Collection of opinionated Podman stacks managed by Home Manager.
The goal is to easily deploy various self-hosted projects, including reverse proxy and monitoring. This is an opinionated setup that is primarily build with my personal preferences in mind. Nevertheless, all configurations and settings can be overwritten if it doesn't fit your use-case.
While most stacks can be activated by setting a single flag, some stacks require setting mandatory values, especially for secrets.
For managing secrets, projects such as sops-nix or agenix can be used, which allow you to store your secrets along with the configuration inside a single Git repository.
Most stacks will rely or use some centrally defined variables. These include:
tarow.podman Option |
Description |
|---|---|
hostIP4Address |
The IPv4 address of the host. Will be used for example in case of explicit port bindings. |
hostUid |
The UID of the host user running the podman stacks. |
storageBaseDir |
Base storage location used for bind mounts. Used as a base location for bind mounts. |
externalStorageBaseDir |
Base storage location used for media files, e.g. pictures used by Immich. |
- Adguard
- AIOStreams
- Audiobookshelf
- Beszel
- Blocky
- Calibre-Web
- Calibre-Web Automated
- Calibre-Web Automated Book Downloader
- Changedetection
- Changedetection
- Sock Puppet Browser
- DockDNS
- Dozzle
- Filebrowser
- Forgejo
- FreshRSS
- Healthchecks
- Home Assistant
- Homepage
- Immich
- IT-Tools
- Karakeep
- Mealie
- Monitoring
- Alloy
- Grafana
- Loki
- Prometheus
- Podman Metrics Exporter
- n8n
- ntfy
- Paperless-ngx
- Paperless-ngx
- FTP Server
- Pocket ID
- Stirling-PDF
- Streaming
- Bazarr
- Flaresolverr
- Gluetun
- Jellyfin
- Prowlarr
- qBittorrent
- Radarr
- Sonarr
- Traefik
- Uptime-Kuma
- Vaultwarden
- wg-easy
- Nix Installation
net.ipv4.ip_unprivileged_port_start=0or any other way of allowing non-root processes to bind to ports below 1024
If you already have an existing flake setup, add this projects flake as an input and include the flake output homeModules.all in your Home Manager modules.
If you don't use Nix yet, you can use the projects template to get started:
nix flake init --template github:Tarow/nix-podman-stacks- Modify the
stacks.nixfile to enable, disable and modify settings to your preferences - Generate your age key and create the
.sops.yamlbased on the.sops.yaml.example - Create the
secrets.yamlfile containing all secrets used in the stack configurations - Make sure to declare the used secrets in the
stacks.nixfile - Modify the
flake.nixto reflect your system architecture, username and home directory - Apply your configuration:
nix run home-manager -- switch --experimental-features "nix-command flakes pipe-operators" -b bak --flake .#myhost
This is just one example. Feel free to use a different tool for secret management or restructure files to your preference.
The Podman stacks are mostly opinionated and configured to work out of the box. Refer to each module to see which options are exposed on stack level and can be modified. An example would be Traefik, which requires a domain to be set. Also it ships with preconfigured static and dynamic configurations, but allows you to extend or customize those.
If the exposed options are not enough for you, you can always refer to the container definition directly, by using the tarow.podman.stacks.<stackname>.containers.<containername> options.
Refer to the examples to see various use cases of setting and overriding options.