Canaille

Whether to enable Canaille.

File containing the JWT private key. Make sure it has appropriate permissions.

You can generate one using

openssl genrsa -out private.pem 4096
openssl rsa -in private.pem -pubout -outform PEM -out public.pem

File containing the LDAP bind password.

The canaille package to use.

File containing the Flask secret key. Its content is going to be provided to Canaille as SECRET_KEY. Make sure it has appropriate permissions. For example, copy the output of this to the specified file:

python3 -c 'import secrets; print(secrets.token_hex())'

Settings for Canaille. See the documentation for details.

Access Control Lists.

See also the documentation.

SMTP configuration. By default, sending emails is not enabled.

Set to an empty attrs to send emails from localhost without authentication.

See also the documentation.

SMTP Password. Can't be set and has to be provided using services.canaille.smtpPasswordFile.

Configuration for the LDAP backend. This storage backend is not yet supported by the module, so use at your own risk!

The LDAP bind password. Can't be set and has to be provided using services.canaille.ldapBindPasswordFile.

OpenID Connect settings. See the documentation.

JWT private key. Can't be set and has to be provided using services.canaille.jwtPrivateKeyFile.

The SQL server URI. Will configure a local PostgreSQL db if left to default. Please note that the NixOS module only really supports PostgreSQL for now. Change at your own risk!

The url scheme by which canaille will be served.

Flask Secret Key. Can't be set and must be provided through services.canaille.settings.secretKeyFile.

The domain name on which canaille will be served.

File containing the SMTP password. Make sure it has appropriate permissions.