Nix Podman Stacks

Collection of opinionated Podman stacks managed by Home Manager.

The goal is to easily deploy various self-hosted projects, including a reverse proxy, dashboard and monitoring setup. Under the hood rootless Podman (Quadlets) will be used to run the containers. It works on most Linux distros including Ubuntu, Arch, Mint, Fedora & more and is not limited to NixOS.

The projects also contains integrations with Traefik, Homepage, Grafana and more. Some examples include:

• Enabling a stack will add the respective containers to Traefik and Homepage
• Enabling CrowdSec or PocketID will automatically configure necessary Traefik plugins and middlewares
• When stacks support exporting metrics, scrape configs for Prometheus can be automatically set up
• Similariy, Grafana dashboards for Traefik, Blocky & others can be automatically added
• and more ...

Disabling any of those options will of course also remove all associated configurations and containers.

While most stacks can be activated by setting a single flag, some stacks require setting mandatory values, especially for secrets. For managing secrets, projects such as sops-nix or agenix can be used, which allow you to store your secrets along with the configuration inside a single Git repository.

📚 Option Documentation

Refer to the documentation for a full list of available options.

Most stacks will rely or use a few centrally defined variables. These include:

tarow.podman Option	Description
hostIP4Address	The IPv4 address of the host. Will be used for example in case of explicit port bindings.
hostUid	The UID of the host user running the podman stacks.
storageBaseDir	Base storage location used for bind mounts. Used as a base location for bind mounts.
externalStorageBaseDir	Base storage location used for media files, e.g. pictures used by Immich.

📦 Available Stacks

• Adguard

• AIOStreams

• Audiobookshelf

• Beszel

• Blocky

• Calibre-Web

  • Calibre-Web Automated
  • Calibre-Web Automated Book Downloader

• Changedetection

  • Changedetection
  • Sock Puppet Browser

• DockDNS

• Docker Socket Proxy

• Dozzle

• Filebrowser

• Forgejo

• FreshRSS

• Gatus

• Healthchecks

• Home Assistant

• Homepage

• Immich

• IT-Tools

• Karakeep

• Mealie

• MicroBin

• 🔍 Monitoring

  • Alloy
  • Grafana
  • Loki
  • Prometheus
  • Podman Metrics Exporter

• n8n

• ntfy

• OmniTools

• Paperless-ngx

  • Paperless-ngx
  • 📂 FTP Server

• Pocket ID

• Stirling-PDF

• 📺 Streaming

  • Bazarr
  • Flaresolverr
  • Gluetun
  • Jellyfin
  • Prowlarr
  • qBittorrent
  • Radarr
  • Sonarr

• Traefik

• Uptime-Kuma

• Vaultwarden

• wg-easy

• wg-portal

⚙️ Prerequisites

• Nix Installation
• net.ipv4.ip_unprivileged_port_start=0 or any other way of allowing non-root processes to bind to ports below 1024

🚀 Setup

If you already have an existing flake setup, add this projects flake as an input and include the flake output homeModules.all in your Home Manager modules.

---

If you don't use Nix yet, you can use the projects template to get started:

1. nix flake init --template github:Tarow/nix-podman-stacks
2. Modify the stacks.nix file to enable, disable and modify settings according to your preferences
3. Generate your age key and create the .sops.yaml based on the .sops.yaml.example
4. Create the secrets.yaml file containing all secrets used in the stack configurations
5. Make sure to declare the used secrets in the sops.nix file
6. Modify the flake.nix to reflect your system architecture, username and home directory
7. Apply your configuration: nix run home-manager -- switch --experimental-features "nix-command flakes pipe-operators" -b bak --flake .#myhost

This is just one example. Feel free to use a different tool for secret management or restructure files to your preference.

🔧 Customize Settings

The Podman stacks are mostly opinionated and configured to work out of the box. Refer to option documentation or the source code of each module to see which options are exposed on stack level and can be modified. An example would be Traefik, which requires a domain to be set. Also it ships with preconfigured static and dynamic configurations, but allows you to extend or customize those.

If the exposed options are not enough, you can always refer to the container definition directly by using the tarow.podman.stacks.<stackname>.containers.<containername> options.

Refer to the examples to see different use cases of setting and overriding options.

💡 Missing a Stack / Option / Integration ?

Is your favorite self-hosted app not included yet? Or would you like to see additional options or integrations? I'm always looking to expand the collection! Feel free to open an issue or contribute directly with a pull request.