Skip to content

Use Filebrowser Quantum #173

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
stackptr merged 50 commits into from
Nov 13, 2025
Merged

Use Filebrowser Quantum #173

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
50 commits
Select commit Hold shift + click to select a range
3cbc489
Init filebrowser-quantum from filebrowser def
stackptr Oct 15, 2025
a4a8d3c
Formatting
stackptr Oct 15, 2025
4b87968
Update meta
stackptr Oct 15, 2025
f22b1fb
filebrowser -> filebrowser-quantum
stackptr Oct 15, 2025
2c51af1
Clear hashes
stackptr Oct 15, 2025
1bccb55
Remove nixosTests
stackptr Oct 15, 2025
4e2cb5f
Replace pnpm with npm
stackptr Oct 15, 2025
f7190f9
Replace `ldflags` from upstream make target
stackptr Oct 15, 2025
c4647f1
Add TODO
stackptr Oct 15, 2025
d3c2013
Add package output to flake for testing
stackptr Nov 12, 2025
14d3107
Use forked filebrowser repo
stackptr Nov 12, 2025
f8d7f36
Set npm dependencies hash
stackptr Nov 12, 2025
0cbc50e
Use different build target
stackptr Nov 12, 2025
a95eb28
Update go module inputs
stackptr Nov 12, 2025
1c871cd
Fix copying frontend into backend http paths
stackptr Nov 12, 2025
4078b58
Fix cp frontend
stackptr Nov 12, 2025
2e961cc
Remove excludedPackages input
stackptr Nov 12, 2025
d4e738a
Init module using nixos-unstable as template
stackptr Nov 12, 2025
c0d075d
Rename service
stackptr Nov 12, 2025
a53175f
Update `meta.maintainers`
stackptr Nov 12, 2025
e511832
Use filebrowser-quantum package
stackptr Nov 12, 2025
10a5491
Update module option descriptions
stackptr Nov 12, 2025
16ed40a
Update systemd service
stackptr Nov 12, 2025
e07dce2
Use distinct user and group names
stackptr Nov 12, 2025
5543cad
Update reference for configuration values
stackptr Nov 12, 2025
76d3a33
Remove `settings.address`
stackptr Nov 12, 2025
0a4c8cf
`settings.port` -> `settings.server.port`
stackptr Nov 12, 2025
0403bb8
`settings.database` -> `settings.server.database`
stackptr Nov 12, 2025
ff9df90
Update database option
stackptr Nov 12, 2025
937fc45
`settings.cache-dir` -> `settings.server.cacheDir`
stackptr Nov 13, 2025
73bcad7
Update cacheDir option
stackptr Nov 13, 2025
e9de6cd
Add `settings.server.baseUrl` option
stackptr Nov 13, 2025
2242838
Generate yaml
stackptr Nov 13, 2025
da37d60
Remove `root` option
stackptr Nov 13, 2025
bae36fd
Add `settings.server.sources` option
stackptr Nov 13, 2025
5f4f40a
Import filebrowser-quantum module
stackptr Nov 13, 2025
035e2f9
Enable filebrowser-quantum on glyph
stackptr Nov 13, 2025
2282db7
Remove tmpFiles entry for database option
stackptr Nov 13, 2025
1081bb4
Fix submodule option
stackptr Nov 13, 2025
0af13c0
Allow `null` source name
stackptr Nov 13, 2025
a473176
Set `default` to fix issue
stackptr Nov 13, 2025
4eff11b
Rename binary in package
stackptr Nov 13, 2025
c42dee9
Move `defaultEnabled` into `sources.config`
stackptr Nov 13, 2025
967ce4e
Update settings
stackptr Nov 13, 2025
557735e
Correct settings key
stackptr Nov 13, 2025
870d736
Inline settings
stackptr Nov 13, 2025
a825e22
Add `environmentFile` option
stackptr Nov 13, 2025
35ba9a6
Configure filebrowser OIDC
stackptr Nov 13, 2025
619a71e
Set `adminGroup` in OIDC config
stackptr Nov 13, 2025
bb6c2f2
Revert "Add package output to flake for testing"
stackptr Nov 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added hosts/glyph/secrets/filebrowser-env.age
View file
Open in desktop
Binary file not shown.
51 changes: 38 additions & 13 deletions hosts/glyph/services/filebrowser.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,22 +4,47 @@
lib,
...
}: let
cfg = config.services.filebrowser;
address = "";
port = 8080;
dataDir = "/var/lib/filebrowser";
rootDir = "${dataDir}/files";
settings = {
inherit address port;
database = "${dataDir}/filebrowser.db";
root = rootDir;
noauth = true;
};
cfg = config.services.filebrowser-quantum;
in {
services.filebrowser = {
age.secrets.filebrowser-env = {
file = ./../secrets/filebrowser-env.age;
mode = "550";
owner = cfg.user;
inherit (cfg) group;
};

services.filebrowser-quantum = {
enable = true;
openFirewall = false;
inherit settings;
settings = {
server = {
port = 8080;
sources = [
{
path = "/mnt/media";
config = {
defaultEnabled = true;
};
}
];
};
auth = {
methods = {
password.enabled = false;
oidc = {
enabled = true;
# N.B.: clientId and clientSecret supplied via environment variable
issuerUrl = "https://id.zx.dev";
scopes = "email openid profile groups";
userIdentifier = "preferred_username";
disableVerifyTLS = false;
createUser = true;
adminGroup = "admins";
};
};
};
};
environmentFile = config.age.secrets.filebrowser-env.path;
};
users.users.${cfg.user}.extraGroups = ["media"];
}
1 change: 1 addition & 0 deletions lib/secrets/glyph.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
let
keys = with (import ../keys.nix); [glyph Rhizome];
in {
"hosts/glyph/secrets/filebrowser-env.age".publicKeys = keys;
"hosts/glyph/secrets/pushover-app-token.age".publicKeys = keys;
"hosts/glyph/secrets/pushover-user-token.age".publicKeys = keys;
}
1 change: 1 addition & 0 deletions modules/nixos/default.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
{
imports = [
./web
./filebrowser-quantum.nix
./users.nix
./ssh.nix
./sudo.nix
Expand Down
209 changes: 209 additions & 0 deletions modules/nixos/filebrowser-quantum.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,209 @@
{
config,
pkgs,
lib,
utils,
...
}: let
cfg = config.services.filebrowser-quantum;
format = pkgs.formats.yaml {};
inherit (lib) types;
dataDir = "/var/lib/filebrowser-quantum";
in {
options = {
services.filebrowser-quantum = {
enable = lib.mkEnableOption "FileBrowser Quantum";

package = lib.mkPackageOption pkgs "filebrowser-quantum" {};

user = lib.mkOption {
type = types.str;
default = "filebrowser-quantum";
description = "User account under which FileBrowser Quantum runs.";
};

group = lib.mkOption {
type = types.str;
default = "filebrowser-quantum";
description = "Group under which FileBrowser Quantum runs.";
};

openFirewall = lib.mkEnableOption "opening firewall ports for FileBrowser Quantum";

settings = lib.mkOption {
default = {};
description = ''
Settings for FileBrowser Quantum.
Refer to <https://filebrowserquantum.com/en/docs/configuration/configuration-overview/> for all supported values.
'';
type = types.submodule {
freeformType = format.type;

options = {
server = {
port = lib.mkOption {
default = 8080;
description = ''
The port to listen on.
'';
type = types.port;
};

baseURL = lib.mkOption {
default = "/";
description = ''
Base URL, primarily for reverse proxy.
'';
type = types.str;
};

database = lib.mkOption {
default = "/var/lib/filebrowser-quantum/database.db";
description = ''
The path to FileBrowser Quantum's database.
'';
type = types.path;
};

cacheDir = lib.mkOption {
default = "/var/cache/filebrowser-quantum";
description = ''
The directory where FileBrowser Quantum stores its cache.
'';
type = types.path;
readOnly = true;
};

sources = lib.mkOption {
description = ''
A list of file system locations accessible to users.
'';
type = types.listOf (types.submodule {
options = {
path = lib.mkOption {
description = ''
The filesystem path to the directory you want to serve.
'';
type = types.path;
};

name = lib.mkOption {
description = ''
Display name shown in the UI. If not specified, uses the base folder name from the path. Useful for providing user-friendly names like “Company Files” instead of just “documents”.
'';
type = types.nullOr types.str;
default = null;
};

config = lib.mkOption {
description = ''
Configuration options for the source.
'';
type = types.submodule {
options = {
defaultEnabled = lib.mkOption {
default = false;
description = ''
Whether new users automatically get access to this source. Defaults to `false`. Set to `true` for shared sources that all users should see.
'';
type = types.bool;
};
};
};
};
};
});
};
};
};
};
};

environmentFile = lib.mkOption {
type = types.nullOr types.str;
default = null;
description = ''
file containing the credentials to access the repository, in the
format of an EnvironmentFile as described by {manpage}`systemd.exec(5)`
'';
};
};
};

config = lib.mkIf cfg.enable {
systemd = {
services.filebrowser-quantum = {
after = ["network.target"];
description = "FileBrowser Quantum";
wantedBy = ["multi-user.target"];
serviceConfig =
{
ExecStart = let
args = [
(lib.getExe cfg.package)
"-c"
(format.generate "config.yaml" cfg.settings)
];
in
utils.escapeSystemdExecArgs args;

StateDirectory = "filebrowser-quantum";
CacheDirectory = "filebrowser-quantum";
WorkingDirectory = dataDir;

User = cfg.user;
Group = cfg.group;
UMask = "0077";

NoNewPrivileges = true;
PrivateDevices = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
MemoryDenyWriteExecute = true;
LockPersonality = true;
RestrictAddressFamilies = [
"AF_UNIX"
"AF_INET"
"AF_INET6"
];
DevicePolicy = "closed";
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
}
// lib.optionalAttrs (cfg.environmentFile != null) {
EnvironmentFile = cfg.environmentFile;
};
};

tmpfiles.settings.filebrowser = {
"${dataDir}".d = {
inherit (cfg) user group;
mode = "0700";
};
"${cfg.settings.server.cacheDir}".d = {
inherit (cfg) user group;
mode = "0700";
};
};
};

users.users = lib.mkIf (cfg.user == "filebrowser-quantum") {
filebrowser-quantum = {
inherit (cfg) group;
isSystemUser = true;
};
};

users.groups = lib.mkIf (cfg.group == "filebrowser-quantum") {
filebrowser-quantum = {};
};

networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [cfg.settings.server.port];
};

meta.maintainers = [
lib.maintainers.stackptr
];
}
3 changes: 3 additions & 0 deletions overlays/custom-packages.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ self: super: {
# FastScripts automation tool for macOS
fastscripts = super.callPackage ./../packages/fastscripts/package.nix {};

# FileBrowser quantum fork
filebrowser-quantum = super.callPackage ./../packages/filebrowser-quantum/package.nix {};

# Mochi spaced repetition software
mochi = super.callPackage ./../packages/mochi/package.nix {};

Expand Down
75 changes: 75 additions & 0 deletions packages/filebrowser-quantum/package.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
# TODO: Upstream to NixOS/nixpkgs
{
lib,
fetchFromGitHub,
buildGoModule,
buildNpmPackage,
nix-update-script,
}: let
version = "1.0.1-dev";

src = fetchFromGitHub {
owner = "stackptr";
repo = "filebrowser";
rev = "v${version}";
hash = "sha256-BE+WQwRFHvGakGNPl84eVkkQMqKqF31CG0Y3E1nJkNk=";
};

frontend = buildNpmPackage rec {
pname = "filebrowser-quantum-frontend";
inherit version src;

sourceRoot = "${src.name}/frontend";

npmDepsHash = "sha256-Ro58WpzrreDb23sHiI9/ZekQBDl+VO271SImtEFgvYg=";

npmBuildScript = "build:docker"; # Default build target requires writing outside frontend dir

installPhase = ''
runHook preInstall

mkdir $out
mv dist $out

runHook postInstall
'';
};
in
buildGoModule {
pname = "filebrowser-quantum";
inherit version src;

modRoot = "./backend";

vendorHash = "sha256-urJZMOkZzoN//kecpJ47ldZk+H2qvMGTr/Pw90bMpDc=";

preBuild = ''
rm -rf http/dist/*
rm -rf http/embed/*
cp -r ${frontend}/dist http/
cp -r ${frontend}/dist/* http/embed
'';

postInstall = ''
mv $out/bin/backend $out/bin/filebrowser
'';

ldflags = [
"-w"
"-s"
"-X 'github.com/gtsteffaniak/filebrowser/backend/version.CommitSHA=testingCommit'"
"-X 'github.com/gtsteffaniak/filebrowser/backend/version.Version=testing'"
];

passthru = {
updateScript = nix-update-script {};
inherit frontend;
};

meta = with lib; {
description = "Fork of filebrowser project";
homepage = "https://github.com/gtsteffaniak/filebrowser";
license = licenses.asl20;
mainProgram = "filebrowser";
};
}