From 3cbc4890fa2f958078e9ce55dbac95c9063c01a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 15 Oct 2025 15:50:55 -0700 Subject: [PATCH 01/50] Init filebrowser-quantum from filebrowser def From: https://github.com/NixOS/nixpkgs/blob/7fd23d75942dc3944767bd90f2289c6fde5edbc2/pkgs/by-name/fi/filebrowser/package.nix --- overlays/custom-packages.nix | 3 + packages/filebrowser-quantum/package.nix | 85 ++++++++++++++++++++++++ 2 files changed, 88 insertions(+) create mode 100644 packages/filebrowser-quantum/package.nix diff --git a/overlays/custom-packages.nix b/overlays/custom-packages.nix index a09aed7c..c8694841 100644 --- a/overlays/custom-packages.nix +++ b/overlays/custom-packages.nix @@ -10,6 +10,9 @@ self: super: { # FastScripts automation tool for macOS fastscripts = super.callPackage ./../packages/fastscripts/package.nix {}; + # FileBrowser quantum fork + filebrowser-quantum = super.callPackage ./../packages/filebrowser-quantum/package.nix {}; + # Mochi spaced repetition software mochi = super.callPackage ./../packages/mochi/package.nix {}; diff --git a/packages/filebrowser-quantum/package.nix b/packages/filebrowser-quantum/package.nix new file mode 100644 index 00000000..6322707f --- /dev/null +++ b/packages/filebrowser-quantum/package.nix @@ -0,0 +1,85 @@ +{ + lib, + fetchFromGitHub, + buildGoModule, + buildNpmPackage, + pnpm_9, + nix-update-script, + nixosTests, +}: + +let + version = "2.42.5"; + + pnpm = pnpm_9; + + src = fetchFromGitHub { + owner = "filebrowser"; + repo = "filebrowser"; + rev = "v${version}"; + hash = "sha256-6AZwWdYQlaQ30Q5ohi9ovlUJZZ+u7Wqc5mfRW/3t7Zs="; + }; + + frontend = buildNpmPackage rec { + pname = "filebrowser-frontend"; + inherit version src; + + sourceRoot = "${src.name}/frontend"; + + npmConfigHook = pnpm.configHook; + npmDeps = pnpmDeps; + + pnpmDeps = pnpm.fetchDeps { + inherit + pname + version + src + sourceRoot + ; + fetcherVersion = 2; + hash = "sha256-uGEw6Wt6hXEcYQzXYzfgo3fcCX7Hj39bLHsT1rsGy74="; + }; + + installPhase = '' + runHook preInstall + + mkdir $out + mv dist $out + + runHook postInstall + ''; + }; + +in +buildGoModule { + pname = "filebrowser"; + inherit version src; + + vendorHash = "sha256-aVtL64Cm+nqum/qHFvplpEawgMXM2S6l8QFrJBzLVtU="; + + excludedPackages = [ "tools" ]; + + preBuild = '' + cp -r ${frontend}/dist frontend/ + ''; + + ldflags = [ + "-X github.com/filebrowser/filebrowser/v2/version.Version=v${version}" + ]; + + passthru = { + updateScript = nix-update-script { }; + inherit frontend; + tests = { + inherit (nixosTests) filebrowser; + }; + }; + + meta = with lib; { + description = "Web application for managing files and directories"; + homepage = "https://filebrowser.org"; + license = licenses.asl20; + maintainers = with maintainers; [ oakenshield ]; + mainProgram = "filebrowser"; + }; +} From a4a8d3c1227af5799777e9905c04b567fe96b21e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 15 Oct 2025 15:51:06 -0700 Subject: [PATCH 02/50] Formatting --- packages/filebrowser-quantum/package.nix | 55 +++++++++++------------- 1 file changed, 26 insertions(+), 29 deletions(-) diff --git a/packages/filebrowser-quantum/package.nix b/packages/filebrowser-quantum/package.nix index 6322707f..ac4c6968 100644 --- a/packages/filebrowser-quantum/package.nix +++ b/packages/filebrowser-quantum/package.nix @@ -6,9 +6,7 @@ pnpm_9, nix-update-script, nixosTests, -}: - -let +}: let version = "2.42.5"; pnpm = pnpm_9; @@ -49,37 +47,36 @@ let runHook postInstall ''; }; - in -buildGoModule { - pname = "filebrowser"; - inherit version src; + buildGoModule { + pname = "filebrowser"; + inherit version src; - vendorHash = "sha256-aVtL64Cm+nqum/qHFvplpEawgMXM2S6l8QFrJBzLVtU="; + vendorHash = "sha256-aVtL64Cm+nqum/qHFvplpEawgMXM2S6l8QFrJBzLVtU="; - excludedPackages = [ "tools" ]; + excludedPackages = ["tools"]; - preBuild = '' - cp -r ${frontend}/dist frontend/ - ''; + preBuild = '' + cp -r ${frontend}/dist frontend/ + ''; - ldflags = [ - "-X github.com/filebrowser/filebrowser/v2/version.Version=v${version}" - ]; + ldflags = [ + "-X github.com/filebrowser/filebrowser/v2/version.Version=v${version}" + ]; - passthru = { - updateScript = nix-update-script { }; - inherit frontend; - tests = { - inherit (nixosTests) filebrowser; + passthru = { + updateScript = nix-update-script {}; + inherit frontend; + tests = { + inherit (nixosTests) filebrowser; + }; }; - }; - meta = with lib; { - description = "Web application for managing files and directories"; - homepage = "https://filebrowser.org"; - license = licenses.asl20; - maintainers = with maintainers; [ oakenshield ]; - mainProgram = "filebrowser"; - }; -} + meta = with lib; { + description = "Web application for managing files and directories"; + homepage = "https://filebrowser.org"; + license = licenses.asl20; + maintainers = with maintainers; [oakenshield]; + mainProgram = "filebrowser"; + }; + } From 4b87968810019d8e361e492b044813e77925a5e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 15 Oct 2025 15:51:56 -0700 Subject: [PATCH 03/50] Update meta --- packages/filebrowser-quantum/package.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/packages/filebrowser-quantum/package.nix b/packages/filebrowser-quantum/package.nix index ac4c6968..82296713 100644 --- a/packages/filebrowser-quantum/package.nix +++ b/packages/filebrowser-quantum/package.nix @@ -73,10 +73,9 @@ in }; meta = with lib; { - description = "Web application for managing files and directories"; - homepage = "https://filebrowser.org"; + description = "Fork of filebrowser project"; + homepage = "https://github.com/gtsteffaniak/filebrowser"; license = licenses.asl20; - maintainers = with maintainers; [oakenshield]; mainProgram = "filebrowser"; }; } From f22b1fb09f6189b00423eb6792ed971f4688d522 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 15 Oct 2025 15:53:39 -0700 Subject: [PATCH 04/50] filebrowser -> filebrowser-quantum --- packages/filebrowser-quantum/package.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/filebrowser-quantum/package.nix b/packages/filebrowser-quantum/package.nix index 82296713..b9295471 100644 --- a/packages/filebrowser-quantum/package.nix +++ b/packages/filebrowser-quantum/package.nix @@ -7,19 +7,19 @@ nix-update-script, nixosTests, }: let - version = "2.42.5"; + version = "0.8.8-beta"; pnpm = pnpm_9; src = fetchFromGitHub { - owner = "filebrowser"; + owner = "gtsteffaniak"; repo = "filebrowser"; rev = "v${version}"; hash = "sha256-6AZwWdYQlaQ30Q5ohi9ovlUJZZ+u7Wqc5mfRW/3t7Zs="; }; frontend = buildNpmPackage rec { - pname = "filebrowser-frontend"; + pname = "filebrowser-quantum-frontend"; inherit version src; sourceRoot = "${src.name}/frontend"; @@ -49,7 +49,7 @@ }; in buildGoModule { - pname = "filebrowser"; + pname = "filebrowser-quantum"; inherit version src; vendorHash = "sha256-aVtL64Cm+nqum/qHFvplpEawgMXM2S6l8QFrJBzLVtU="; From 2c51af1be59f83204723c68087a1ab2e4981f981 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 15 Oct 2025 15:53:43 -0700 Subject: [PATCH 05/50] Clear hashes --- packages/filebrowser-quantum/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/filebrowser-quantum/package.nix b/packages/filebrowser-quantum/package.nix index b9295471..0017d123 100644 --- a/packages/filebrowser-quantum/package.nix +++ b/packages/filebrowser-quantum/package.nix @@ -15,7 +15,7 @@ owner = "gtsteffaniak"; repo = "filebrowser"; rev = "v${version}"; - hash = "sha256-6AZwWdYQlaQ30Q5ohi9ovlUJZZ+u7Wqc5mfRW/3t7Zs="; + hash = ""; }; frontend = buildNpmPackage rec { @@ -35,7 +35,7 @@ sourceRoot ; fetcherVersion = 2; - hash = "sha256-uGEw6Wt6hXEcYQzXYzfgo3fcCX7Hj39bLHsT1rsGy74="; + hash = ""; }; installPhase = '' @@ -52,7 +52,7 @@ in pname = "filebrowser-quantum"; inherit version src; - vendorHash = "sha256-aVtL64Cm+nqum/qHFvplpEawgMXM2S6l8QFrJBzLVtU="; + vendorHash = ""; excludedPackages = ["tools"]; From 1bccb55c10502bac94c0fb56e8bdd13d46996b26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 15 Oct 2025 15:54:11 -0700 Subject: [PATCH 06/50] Remove nixosTests --- packages/filebrowser-quantum/package.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/packages/filebrowser-quantum/package.nix b/packages/filebrowser-quantum/package.nix index 0017d123..4d090cfd 100644 --- a/packages/filebrowser-quantum/package.nix +++ b/packages/filebrowser-quantum/package.nix @@ -5,7 +5,6 @@ buildNpmPackage, pnpm_9, nix-update-script, - nixosTests, }: let version = "0.8.8-beta"; @@ -67,9 +66,6 @@ in passthru = { updateScript = nix-update-script {}; inherit frontend; - tests = { - inherit (nixosTests) filebrowser; - }; }; meta = with lib; { From 4e2cb5fce13edf3577c4409f4eb4b5bdafd9ac8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 15 Oct 2025 15:55:15 -0700 Subject: [PATCH 07/50] Replace pnpm with npm --- packages/filebrowser-quantum/package.nix | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/packages/filebrowser-quantum/package.nix b/packages/filebrowser-quantum/package.nix index 4d090cfd..0755b9c5 100644 --- a/packages/filebrowser-quantum/package.nix +++ b/packages/filebrowser-quantum/package.nix @@ -3,13 +3,10 @@ fetchFromGitHub, buildGoModule, buildNpmPackage, - pnpm_9, nix-update-script, }: let version = "0.8.8-beta"; - pnpm = pnpm_9; - src = fetchFromGitHub { owner = "gtsteffaniak"; repo = "filebrowser"; @@ -23,19 +20,9 @@ sourceRoot = "${src.name}/frontend"; - npmConfigHook = pnpm.configHook; - npmDeps = pnpmDeps; + npmDepsHash = ""; - pnpmDeps = pnpm.fetchDeps { - inherit - pname - version - src - sourceRoot - ; - fetcherVersion = 2; - hash = ""; - }; + npmBuildScript = "build"; installPhase = '' runHook preInstall From f7190f9a4d0c9a75505f0af0474eb5e5e5f537eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 15 Oct 2025 15:55:53 -0700 Subject: [PATCH 08/50] Replace `ldflags` from upstream make target --- packages/filebrowser-quantum/package.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/packages/filebrowser-quantum/package.nix b/packages/filebrowser-quantum/package.nix index 0755b9c5..ae926ece 100644 --- a/packages/filebrowser-quantum/package.nix +++ b/packages/filebrowser-quantum/package.nix @@ -47,7 +47,10 @@ in ''; ldflags = [ - "-X github.com/filebrowser/filebrowser/v2/version.Version=v${version}" + "-w" + "-s" + "-X 'github.com/gtsteffaniak/filebrowser/backend/version.CommitSHA=testingCommit'" + "-X 'github.com/gtsteffaniak/filebrowser/backend/version.Version=testing'" ]; passthru = { From c4647f17f4e3d7d49d28d171867eddb6020eb43d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 15 Oct 2025 15:55:58 -0700 Subject: [PATCH 09/50] Add TODO --- packages/filebrowser-quantum/package.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/filebrowser-quantum/package.nix b/packages/filebrowser-quantum/package.nix index ae926ece..6bdc136d 100644 --- a/packages/filebrowser-quantum/package.nix +++ b/packages/filebrowser-quantum/package.nix @@ -1,3 +1,4 @@ +# TODO: Upstream to NixOS/nixpkgs { lib, fetchFromGitHub, From d3c2013ea7ab37eb5a21d1e7aa551339299e3a08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 14:22:47 -0800 Subject: [PATCH 10/50] Add package output to flake for testing --- flake.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/flake.nix b/flake.nix index ddc58ce1..65939ad8 100644 --- a/flake.nix +++ b/flake.nix @@ -119,6 +119,8 @@ config, ... }: { + # TODO: Expose each ./packages/${name}/package.nix as packages.${name} + packages.filebrowser-quantum = pkgs.callPackage ./packages/filebrowser-quantum/package.nix {}; devShells = { default = pkgs.mkShell { packages = From 14d31079d696f704a1203343155e8d7aee792e51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 14:23:01 -0800 Subject: [PATCH 11/50] Use forked filebrowser repo --- packages/filebrowser-quantum/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/filebrowser-quantum/package.nix b/packages/filebrowser-quantum/package.nix index 6bdc136d..93b207f9 100644 --- a/packages/filebrowser-quantum/package.nix +++ b/packages/filebrowser-quantum/package.nix @@ -6,13 +6,13 @@ buildNpmPackage, nix-update-script, }: let - version = "0.8.8-beta"; + version = "1.0.1-dev"; src = fetchFromGitHub { - owner = "gtsteffaniak"; + owner = "stackptr"; repo = "filebrowser"; rev = "v${version}"; - hash = ""; + hash = "sha256-BE+WQwRFHvGakGNPl84eVkkQMqKqF31CG0Y3E1nJkNk="; }; frontend = buildNpmPackage rec { From f8d7f36c4d0b4b1d7c061ad04f070ba35b586ea8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 14:23:17 -0800 Subject: [PATCH 12/50] Set npm dependencies hash --- packages/filebrowser-quantum/package.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/filebrowser-quantum/package.nix b/packages/filebrowser-quantum/package.nix index 93b207f9..f0ef7063 100644 --- a/packages/filebrowser-quantum/package.nix +++ b/packages/filebrowser-quantum/package.nix @@ -21,7 +21,7 @@ sourceRoot = "${src.name}/frontend"; - npmDepsHash = ""; + npmDepsHash = "sha256-Ro58WpzrreDb23sHiI9/ZekQBDl+VO271SImtEFgvYg="; npmBuildScript = "build"; From 0cbc50e0a9616bd517556d14248a6a7b5625654d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 14:24:32 -0800 Subject: [PATCH 13/50] Use different build target --- packages/filebrowser-quantum/package.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/filebrowser-quantum/package.nix b/packages/filebrowser-quantum/package.nix index f0ef7063..e237888a 100644 --- a/packages/filebrowser-quantum/package.nix +++ b/packages/filebrowser-quantum/package.nix @@ -23,7 +23,7 @@ npmDepsHash = "sha256-Ro58WpzrreDb23sHiI9/ZekQBDl+VO271SImtEFgvYg="; - npmBuildScript = "build"; + npmBuildScript = "build:docker"; # Default build target requires writing outside frontend dir installPhase = '' runHook preInstall From a95eb28824a1f27ec56483f61ca7f09aab693492 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 14:24:46 -0800 Subject: [PATCH 14/50] Update go module inputs --- packages/filebrowser-quantum/package.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/filebrowser-quantum/package.nix b/packages/filebrowser-quantum/package.nix index e237888a..776d7980 100644 --- a/packages/filebrowser-quantum/package.nix +++ b/packages/filebrowser-quantum/package.nix @@ -39,7 +39,9 @@ in pname = "filebrowser-quantum"; inherit version src; - vendorHash = ""; + modRoot = "./backend"; + + vendorHash = "sha256-urJZMOkZzoN//kecpJ47ldZk+H2qvMGTr/Pw90bMpDc="; excludedPackages = ["tools"]; From 1c871cdaa04966aab519f35278cb91fc078cd41f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 14:32:02 -0800 Subject: [PATCH 15/50] Fix copying frontend into backend http paths --- packages/filebrowser-quantum/package.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/packages/filebrowser-quantum/package.nix b/packages/filebrowser-quantum/package.nix index 776d7980..92e25fe9 100644 --- a/packages/filebrowser-quantum/package.nix +++ b/packages/filebrowser-quantum/package.nix @@ -46,7 +46,10 @@ in excludedPackages = ["tools"]; preBuild = '' - cp -r ${frontend}/dist frontend/ + rm -rf http/dist/* + rm -rf http/embed/* + cp -r ${frontend}/dist http/dist/ + cp -r ${frontend}/dist http/embed/ ''; ldflags = [ From 4078b587a0541ba8ad77637acbca154ceda76add Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 15:16:03 -0800 Subject: [PATCH 16/50] Fix cp frontend This should ensure both `http/dist` and http/embed` have the expected frontend bundle. --- packages/filebrowser-quantum/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/filebrowser-quantum/package.nix b/packages/filebrowser-quantum/package.nix index 92e25fe9..3fcb830a 100644 --- a/packages/filebrowser-quantum/package.nix +++ b/packages/filebrowser-quantum/package.nix @@ -48,8 +48,8 @@ in preBuild = '' rm -rf http/dist/* rm -rf http/embed/* - cp -r ${frontend}/dist http/dist/ - cp -r ${frontend}/dist http/embed/ + cp -r ${frontend}/dist http/ + cp -r ${frontend}/dist/* http/embed ''; ldflags = [ From 2e961cc4d73f197e749a329a88c7f0843433aaf8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 15:16:10 -0800 Subject: [PATCH 17/50] Remove excludedPackages input --- packages/filebrowser-quantum/package.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/packages/filebrowser-quantum/package.nix b/packages/filebrowser-quantum/package.nix index 3fcb830a..7d185055 100644 --- a/packages/filebrowser-quantum/package.nix +++ b/packages/filebrowser-quantum/package.nix @@ -43,8 +43,6 @@ in vendorHash = "sha256-urJZMOkZzoN//kecpJ47ldZk+H2qvMGTr/Pw90bMpDc="; - excludedPackages = ["tools"]; - preBuild = '' rm -rf http/dist/* rm -rf http/embed/* From d4e738acf68948ea33898342bbadbacbcf338b58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 15:40:13 -0800 Subject: [PATCH 18/50] Init module using nixos-unstable as template --- modules/nixos/filebrowser-quantum.nix | 164 ++++++++++++++++++++++++++ 1 file changed, 164 insertions(+) create mode 100644 modules/nixos/filebrowser-quantum.nix diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix new file mode 100644 index 00000000..3f26cf6c --- /dev/null +++ b/modules/nixos/filebrowser-quantum.nix @@ -0,0 +1,164 @@ +{ + config, + pkgs, + lib, + utils, + ... +}: let + cfg = config.services.filebrowser; + format = pkgs.formats.json {}; + inherit (lib) types; +in { + options = { + services.filebrowser = { + enable = lib.mkEnableOption "FileBrowser"; + + package = lib.mkPackageOption pkgs "filebrowser" {}; + + user = lib.mkOption { + type = types.str; + default = "filebrowser"; + description = "User account under which FileBrowser runs."; + }; + + group = lib.mkOption { + type = types.str; + default = "filebrowser"; + description = "Group under which FileBrowser runs."; + }; + + openFirewall = lib.mkEnableOption "opening firewall ports for FileBrowser"; + + settings = lib.mkOption { + default = {}; + description = '' + Settings for FileBrowser. + Refer to for all supported values. + ''; + type = types.submodule { + freeformType = format.type; + + options = { + address = lib.mkOption { + default = "localhost"; + description = '' + The address to listen on. + ''; + type = types.str; + }; + + port = lib.mkOption { + default = 8080; + description = '' + The port to listen on. + ''; + type = types.port; + }; + + root = lib.mkOption { + default = "/var/lib/filebrowser/data"; + description = '' + The directory where FileBrowser stores files. + ''; + type = types.path; + }; + + database = lib.mkOption { + default = "/var/lib/filebrowser/database.db"; + description = '' + The path to FileBrowser's Bolt database. + ''; + type = types.path; + }; + + cache-dir = lib.mkOption { + default = "/var/cache/filebrowser"; + description = '' + The directory where FileBrowser stores its cache. + ''; + type = types.path; + readOnly = true; + }; + }; + }; + }; + }; + }; + + config = lib.mkIf cfg.enable { + systemd = { + services.filebrowser = { + after = ["network.target"]; + description = "FileBrowser"; + wantedBy = ["multi-user.target"]; + serviceConfig = { + ExecStart = let + args = [ + (lib.getExe cfg.package) + "--config" + (format.generate "config.json" cfg.settings) + ]; + in + utils.escapeSystemdExecArgs args; + + StateDirectory = "filebrowser"; + CacheDirectory = "filebrowser"; + WorkingDirectory = cfg.settings.root; + + User = cfg.user; + Group = cfg.group; + UMask = "0077"; + + NoNewPrivileges = true; + PrivateDevices = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + MemoryDenyWriteExecute = true; + LockPersonality = true; + RestrictAddressFamilies = [ + "AF_UNIX" + "AF_INET" + "AF_INET6" + ]; + DevicePolicy = "closed"; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + }; + }; + + tmpfiles.settings.filebrowser = { + "${cfg.settings.root}".d = { + inherit (cfg) user group; + mode = "0700"; + }; + "${cfg.settings.cache-dir}".d = { + inherit (cfg) user group; + mode = "0700"; + }; + "${builtins.dirOf cfg.settings.database}".d = { + inherit (cfg) user group; + mode = "0700"; + }; + }; + }; + + users.users = lib.mkIf (cfg.user == "filebrowser") { + filebrowser = { + inherit (cfg) group; + isSystemUser = true; + }; + }; + + users.groups = lib.mkIf (cfg.group == "filebrowser") { + filebrowser = {}; + }; + + networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [cfg.settings.port]; + }; + + meta.maintainers = [ + lib.maintainers.lukaswrz + ]; +} From c0d075d8115562b362b211d857f2bd429edd898d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 15:40:55 -0800 Subject: [PATCH 19/50] Rename service --- modules/nixos/filebrowser-quantum.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index 3f26cf6c..b156d47a 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -5,12 +5,12 @@ utils, ... }: let - cfg = config.services.filebrowser; + cfg = config.services.filebrowser-quantum; format = pkgs.formats.json {}; inherit (lib) types; in { options = { - services.filebrowser = { + services.filebrowser-quantum = { enable = lib.mkEnableOption "FileBrowser"; package = lib.mkPackageOption pkgs "filebrowser" {}; @@ -87,7 +87,7 @@ in { config = lib.mkIf cfg.enable { systemd = { - services.filebrowser = { + services.filebrowser-quantum = { after = ["network.target"]; description = "FileBrowser"; wantedBy = ["multi-user.target"]; From a53175f4ef27731145414e43f05da746d6548d50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 15:42:00 -0800 Subject: [PATCH 20/50] Update `meta.maintainers` --- modules/nixos/filebrowser-quantum.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index b156d47a..f5246082 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -159,6 +159,6 @@ in { }; meta.maintainers = [ - lib.maintainers.lukaswrz + lib.maintainers.stackptr ]; } From e511832e5972613fdf5509e64fff3eaa3eac74a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 15:42:09 -0800 Subject: [PATCH 21/50] Use filebrowser-quantum package --- modules/nixos/filebrowser-quantum.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index f5246082..99a46122 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -13,7 +13,7 @@ in { services.filebrowser-quantum = { enable = lib.mkEnableOption "FileBrowser"; - package = lib.mkPackageOption pkgs "filebrowser" {}; + package = lib.mkPackageOption pkgs "filebrowser-quantum" {}; user = lib.mkOption { type = types.str; From 10a54915175d1cc2616edb22cede79c55e582e50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 15:44:53 -0800 Subject: [PATCH 22/50] Update module option descriptions --- modules/nixos/filebrowser-quantum.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index 99a46122..c2fdb06e 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -11,29 +11,29 @@ in { options = { services.filebrowser-quantum = { - enable = lib.mkEnableOption "FileBrowser"; + enable = lib.mkEnableOption "FileBrowser Quantum"; package = lib.mkPackageOption pkgs "filebrowser-quantum" {}; user = lib.mkOption { type = types.str; default = "filebrowser"; - description = "User account under which FileBrowser runs."; + description = "User account under which FileBrowser Quantum runs."; }; group = lib.mkOption { type = types.str; default = "filebrowser"; - description = "Group under which FileBrowser runs."; + description = "Group under which FileBrowser Quantum runs."; }; - openFirewall = lib.mkEnableOption "opening firewall ports for FileBrowser"; + openFirewall = lib.mkEnableOption "opening firewall ports for FileBrowser Quantum"; settings = lib.mkOption { default = {}; description = '' - Settings for FileBrowser. - Refer to for all supported values. + Settings for FileBrowser Quantum. + Refer to for all supported values. ''; type = types.submodule { freeformType = format.type; From 16ed40a221fd755b61e79c867225d560a9d6baf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 15:47:33 -0800 Subject: [PATCH 23/50] Update systemd service --- modules/nixos/filebrowser-quantum.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index c2fdb06e..435fbfcf 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -89,20 +89,20 @@ in { systemd = { services.filebrowser-quantum = { after = ["network.target"]; - description = "FileBrowser"; + description = "FileBrowser Quantum"; wantedBy = ["multi-user.target"]; serviceConfig = { ExecStart = let args = [ (lib.getExe cfg.package) - "--config" - (format.generate "config.json" cfg.settings) + "-c" + (format.generate "config.yaml" cfg.settings) ]; in utils.escapeSystemdExecArgs args; - StateDirectory = "filebrowser"; - CacheDirectory = "filebrowser"; + StateDirectory = "filebrowser-quantum"; + CacheDirectory = "filebrowser-quantum"; WorkingDirectory = cfg.settings.root; User = cfg.user; From e07dce2986c91439830247e7929bae13b2f7f9a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 15:48:35 -0800 Subject: [PATCH 24/50] Use distinct user and group names --- modules/nixos/filebrowser-quantum.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index 435fbfcf..c043e224 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -17,13 +17,13 @@ in { user = lib.mkOption { type = types.str; - default = "filebrowser"; + default = "filebrowser-quantum"; description = "User account under which FileBrowser Quantum runs."; }; group = lib.mkOption { type = types.str; - default = "filebrowser"; + default = "filebrowser-quantum"; description = "Group under which FileBrowser Quantum runs."; }; @@ -144,15 +144,15 @@ in { }; }; - users.users = lib.mkIf (cfg.user == "filebrowser") { - filebrowser = { + users.users = lib.mkIf (cfg.user == "filebrowser-quantum") { + filebrowser-quantum = { inherit (cfg) group; isSystemUser = true; }; }; - users.groups = lib.mkIf (cfg.group == "filebrowser") { - filebrowser = {}; + users.groups = lib.mkIf (cfg.group == "filebrowser-quantum") { + filebrowser-quantum = {}; }; networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [cfg.settings.port]; From 5543cad10dd49f667c7692800ac0c95094a2ee7c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 15:49:38 -0800 Subject: [PATCH 25/50] Update reference for configuration values --- modules/nixos/filebrowser-quantum.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index c043e224..744e2183 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -33,7 +33,7 @@ in { default = {}; description = '' Settings for FileBrowser Quantum. - Refer to for all supported values. + Refer to for all supported values. ''; type = types.submodule { freeformType = format.type; From 76d3a333ec13b09f92aa757d33f01576a0536714 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 15:56:24 -0800 Subject: [PATCH 26/50] Remove `settings.address` --- modules/nixos/filebrowser-quantum.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index 744e2183..99735685 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -39,14 +39,6 @@ in { freeformType = format.type; options = { - address = lib.mkOption { - default = "localhost"; - description = '' - The address to listen on. - ''; - type = types.str; - }; - port = lib.mkOption { default = 8080; description = '' From 0a4c8cf039e0a3407a0bbe29ef5c6327f7ec32df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 15:56:58 -0800 Subject: [PATCH 27/50] `settings.port` -> `settings.server.port` --- modules/nixos/filebrowser-quantum.nix | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index 99735685..7558f28c 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -39,12 +39,14 @@ in { freeformType = format.type; options = { - port = lib.mkOption { - default = 8080; - description = '' - The port to listen on. - ''; - type = types.port; + server = { + port = lib.mkOption { + default = 8080; + description = '' + The port to listen on. + ''; + type = types.port; + }; }; root = lib.mkOption { @@ -147,7 +149,7 @@ in { filebrowser-quantum = {}; }; - networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [cfg.settings.port]; + networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [cfg.settings.server.port]; }; meta.maintainers = [ From 0403bb8a56538c00ebf2c11b8c16eb3b810ab93e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 15:58:53 -0800 Subject: [PATCH 28/50] `settings.database` -> `settings.server.database` --- modules/nixos/filebrowser-quantum.nix | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index 7558f28c..89c15c9f 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -47,6 +47,14 @@ in { ''; type = types.port; }; + + database = lib.mkOption { + default = "/var/lib/filebrowser/database.db"; + description = '' + The path to FileBrowser's Bolt database. + ''; + type = types.path; + }; }; root = lib.mkOption { @@ -57,14 +65,6 @@ in { type = types.path; }; - database = lib.mkOption { - default = "/var/lib/filebrowser/database.db"; - description = '' - The path to FileBrowser's Bolt database. - ''; - type = types.path; - }; - cache-dir = lib.mkOption { default = "/var/cache/filebrowser"; description = '' @@ -131,7 +131,7 @@ in { inherit (cfg) user group; mode = "0700"; }; - "${builtins.dirOf cfg.settings.database}".d = { + "${builtins.dirOf cfg.settings.server.database}".d = { inherit (cfg) user group; mode = "0700"; }; From ff9df90ca780e28d67e5cc38ba7382be9d40a5bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 15:59:41 -0800 Subject: [PATCH 29/50] Update database option --- modules/nixos/filebrowser-quantum.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index 89c15c9f..f272fe4f 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -49,9 +49,9 @@ in { }; database = lib.mkOption { - default = "/var/lib/filebrowser/database.db"; + default = "/var/lib/filebrowser-quantum/database.db"; description = '' - The path to FileBrowser's Bolt database. + The path to FileBrowser Quantum's database. ''; type = types.path; }; From 937fc451eedf8bb9d5b8f1ac57025272d3086864 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 16:00:50 -0800 Subject: [PATCH 30/50] `settings.cache-dir` -> `settings.server.cacheDir` --- modules/nixos/filebrowser-quantum.nix | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index f272fe4f..44bd4131 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -55,6 +55,15 @@ in { ''; type = types.path; }; + + cacheDir = lib.mkOption { + default = "/var/cache/filebrowser"; + description = '' + The directory where FileBrowser stores its cache. + ''; + type = types.path; + readOnly = true; + }; }; root = lib.mkOption { @@ -64,15 +73,6 @@ in { ''; type = types.path; }; - - cache-dir = lib.mkOption { - default = "/var/cache/filebrowser"; - description = '' - The directory where FileBrowser stores its cache. - ''; - type = types.path; - readOnly = true; - }; }; }; }; @@ -127,7 +127,7 @@ in { inherit (cfg) user group; mode = "0700"; }; - "${cfg.settings.cache-dir}".d = { + "${cfg.settings.server.cacheDir}".d = { inherit (cfg) user group; mode = "0700"; }; From 73bcad760c8ae2804853f00564c00a339fb1e323 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 16:01:09 -0800 Subject: [PATCH 31/50] Update cacheDir option --- modules/nixos/filebrowser-quantum.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index 44bd4131..8c4aaae7 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -57,9 +57,9 @@ in { }; cacheDir = lib.mkOption { - default = "/var/cache/filebrowser"; + default = "/var/cache/filebrowser-quantum"; description = '' - The directory where FileBrowser stores its cache. + The directory where FileBrowser Quantum stores its cache. ''; type = types.path; readOnly = true; From e9de6cdb79e20cc9af5d096f3361bf4c370503ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 16:03:43 -0800 Subject: [PATCH 32/50] Add `settings.server.baseUrl` option --- modules/nixos/filebrowser-quantum.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index 8c4aaae7..1ed639a3 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -48,6 +48,14 @@ in { type = types.port; }; + baseUrl = lib.mkOption { + default = "/"; + description = '' + Base URL, primarily for reverse proxy. + ''; + type = types.str; + }; + database = lib.mkOption { default = "/var/lib/filebrowser-quantum/database.db"; description = '' From 2242838f9bc126110924ac0ad8115351b6024f2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 16:04:47 -0800 Subject: [PATCH 33/50] Generate yaml --- modules/nixos/filebrowser-quantum.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index 1ed639a3..83a478b0 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -6,7 +6,7 @@ ... }: let cfg = config.services.filebrowser-quantum; - format = pkgs.formats.json {}; + format = pkgs.formats.yaml {}; inherit (lib) types; in { options = { From da37d60186d2695b150a167c69dcd8d84baaa9d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 16:09:01 -0800 Subject: [PATCH 34/50] Remove `root` option --- modules/nixos/filebrowser-quantum.nix | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index 83a478b0..5af0a660 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -8,6 +8,7 @@ cfg = config.services.filebrowser-quantum; format = pkgs.formats.yaml {}; inherit (lib) types; + dataDir = "/var/lib/filebrowser-quantum"; in { options = { services.filebrowser-quantum = { @@ -73,14 +74,6 @@ in { readOnly = true; }; }; - - root = lib.mkOption { - default = "/var/lib/filebrowser/data"; - description = '' - The directory where FileBrowser stores files. - ''; - type = types.path; - }; }; }; }; @@ -105,7 +98,7 @@ in { StateDirectory = "filebrowser-quantum"; CacheDirectory = "filebrowser-quantum"; - WorkingDirectory = cfg.settings.root; + WorkingDirectory = dataDir; User = cfg.user; Group = cfg.group; @@ -131,7 +124,7 @@ in { }; tmpfiles.settings.filebrowser = { - "${cfg.settings.root}".d = { + "${dataDir}".d = { inherit (cfg) user group; mode = "0700"; }; From bae36fd4efbdd8a1360b3c33bd43c4261bba690f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 16:16:03 -0800 Subject: [PATCH 35/50] Add `settings.server.sources` option --- modules/nixos/filebrowser-quantum.nix | 31 +++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index 5af0a660..aa6d5ac3 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -73,6 +73,37 @@ in { type = types.path; readOnly = true; }; + + sources = lib.mkOption { + description = '' + A list of file system locations accessible to users. + ''; + type = types.listOf types.submodule { + options = { + path = lib.mkOption { + description = '' + The filesystem path to the directory you want to serve. + ''; + type = types.path; + }; + + name = lib.mkOption { + description = '' + Display name shown in the UI. If not specified, uses the base folder name from the path. Useful for providing user-friendly names like “Company Files” instead of just “documents”. + ''; + type = types.str; + }; + + defaultEnabled = lib.mkOption { + default = false; + description = '' + Whether new users automatically get access to this source. Defaults to `false`. Set to `true` for shared sources that all users should see. + ''; + type = types.bool; + }; + }; + }; + }; }; }; }; From 5f4f40a64c7434c44c724053c5cdcd10d50d3469 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 16:18:53 -0800 Subject: [PATCH 36/50] Import filebrowser-quantum module --- modules/nixos/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 79beb510..29e27779 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -2,6 +2,7 @@ { imports = [ ./web + ./filebrowser-quantum.nix ./users.nix ./ssh.nix ./sudo.nix From 035e2f9d59f24c2bfcb127667467d06210b43f08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 16:21:17 -0800 Subject: [PATCH 37/50] Enable filebrowser-quantum on glyph --- hosts/glyph/services/filebrowser.nix | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/hosts/glyph/services/filebrowser.nix b/hosts/glyph/services/filebrowser.nix index 62bfccba..5ba6d5ba 100644 --- a/hosts/glyph/services/filebrowser.nix +++ b/hosts/glyph/services/filebrowser.nix @@ -4,19 +4,24 @@ lib, ... }: let - cfg = config.services.filebrowser; - address = ""; + cfg = config.services.filebrowser-quantum; port = 8080; - dataDir = "/var/lib/filebrowser"; - rootDir = "${dataDir}/files"; settings = { - inherit address port; - database = "${dataDir}/filebrowser.db"; - root = rootDir; - noauth = true; + server = { + inherit port; + sources = [ + { + path = "/mnt/media"; + defaultEnabled = true; + } + ]; + }; + auth = { + adminUsername = "admin"; + }; }; in { - services.filebrowser = { + services.filebrowser-quantum = { enable = true; openFirewall = false; inherit settings; From 2282db7d359007670f811df50c95c7cb8b487c29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 16:26:24 -0800 Subject: [PATCH 38/50] Remove tmpFiles entry for database option This is redundant with `dataDir`, a few lines above --- modules/nixos/filebrowser-quantum.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index aa6d5ac3..fd35e33b 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -163,10 +163,6 @@ in { inherit (cfg) user group; mode = "0700"; }; - "${builtins.dirOf cfg.settings.server.database}".d = { - inherit (cfg) user group; - mode = "0700"; - }; }; }; From 1081bb41e8f5d9154a15cd437ac6e9ddb6351a2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 16:29:13 -0800 Subject: [PATCH 39/50] Fix submodule option --- modules/nixos/filebrowser-quantum.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index fd35e33b..406a7195 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -78,7 +78,7 @@ in { description = '' A list of file system locations accessible to users. ''; - type = types.listOf types.submodule { + type = types.listOf (types.submodule { options = { path = lib.mkOption { description = '' @@ -102,7 +102,7 @@ in { type = types.bool; }; }; - }; + }); }; }; }; From 0af13c019ad7dc0dd69e842f6781e670ddf69d9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 16:32:15 -0800 Subject: [PATCH 40/50] Allow `null` source name --- modules/nixos/filebrowser-quantum.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index 406a7195..807deace 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -91,7 +91,7 @@ in { description = '' Display name shown in the UI. If not specified, uses the base folder name from the path. Useful for providing user-friendly names like “Company Files” instead of just “documents”. ''; - type = types.str; + type = types.nullOr types.str; }; defaultEnabled = lib.mkOption { From a4731762db261a52a165d9db57d16714b290a12f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 16:58:56 -0800 Subject: [PATCH 41/50] Set `default` to fix issue --- modules/nixos/filebrowser-quantum.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index 807deace..bd1bd820 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -92,6 +92,7 @@ in { Display name shown in the UI. If not specified, uses the base folder name from the path. Useful for providing user-friendly names like “Company Files” instead of just “documents”. ''; type = types.nullOr types.str; + default = null; }; defaultEnabled = lib.mkOption { From 4eff11b032441733483824ab075966f447715643 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 17:12:49 -0800 Subject: [PATCH 42/50] Rename binary in package --- packages/filebrowser-quantum/package.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/packages/filebrowser-quantum/package.nix b/packages/filebrowser-quantum/package.nix index 7d185055..fd0ab58d 100644 --- a/packages/filebrowser-quantum/package.nix +++ b/packages/filebrowser-quantum/package.nix @@ -50,6 +50,10 @@ in cp -r ${frontend}/dist/* http/embed ''; + postInstall = '' + mv $out/bin/backend $out/bin/filebrowser + ''; + ldflags = [ "-w" "-s" From c42dee9232f3cc982e62bab3704dfcd1431756cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 17:19:36 -0800 Subject: [PATCH 43/50] Move `defaultEnabled` into `sources.config` --- modules/nixos/filebrowser-quantum.nix | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index bd1bd820..68ce245f 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -95,12 +95,21 @@ in { default = null; }; - defaultEnabled = lib.mkOption { - default = false; + config = lib.mkOption { description = '' - Whether new users automatically get access to this source. Defaults to `false`. Set to `true` for shared sources that all users should see. + Configuration options for the source. ''; - type = types.bool; + type = types.submodule { + options = { + defaultEnabled = lib.mkOption { + default = false; + description = '' + Whether new users automatically get access to this source. Defaults to `false`. Set to `true` for shared sources that all users should see. + ''; + type = types.bool; + }; + }; + }; }; }; }); From 967ce4e8b2a4b147a5da7dbac1bd67ef80f9f21b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 17:19:52 -0800 Subject: [PATCH 44/50] Update settings --- hosts/glyph/services/filebrowser.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/glyph/services/filebrowser.nix b/hosts/glyph/services/filebrowser.nix index 5ba6d5ba..46098090 100644 --- a/hosts/glyph/services/filebrowser.nix +++ b/hosts/glyph/services/filebrowser.nix @@ -12,7 +12,9 @@ sources = [ { path = "/mnt/media"; - defaultEnabled = true; + config = { + defaultEnabled = true; + }; } ]; }; From 557735ef031539077750259b204a2d53e791f3ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 17:21:17 -0800 Subject: [PATCH 45/50] Correct settings key --- modules/nixos/filebrowser-quantum.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index 68ce245f..1fed3387 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -49,7 +49,7 @@ in { type = types.port; }; - baseUrl = lib.mkOption { + baseURL = lib.mkOption { default = "/"; description = '' Base URL, primarily for reverse proxy. From 870d73684b9d80ba34122a84427c322e6c6d74d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 17:25:51 -0800 Subject: [PATCH 46/50] Inline settings --- hosts/glyph/services/filebrowser.nix | 34 +++++++++++++--------------- 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/hosts/glyph/services/filebrowser.nix b/hosts/glyph/services/filebrowser.nix index 46098090..e40f5b0c 100644 --- a/hosts/glyph/services/filebrowser.nix +++ b/hosts/glyph/services/filebrowser.nix @@ -5,28 +5,26 @@ ... }: let cfg = config.services.filebrowser-quantum; - port = 8080; - settings = { - server = { - inherit port; - sources = [ - { - path = "/mnt/media"; - config = { - defaultEnabled = true; - }; - } - ]; - }; - auth = { - adminUsername = "admin"; - }; - }; in { services.filebrowser-quantum = { enable = true; openFirewall = false; - inherit settings; + settings = { + server = { + port = 8080; + sources = [ + { + path = "/mnt/media"; + config = { + defaultEnabled = true; + }; + } + ]; + }; + auth = { + adminUsername = "admin"; + }; + }; }; users.users.${cfg.user}.extraGroups = ["media"]; } From a825e22d042e67f3f42257bfc62e09e0635b47c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 17:38:20 -0800 Subject: [PATCH 47/50] Add `environmentFile` option --- modules/nixos/filebrowser-quantum.nix | 81 ++++++++++++++++----------- 1 file changed, 47 insertions(+), 34 deletions(-) diff --git a/modules/nixos/filebrowser-quantum.nix b/modules/nixos/filebrowser-quantum.nix index 1fed3387..c3d43c95 100644 --- a/modules/nixos/filebrowser-quantum.nix +++ b/modules/nixos/filebrowser-quantum.nix @@ -118,6 +118,15 @@ in { }; }; }; + + environmentFile = lib.mkOption { + type = types.nullOr types.str; + default = null; + description = '' + file containing the credentials to access the repository, in the + format of an EnvironmentFile as described by {manpage}`systemd.exec(5)` + ''; + }; }; }; @@ -127,41 +136,45 @@ in { after = ["network.target"]; description = "FileBrowser Quantum"; wantedBy = ["multi-user.target"]; - serviceConfig = { - ExecStart = let - args = [ - (lib.getExe cfg.package) - "-c" - (format.generate "config.yaml" cfg.settings) + serviceConfig = + { + ExecStart = let + args = [ + (lib.getExe cfg.package) + "-c" + (format.generate "config.yaml" cfg.settings) + ]; + in + utils.escapeSystemdExecArgs args; + + StateDirectory = "filebrowser-quantum"; + CacheDirectory = "filebrowser-quantum"; + WorkingDirectory = dataDir; + + User = cfg.user; + Group = cfg.group; + UMask = "0077"; + + NoNewPrivileges = true; + PrivateDevices = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + MemoryDenyWriteExecute = true; + LockPersonality = true; + RestrictAddressFamilies = [ + "AF_UNIX" + "AF_INET" + "AF_INET6" ]; - in - utils.escapeSystemdExecArgs args; - - StateDirectory = "filebrowser-quantum"; - CacheDirectory = "filebrowser-quantum"; - WorkingDirectory = dataDir; - - User = cfg.user; - Group = cfg.group; - UMask = "0077"; - - NoNewPrivileges = true; - PrivateDevices = true; - ProtectKernelTunables = true; - ProtectKernelModules = true; - ProtectControlGroups = true; - MemoryDenyWriteExecute = true; - LockPersonality = true; - RestrictAddressFamilies = [ - "AF_UNIX" - "AF_INET" - "AF_INET6" - ]; - DevicePolicy = "closed"; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - }; + DevicePolicy = "closed"; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + } + // lib.optionalAttrs (cfg.environmentFile != null) { + EnvironmentFile = cfg.environmentFile; + }; }; tmpfiles.settings.filebrowser = { From 35ba9a60c2b591d3655bec29ed3c404fa458e294 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 17:39:12 -0800 Subject: [PATCH 48/50] Configure filebrowser OIDC --- hosts/glyph/secrets/filebrowser-env.age | Bin 0 -> 450 bytes hosts/glyph/services/filebrowser.nix | 21 ++++++++++++++++++++- lib/secrets/glyph.nix | 1 + 3 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 hosts/glyph/secrets/filebrowser-env.age diff --git a/hosts/glyph/secrets/filebrowser-env.age b/hosts/glyph/secrets/filebrowser-env.age new file mode 100644 index 0000000000000000000000000000000000000000..6db6fa1e8eb5f949f370c568389d0f8711097d02 GIT binary patch literal 450 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH3NF$va#Tpn4~=vS zGcPj;(hraDw($2ZH+3@f_czeD%r!5LG7B=T^!F~!iOTm5&garMaLThR&yLJ+D);ts z_l-0v&nb6wjnqyqE;dXL^EQnP&P*}SP79AP3q-fg*fl&OFHpfGBh|kmrP4GqQ$H{% zKhnT3#4{qpB-^sWz`(`dHLK7wGC8X#sU$nFGMy_Tz}w8tKgHFj(kwEs!qv-M-_6rA zIL*`0CpAew&Cf8~J3Yv;(%G`Y+>=XJS687bC8f;MH`~lHpfblNC__IpJ3TEZA~{jt zFep3MEwQ9R+bghKJHyn}!AIAzA! Date: Wed, 12 Nov 2025 17:42:33 -0800 Subject: [PATCH 49/50] Set `adminGroup` in OIDC config --- hosts/glyph/services/filebrowser.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/glyph/services/filebrowser.nix b/hosts/glyph/services/filebrowser.nix index de7d491d..b96a3ad2 100644 --- a/hosts/glyph/services/filebrowser.nix +++ b/hosts/glyph/services/filebrowser.nix @@ -39,6 +39,7 @@ in { userIdentifier = "preferred_username"; disableVerifyTLS = false; createUser = true; + adminGroup = "admins"; }; }; }; From bb6c2f230cbe2559dd5b6bfed6b894fc9c833c30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 12 Nov 2025 17:47:28 -0800 Subject: [PATCH 50/50] Revert "Add package output to flake for testing" This reverts commit d3c2013ea7ab37eb5a21d1e7aa551339299e3a08. --- flake.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/flake.nix b/flake.nix index 65939ad8..ddc58ce1 100644 --- a/flake.nix +++ b/flake.nix @@ -119,8 +119,6 @@ config, ... }: { - # TODO: Expose each ./packages/${name}/package.nix as packages.${name} - packages.filebrowser-quantum = pkgs.callPackage ./packages/filebrowser-quantum/package.nix {}; devShells = { default = pkgs.mkShell { packages =