
Default:
"jellyfin_admin"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap.dcdomain
DC domain for LDAP.
Type: string
Example:
"dc=mydomain,dc=com"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap.host
Host serving the LDAP server.
Type: string
Example:
"127.0.0.1"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap.passwordFile
File containing the LDAP admin password.
Type: path
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap.port
Port where the LDAP server is listening.
Type: signed integer
Example:
389
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ldap.userGroup
LDAP user group
Type: string
Default:
"jellyfin_user"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso
SSO configuration.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.enable
Whether to enable SSO.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.adminUserGroup
OIDC admin group
Type: string
Default:
"jellyfin_admin"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.clientID
Client ID for the OIDC endpoint
Type: string
Default:
"jellyfin"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.endpoint
OIDC endpoint for SSO
Type: string
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.provider
OIDC provider name
Type: string
Default:
"Authelia"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.secretFile
File containing the OIDC shared secret.
Type: path
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.sso.userGroup
OIDC user group
Type: string
Default:
"jellyfin_user"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.jellyfin.subdomain
Subdomain under which home-assistant will be served.
Type: string
Example:
"jellyfin"
Declared by:
<selfhostblocks/modules/services/jellyfin.nix>
|
shb.ldap.enable
Whether to enable the LDAP service.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.dcdomain
dc domain to serve.
Type: string
Example:
"dc=mydomain,dc=com"
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.debug
Enable debug logging.
Type: boolean
Default:
false
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.domain
Domain under which the LDAP service will be served.
Type: string
Example:
"mydomain.com"
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.jwtSecretFile
File containing the JWT secret.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.ldapPort
Port on which the server listens for the LDAP protocol.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3890
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.ldapUserPasswordFile
File containing the LDAP admin user password.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.restrictAccessIPRange
Set a local network range to restrict access to the UI to only those IPs.
Type: null or string
Default:
null
Example:
"192.168.1.1/24"
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.subdomain
Subdomain under which the LDAP service will be served.
Type: string
Example:
"grafana"
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.ldap.webUIListenPort
Port on which the web UI is exposed.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
17170
Declared by:
<selfhostblocks/modules/blocks/ldap.nix>
|
shb.monitoring.enable
Whether to enable selfhostblocks.monitoring.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.adminPasswordFile
File containing the initial admin password.
Type: path
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.contactPoints
List of email addresses to send alerts to
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.debugLog
Set to true to enable debug logging of the infrastructure serving Grafana.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.domain
domain under which home-assistant will be served.
Type: string
Example:
"mydomain.com"
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.grafanaPort
Port where Grafana listens to HTTP requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3000
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.lokiMajorVersion
Switching from version 2 to 3 requires manual intervention https://grafana.com/docs/loki/latest/setup/upgrade/#main–unreleased. So this let’s the user upgrade at their own pace.
Type: one of 2, 3
Default:
2
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.lokiPort
Port where Loki listens to HTTP requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3002
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.orgId
Org ID where all self host blocks related config will be stored.
Type: signed integer
Default:
1
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.prometheusPort
Port where Prometheus listens to HTTP requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3001
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.provisionDashboards
Provision Self Host Blocks dashboards under ‘Self Host Blocks’ folder.
Type: boolean
Default:
true
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.secretKeyFile
File containing the secret key used for signing.
Type: path
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.smtp
SMTP options.
Type: null or (submodule)
Default:
null
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.smtp.from_address
SMTP address from which the emails originate.
Type: string
Example:
"vaultwarden@mydomain.com"
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.smtp.from_name
SMTP name from which the emails originate.
Type: string
Default:
"Vaultwarden"
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.smtp.host
SMTP host to send the emails to.
Type: string
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.smtp.passwordFile
File containing the password to connect to the SMTP host.
Type: string
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.smtp.port
SMTP port to send the emails to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
25
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.smtp.username
Username to connect to the SMTP host.
Type: string
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.monitoring.subdomain
Subdomain under which home-assistant will be served.
Type: string
Example:
"grafana"
Declared by:
<selfhostblocks/modules/blocks/monitoring.nix>
|
shb.nextcloud.enable
Whether to enable selfhostblocks.nextcloud-server.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.adminPassFile
File containing the Nextcloud admin password. Required.
Type: null or path
Default:
null
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.adminUser
Username of the initial admin user.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps
Applications to enable in Nextcloud. Enabling an application here will also configure various services needed for this application.
Enabled apps will automatically be installed, enabled and configured, so no need to do that through the UI. You can still make changes but they will be overridden on next deploy. You can still install and configure other apps through the UI.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.externalStorage
External Storage App. Manual
Set userLocalMount to automatically add a local directory as an external storage.
Use this option if you want to store user data in another folder or another hard drive
altogether.
In the directory option, you can use either $user and/or $home which will be
replaced by the user’s name and home directory.
Recommended use of this option is to have the Nextcloud’s dataDir on a SSD and the
userLocalRooDirectory on a HDD. Indeed, a SSD is much quicker than a spinning hard
drive, which is well suited for randomly accessing small files like thumbnails. On the
other side, a spinning hard drive can store more data which is well suited for storing
user data.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.externalStorage.enable
Whether to enable Nextcloud External Storage App.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.externalStorage.userLocalMount
If set, adds a local mount as external storage.
Type: null or (submodule)
Default:
null
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.externalStorage.userLocalMount.directory
Local directory on the filesystem to mount. Use $user and/or $home
which will be replaced by the user’s name and home directory.
Type: string
Example:
"/srv/nextcloud/$user"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.externalStorage.userLocalMount.mountName
Path of the mount in Nextcloud. Use / to mount as the root.
Type: string
Default:
""
Example:
[
"home"
"/"
]
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap
LDAP Integration App. Manual
Enabling this app will create a new LDAP configuration or update one that exists with the given host.
Type: null or (submodule)
Default:
{ }
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.enable
Whether to enable LDAP app…
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.adminName
Admin user of the LDAP server.
Type: string
Default:
"admin"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.adminPasswordFile
File containing the admin password of the LDAP server.
Must be readable by the nextcloud system user.
Type: path
Default:
""
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.dcdomain
dc domain for ldap.
Type: string
Example:
"dc=mydomain,dc=com"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.host
Host serving the LDAP server.
Type: string
Default:
"127.0.0.1"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.port
Port of the service serving the LDAP server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
389
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.userGroup
Group users must belong to to be able to login to Nextcloud.
Type: string
Default:
"nextcloud_user"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice
Only Office App. Nextcloud App Store
Enabling this app will also start an OnlyOffice instance accessible at the given subdomain from the given network range.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.enable
Whether to enable Nextcloud OnlyOffice App.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.jwtSecretFile
File containing the JWT secret. This option is required.
Must be readable by the nextcloud system user.
Type: null or path
Default:
null
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.localNetworkIPRange
Local network range, to restrict access to Open Office to only those IPs.
Type: string
Default:
"192.168.1.1/24"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.subdomain
Subdomain under which Only Office will be served.
Type: string
Default:
"oo"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.previewgenerator
Preview Generator App. Nextcloud App Store
Enabling this app will create a cron job running every minute to generate thumbnails for new and updated files.
To generate thumbnails for already existing files, run:
nextcloud-occ -vvv preview:generate-all
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.previewgenerator.enable
Whether to enable Nextcloud Preview Generator App.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.previewgenerator.debug
Enable more verbose logging.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.previewgenerator.recommendedSettings
Better defaults than the defaults. Taken from this article.
Sets the following options:
nextcloud-occ config:app:set previewgenerator squareSizes --value="32 256"
nextcloud-occ config:app:set previewgenerator widthSizes --value="256 384"
nextcloud-occ config:app:set previewgenerator heightSizes --value="256"
nextcloud-occ config:system:set preview_max_x --value 2048
nextcloud-occ config:system:set preview_max_y --value 2048
nextcloud-occ config:system:set jpeg_quality --value 60
nextcloud-occ config:app:set preview jpeg_quality --value="60"
Type: boolean
Default:
true
Example:
false
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso
SSO Integration App. Manual
Enabling this app will create a new LDAP configuration or update one that exists with the given host.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.enable
Whether to enable SSO app…
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.authorization_policy
Require one factor (password) or two factor (device) authentication.
Type: one of “one_factor”, “two_factor”
Default:
"one_factor"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.clientID
Client ID for the OIDC endpoint.
Type: string
Default:
"nextcloud"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.endpoint
OIDC endpoint for SSO.
Type: string
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.fallbackDefaultAuth
Fallback to normal Nextcloud auth if something goes wrong with the SSO app. Usually, you want to enable this to transfer existing users to LDAP and then you can disabled it.
Type: boolean
Default:
false
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.port
If given, adds a port to the endpoint.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.provider
OIDC provider name, used for display.
Type: value “Authelia” (singular enum)
Default:
"Authelia"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.secretFile
File containing the secret for the OIDC endpoint.
Must be readable by the nextcloud system user.
Type: path
Default:
""
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.secretFileForAuthelia
File containing the secret for the OIDC endpoint, must be readable by the Authelia user.
Must be readable by the authelia system user.
Type: path
Default:
""
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.dataDir
Folder where Nextcloud will store all its data.
Type: string
Default:
"/var/lib/nextcloud"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.debug
Enable more verbose logging.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.defaultPhoneRegion
Two letters region defining default region.
Type: string
Example:
"US"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.domain
Domain under which Nextcloud is served.
<subdomain>.<domain>[:<port>]
Type: string
Example:
"domain.com"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.externalFqdn
External fqdn used to access Nextcloud. Defaults to <subdomain>.<domain>. This should only be set if you include the port when accessing Nextcloud.
Type: null or string
Default:
null
Example:
"nextcloud.domain.com:8080"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.extraApps
Extra apps to install. Should be a function returning an attrSet of appid to packages generated by fetchNextcloudApp. The appid must be identical to the “id” value in the apps appinfo/info.xml. You can still install apps through the appstore.
Type: raw value
Default:
null
Example:
apps: {
inherit (apps) mail calendar contact;
phonetrack = pkgs.fetchNextcloudApp {
name = "phonetrack";
sha256 = "0qf366vbahyl27p9mshfma1as4nvql6w75zy2zk5xwwbp343vsbc";
url = "https://gitlab.com/eneiluj/phonetrack-oc/-/wikis/uploads/931aaaf8dca24bf31a7e169a83c17235/phonetrack-0.6.9.tar.gz";
version = "0.6.9";
};
}
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.maxUploadSize
The upload limit for files. This changes the relevant options in php.ini and nginx if enabled.
Type: string
Default:
"4G"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.mountPointServices
If given, all the systemd services and timers will depend on the specified mount point systemd services.
Type: list of string
Default:
[ ]
Example:
["var.mount"]
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.phpFpmPoolSettings
Settings for PHPFPM.
Type: null or (attribute set of anything)
Default:
null
Example:
{
"pm" = "dynamic";
"pm.max_children" = 50;
"pm.start_servers" = 25;
"pm.min_spare_servers" = 10;
"pm.max_spare_servers" = 20;
"pm.max_spawn_rate" = 50;
"pm.max_requests" = 50;
"pm.process_idle_timeout" = "20s";
}
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.port
Port under which Nextcloud will be served. If null is given, then the port is omitted.
<subdomain>.<domain>[:<port>]
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.postgresSettings
Settings for the PostgreSQL database. Go to https://pgtune.leopard.in.ua/ and copy the generated configuration here.
Type: null or (attribute set of string)
Default:
null
Example:
{
# From https://pgtune.leopard.in.ua/ with:
# DB Version: 14
# OS Type: linux
# DB Type: dw
# Total Memory (RAM): 7 GB
# CPUs num: 4
# Connections num: 100
# Data Storage: ssd
max_connections = "100";
shared_buffers = "1792MB";
effective_cache_size = "5376MB";
maintenance_work_mem = "896MB";
checkpoint_completion_target = "0.9";
wal_buffers = "16MB";
default_statistics_target = "500";
random_page_cost = "1.1";
effective_io_concurrency = "200";
work_mem = "4587kB";
huge_pages = "off";
min_wal_size = "4GB";
max_wal_size = "16GB";
max_worker_processes = "4";
max_parallel_workers_per_gather = "2";
max_parallel_workers = "4";
max_parallel_maintenance_workers = "2";
}
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.subdomain
Subdomain under which Nextcloud will be served.
<subdomain>.<domain>[:<port>]
Type: string
Example:
"nextcloud"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.tracing
Enable xdebug tracing.
To trigger writing a trace to /var/log/xdebug, add a the following header:
XDEBUG_TRACE <shb.nextcloud.tracing value>
The response will contain the following header:
x-xdebug-profile-filename /var/log/xdebug/cachegrind.out.63484
Type: null or string
Default:
null
Example:
"debug_me"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.version
Nextcloud version to choose from.
Type: one of 27, 28
Default:
27
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nginx.accessLog
Log all requests
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.autheliaProtect
Endpoints to be protected by authelia.
Type: list of (submodule)
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.autheliaProtect.*.authEndpoint
Optional auth endpoint for SSO.
Type: null or string
Default:
null
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.autheliaProtect.*.autheliaRules
Authelia rule configuration
Type: list of attribute set of anything
Example:
[{
policy = "two_factor";
subject = ["group:service_user"];
}]
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.autheliaProtect.*.domain
Domain of the subdomain.
Type: string
Example:
"mydomain.com"
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.autheliaProtect.*.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.autheliaProtect.*.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.autheliaProtect.*.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.autheliaProtect.*.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.autheliaProtect.*.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.autheliaProtect.*.subdomain
Subdomain which must be protected.
Type: string
Example:
"subdomain"
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.autheliaProtect.*.upstream
Upstream url to be protected.
Type: string
Example:
"http://127.0.0.1:1234"
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.nginx.debugLog
Verbose debug of internal. This will print what servers were matched and why.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/nginx.nix>
|
shb.postgresql.enableTCPIP
Enable TCP/IP connection on given port.
Type: boolean
Default:
false
Declared by:
<selfhostblocks/modules/blocks/postgresql.nix>
|
shb.postgresql.debug
Enable debugging options.
Currently enables shared_preload_libraries = “auto_explain, pg_stat_statements”
See https://www.postgresql.org/docs/current/pgstatstatements.html
Type: boolean
Default:
false
Declared by:
<selfhostblocks/modules/blocks/postgresql.nix>
|
shb.postgresql.ensures
List of username, database and/or passwords that should be created.
Type: list of (submodule)
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/postgresql.nix>
|
shb.postgresql.ensures.*.database
Postgres database.
Type: string
Declared by:
<selfhostblocks/modules/blocks/postgresql.nix>
|
shb.postgresql.ensures.*.passwordFile
Optional password file for the postgres user. If not given, only peer auth is accepted for this user, otherwise password auth is allowed.
Type: null or string
Default:
null
Example:
"/run/secrets/postgresql/password"
Declared by:
<selfhostblocks/modules/blocks/postgresql.nix>
|
shb.postgresql.ensures.*.username
Postgres user name.
Type: string
Declared by:
<selfhostblocks/modules/blocks/postgresql.nix>
|
shb.tinyproxy
Tinyproxy instances.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<selfhostblocks/modules/blocks/tinyproxy.nix>
|
shb.tinyproxy.<name>.enable
Whether to enable Tinyproxy daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/tinyproxy.nix>
|
shb.tinyproxy.<name>.package
The tinyproxy package to use.
Type: package
Default:
pkgs.tinyproxy
Declared by:
<selfhostblocks/modules/blocks/tinyproxy.nix>
|
shb.tinyproxy.<name>.dynamicBindFile
File holding the IP to bind to.
Type: unspecified value
Default:
""
Declared by:
<selfhostblocks/modules/blocks/tinyproxy.nix>
|
shb.tinyproxy.<name>.settings
Configuration for tinyproxy.
Type: attribute set of (atom (null, bool, int, float or string) or a list of them for duplicate keys)
Default:
{ }
Example:
{
Port 8888;
Listen 127.0.0.1;
Timeout 600;
Allow 127.0.0.1;
Anonymous = ['"Host"' '"Authorization"'];
ReversePath = '"/example/" "http://www.example.com/"';
}
Declared by:
<selfhostblocks/modules/blocks/tinyproxy.nix>
|
shb.tinyproxy.<name>.settings.Anonymous
If an Anonymous keyword is present, then anonymous proxying is enabled. The
headers listed with Anonymous are allowed through, while all others are denied.
If no Anonymous keyword is present, then all headers are allowed through. You must
include quotes around the headers.
Type: list of string
Default:
[ ]
Declared by:
<selfhostblocks/modules/blocks/tinyproxy.nix>
|
shb.tinyproxy.<name>.settings.Filter
Tinyproxy supports filtering of web sites based on URLs or domains. This option specifies the location of the file containing the filter rules, one rule per line.
Type: null or path
Default:
null
Declared by:
<selfhostblocks/modules/blocks/tinyproxy.nix>
|
shb.tinyproxy.<name>.settings.Listen
Specify which address to listen to.
Type: string
Default:
"127.0.0.1"
Declared by:
<selfhostblocks/modules/blocks/tinyproxy.nix>
|
shb.tinyproxy.<name>.settings.Port
Specify which port to listen to.
Type: signed integer
Default:
8888
Declared by:
<selfhostblocks/modules/blocks/tinyproxy.nix>
|
shb.vaultwarden.enable
Whether to enable selfhostblocks.vaultwarden.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.authEndpoint
OIDC endpoint for SSO
Type: string
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.backupConfig
Backup configuration of Vaultwarden.
Type: null or anything
Default:
null
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.databasePasswordFile
File containing the password to connect to the postgresql database.
Type: string
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.debug
Set to true to enable debug logging.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.domain
domain under which Authelia will be served.
Type: string
Example:
"mydomain.com"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.ldapEndpoint
Endpoint for LDAP authentication backend.
Type: string
Example:
"ldap.example.com"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.port
Port on which vaultwarden service listens.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8222
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp
SMTP options.
Type: submodule
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.auth_mechanism
Auth mechanism.
Type: value “Login” (singular enum)
Default:
"Login"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.from_address
SMTP address from which the emails originate.
Type: string
Example:
"vaultwarden@mydomain.com"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.from_name
SMTP name from which the emails originate.
Type: string
Default:
"Vaultwarden"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.host
SMTP host to send the emails to.
Type: string
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.passwordFile
File containing the password to connect to the SMTP host.
Type: string
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.port
SMTP port to send the emails to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
25
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.security
Security expected by SMTP host.
Type: one of “starttls”, “force_tls”, “off”
Default:
"starttls"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.smtp.username
Username to connect to the SMTP host.
Type: string
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vaultwarden.subdomain
Subdomain under which Authelia will be served.
Type: string
Example:
"ha"
Declared by:
<selfhostblocks/modules/services/vaultwarden.nix>
|
shb.vpn
OpenVPN instances.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<selfhostblocks/modules/blocks/vpn.nix>
|
shb.vpn.<name>.enable
Whether to enable OpenVPN config.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/blocks/vpn.nix>
|
shb.vpn.<name>.package
The openvpn package to use.
Type: package
Default:
pkgs.openvpn
Declared by:
<selfhostblocks/modules/blocks/vpn.nix>
|
shb.vpn.<name>.authFile
Location of file holding authentication secrets for provider.
Type: anything
Declared by:
<selfhostblocks/modules/blocks/vpn.nix>
|
shb.vpn.<name>.dev
Name of the interface.
Type: string
Example:
"tun0"
Declared by:
<selfhostblocks/modules/blocks/vpn.nix>
|
shb.vpn.<name>.provider
VPN provider, if given uses ready-made configuration.
Type: null or value “nordvpn” (singular enum)
Default:
null
Declared by:
<selfhostblocks/modules/blocks/vpn.nix>
|
shb.vpn.<name>.proxyPort
If not null, sets up a proxy that listens on the given port and sends traffic to the VPN.
Type: null or signed integer
Default:
null
Declared by:
<selfhostblocks/modules/blocks/vpn.nix>
|
shb.vpn.<name>.remoteServerIP
IP of the VPN server to connect to.
Type: string
Declared by:
<selfhostblocks/modules/blocks/vpn.nix>
|
shb.vpn.<name>.routingNumber
Unique number used to route packets.
Type: signed integer
Example:
10
Declared by:
<selfhostblocks/modules/blocks/vpn.nix>
|