Module options

Options provided by modules in github.com/pinpox/nixos

# options.pinpox.services.authelia.declarativeUsers.enable

boolean

Whether to enable declarative users.

Default: false

Example: true

# options.pinpox.services.authelia.declarativeUsers.users

attribute set of (attribute set)

Authelia users as JSON-compatible attribute sets. For any field, use a *File suffix (e.g. passwordFile) to read the value from a file at runtime, keeping secrets out of the Nix store.

Default: map[]

Example: map[_type:literalExpression text:{ pinpox = { displayname = "Pablo"; email = "mail@example.com"; groups = [ "admins" "users" ]; passwordFile = "/run/secrets/pinpox-hash"; }; } ]

# options.pinpox.services.authelia.enable

boolean

Whether to enable authelia authentication server.

Default: false

Example: true

# options.pinpox.services.authelia.host

string

Host serving authelia

Default: auth.pablo.tools

Example: login.pablo.tools

# options.pinpox.services.authelia.oidcAuthorizationPolicies

attribute set of (attribute set)

Custom authorization policies for OIDC clients. Each policy can define rules based on groups or networks.

Default: map[]

Example: map[_type:literalExpression text:{ miniflux-users = { default_policy = "deny"; rules = [ { policy = "one_factor"; subject = "group:miniflux-users"; } ]; }; } ]

# options.pinpox.services.authelia.oidcClients

list of (attribute set)

OIDC clients for Authelia. Each client needs at minimum: - client_id - client_secret (hashed) or client_secret_file (path to file with plaintext secret) - redirect_uris

Default: []

Example: map[_type:literalExpression text:[ { client_id = "miniflux"; client_secret_file = "/run/secrets/miniflux-oidc-secret"; redirect_uris = [ "https://news.example.com/oauth2/oidc/callback" ]; scopes = [ "openid" "profile" "email" ]; authorization_policy = "two_factor"; } ] ]

# options.pinpox.defaults.bluetooth.enable

boolean

Whether to enable default bluetooth configuration.

Default: false

Example: true

# options.pinpox.services.caddy-security.authURL

string

Authentication URL

Default: map[_type:literalExpression text:"https://${cfg.host}/oauth2/generic"]

Example: https://auth.mydomain.tld/oauth2/generic

# options.pinpox.services.caddy-security.domain

string

Domain protetected by this caddy instance

Default:

Example: 0cx.de

# options.pinpox.services.caddy-security.enable

boolean

Whether to enable Caddy security portal config.

Default: false

Example: true

# options.pinpox.services.caddy-security.host

string

Host serving caddy-security portal

Default: map[_type:literalExpression text:"auth.${cfg.domain}"]

Example: auth.0cx.de

# options.pinpox.services.caddy-security.openID.domain

string

Domain of the OpenID provider

Default: map[_type:literalExpression text:cfg.domain]

Example: mydomain.tld

# options.pinpox.services.caddy-security.openID.host

string

Host of the OpenID provider

Default: map[_type:literalExpression text:"login.${cfg.openID.domain}"]

Example: login.mydomain.tld

# options.pinpox.services.caddy-security.openID.metadataUrl

string

Metadata URL of the OpenID Host

Default: map[_type:literalExpression text:"https://${cfg.openID.host}/.well-known/openid-configuration"]

Example: https://myhost.tld/.well-known/openid-configuration

# options.pinpox.services.caddy-security.openID.name

string

Name of the OpenID provider, shown in the UI

Default: Dex

Example: GitHub

# options.pinpox.services.calibre-web.enable

boolean

Whether to enable calibre-web config.

Default: false

Example: true

# options.pinpox.services.calibre-web.host

string

Host serving calibre

Default: books.0cx.de

Example: books.0cx.de

# options.pinpox.defaults.CISkip

boolean

Wheter this host should be skipped by the CI pipeline

Default: false

Example: true

# options.pinpox.services.dex.enable

boolean

Whether to enable dex authorization provider.

Default: false

Example: true

# options.pinpox.services.dex.host

string

Host serving dex

Default: login.0cx.de

Example: login.0cx.de

# options.pinpox.defaults.environment.enable

boolean

Whether to enable Environment defaults.

Default: false

Example: true

# options.pinpox.defaults.fonts.enable

boolean

Whether to enable Fonts defaults.

Default: false

Example: true

# options.pinpox.services.gitea.enable

boolean

Whether to enable gitea config.

Default: false

Example: true

# options.pinpox.services.gitea.host

string

Host serving gitea

Default: git.0cx.de

Example: git.0cx.de

# options.pinpox.services.hedgedoc.enable

boolean

Whether to enable Hedgedoc server.

Default: false

Example: true

# options.pinpox.services.hello.enable

boolean

Whether to enable hello service.

Default: false

Example: true

# options.pinpox.services.hello.greeter

string

A very friendly service that greets you

Default: world

Example: universe

# options.pinpox.services.home-assistant.enable

boolean

Whether to enable Home-assitant server.

Default: false

Example: true

# options.pinpox.services.monitoring-server.http-irc.enable

boolean

Whether to enable http2irc webhook relay.

Default: false

Example: true

# options.pinpox.services.immich.enable

boolean

Whether to enable immich photo gallery.

Default: false

Example: true

# options.pinpox.services.immich.host

string

Host serving immich

Default: photos.0cx.de

Example: pics.0cx.de

# options.pinpox.services.jitsi-matrix-presence.enable

boolean

Whether to enable Jitsi presence notification service.

Default: false

Example: true

# options.pinpox.services.kanidm.enable

boolean

Whether to enable kanidm identity management server.

Default: false

Example: true

# options.pinpox.services.kanidm.host

string

Host serving kanidm

Default: auth.pablo.tools

Example: signin.pablo.tools

# options.pinpox.services.kf-homepage.enable

boolean

Whether to enable Krosse Flagge Homepage.

Default: false

Example: true

# options.pinpox.defaults.locale.enable

boolean

Whether to enable Locale defaults.

Default: false

Example: true

# options.pinpox.defaults.lvm-grub.enable

boolean

Whether to enable LVM/Grub defaults.

Default: false

Example: true

# options.pinpox.services.miniflux.enable

boolean

Whether to enable miniflux RSS reader.

Default: false

Example: true

# options.pinpox.services.minio.enable

boolean

Whether to enable minio s3 config.

Default: false

Example: true

# options.pinpox.services.navidrome.enable

boolean

Whether to enable navidrome music player.

Default: false

Example: true

# options.pinpox.services.navidrome.host

string

Host serving the navidrome

Default: music.0cx.de

Example: party.0cx.de

# options.pinpox.defaults.networking.enable

boolean

Whether to enable Network defaults.

Default: false

Example: true

# options.pinpox.services.nextcloud.enable

boolean

Whether to enable Nextcloud.

Default: false

Example: true

# options.pinpox.defaults.nix.enable

boolean

Whether to enable Nix defaults.

Default: false

Example: true

# options.pinpox.services.ntfy-sh.enable

boolean

Whether to enable ntfy-sh notification server.

Default: false

Example: true

# options.pinpox.services.openssh.enable

boolean

Whether to enable OpenSSH server.

Default: false

Example: true

# options.pinpox.services.owncast.enable

boolean

Whether to enable owncast server.

Default: false

Example: true

# options.pinpox.services.owncast.host

string

Host serving owncast

Default: stream.0cx.de

Example: stream.0cx.de

# options.pinpox.services.radio.enable

boolean

Whether to enable web radio streamer.

Default: false

Example: true

# options.pinpox.services.radio.host

string

Host serving the radio

Default: radio.0cx.de

Example: radio.0cx.de

# options.pinpox.services.restic-client.backup-paths-exclude

list of string

Paths to exclude from backup

Default: [*.pyc */.BurpSuite */.arduino15/packages */.cache */.cargo */.coc */.config/Nextcloud/logs */.config/Signal */.config/chromium */.config/discord */.config/retroarch */.container-diff */.go/pkg */.gvfs/ */.local/share/Steam */.local/share/Trash */.local/share/tor-browser */.local/share/typeracer */.local/share/virtualenv */.local/state/NvChad/ */.mozilla/firefox */.nextcloud */.npm */.npm/_cacache */.platformio */.rustup */.thumbnails */.ts3client */.vagrant.d */.vim */.vimtemp */Cache */Downloads */Seafile */VirtualBox VMs */cache2 */code /var/lib/docker discord/Cache tags]

Example: [/home/pinpox/cache]

# options.pinpox.services.restic-client.backup-paths-offsite

list of string

Paths to backup to offsite storage

Default: []

Example: [/home/pinpox/Notes]

# options.pinpox.services.restic-client.backup-paths-onsite

list of string

Paths to backup to onsite storage

Default: []

Example: [/home/pinpox/Notes]

# options.pinpox.services.restic-client.enable

boolean

Whether to enable restic backups.

Default: false

Example: true

# options.pinpox.services.screego.domain

string

Domain to create the sudomains unders

Default: 0cx.de

Example:

# options.pinpox.services.screego.enable

boolean

Whether to enable screego server.

Default: false

Example: true

# options.pinpox.defaults.sound.enable

boolean

Whether to enable sound defaults.

Default: false

Example: true

# options.pinpox.defaults.storagebox.enable

boolean

Whether to enable storagebox access.

Default: false

Example: true

# options.pinpox.defaults.storagebox.mountOnAccess

boolean

Whether to mount on access, instead of permanently

Default: false

Example: true

# options.pinpox.defaults.storagebox.mountPoint

string

Where to mount the storage

Default: /mnt/storagebox

Example: /mnt/music

# options.pinpox.services.thelounge.enable

boolean

Whether to enable The Lounge IRC client and bouncer.

Default: false

Example: true

# options.pinpox.services.unbound-desktop.enable

boolean

Whether to enable local unbound for desktops.

Default: false

Example: true

# options.pinpox.services.unifi-controller.enable

boolean

Whether to enable unifi controller (docker).

Default: false

Example: true

# options.pinpox.services.vaultwarden.enable

boolean

Whether to enable vaultwarden password manager.

Default: false

Example: true

# options.pinpox.services.vaultwarden.host

string

Host serving vaultwarden

Default: pass.pablo.tools

Example: pass.pablo.tools

# options.pinpox.services.vikunja.enable

boolean

Whether to enable vikunja config.

Default: false

Example: true

# options.pinpox.services.vikunja.host

string

Host serving vikunja

Default: todo.0cx.de

Example: tasks.0cx.de

# options.pinpox.virtualisation.docker.enable

boolean

Whether to enable Docker virtualisation.

Default: false

Example: true

# options.pinpox.virtualisation.virt-manager.enable

boolean

Whether to enable Virt-Manager virtualisation.

Default: false

Example: true

# options.pinpox.virtualisation.virtualbox.enable

boolean

Whether to enable VirtualBox virtualisation.

Default: false

Example: true

# options.pinpox.services.wastebin.enable

boolean

Whether to enable wastebin server.

Default: false

Example: true

# options.pinpox.services.wayland.enable

boolean

Whether to enable wayland configuration.

Default: false

Example: true

# options.pinpox.services.web-vm.enable

boolean

Whether to enable Web VM.

Default: false

Example: true

# options.pinpox.defaults.yubikey.enable

boolean

Whether to enable yubikey defaults.

Default: false

Example: true

# options.pinpox.defaults.zsh.enable

boolean

Whether to enable ZSH defaults.

Default: false

Example: true