···

       
12
       
12
       
 
       


     

       
13
       
13
       
 
       
- [gtklock](https://github.com/jovanlanik/gtklock), a GTK-based lockscreen for Wayland. Available as [programs.gtklock](#opt-programs.gtklock.enable).

     

       
14
       
14
       
 
       


     

       
15
       
15
       
+
       
- [FileBrowser](https://filebrowser.org/), a web application for managing and sharing files. Available as [services.filebrowser](#opt-services.filebrowser.enable).

     

       
16
       
16
       
+
       


     

       
15
       
17
       
 
       
- [SuiteNumérique Docs](https://github.com/suitenumerique/docs), a collaborative note taking, wiki and documentation web platform and alternative to Notion or Outline. Available as [services.lasuite-docs](#opt-services.lasuite-docs.enable).

     

       
16
       
18
       
 
       


     

       
17
       
19
       
 
       
## Backward Incompatibilities {#sec-release-25.11-incompatibilities}

     

···

       
1536
       
1536
       
 
       
  ./services/web-apps/engelsystem.nix

     

       
1537
       
1537
       
 
       
  ./services/web-apps/ethercalc.nix

     

       
1538
       
1538
       
 
       
  ./services/web-apps/fider.nix

     

       
1539
       
1539
       
+
       
  ./services/web-apps/filebrowser.nix

     

       
1539
       
1540
       
 
       
  ./services/web-apps/filesender.nix

     

       
1540
       
1541
       
 
       
  ./services/web-apps/firefly-iii-data-importer.nix

     

       
1541
       
1542
       
 
       
  ./services/web-apps/firefly-iii.nix

     

···

       
1
       
1
       
+
       
{

     

       
2
       
2
       
+
       
  config,

     

       
3
       
3
       
+
       
  pkgs,

     

       
4
       
4
       
+
       
  lib,

     

       
5
       
5
       
+
       
  utils,

     

       
6
       
6
       
+
       
  ...

     

       
7
       
7
       
+
       
}:

     

       
8
       
8
       
+
       
let

     

       
9
       
9
       
+
       
  cfg = config.services.filebrowser;

     

       
10
       
10
       
+
       
  inherit (lib) types;

     

       
11
       
11
       
+
       
  format = pkgs.formats.json { };

     

       
12
       
12
       
+
       
in

     

       
13
       
13
       
+
       
{

     

       
14
       
14
       
+
       
  options = {

     

       
15
       
15
       
+
       
    services.filebrowser = {

     

       
16
       
16
       
+
       
      enable = lib.mkEnableOption "FileBrowser";

     

       
17
       
17
       
+
       


     

       
18
       
18
       
+
       
      package = lib.mkPackageOption pkgs "filebrowser" { };

     

       
19
       
19
       
+
       


     

       
20
       
20
       
+
       
      openFirewall = lib.mkEnableOption "opening firewall ports for FileBrowser";

     

       
21
       
21
       
+
       


     

       
22
       
22
       
+
       
      settings = lib.mkOption {

     

       
23
       
23
       
+
       
        default = { };

     

       
24
       
24
       
+
       
        description = ''

     

       
25
       
25
       
+
       
          Settings for FileBrowser.

     

       
26
       
26
       
+
       
          Refer to <https://filebrowser.org/cli/filebrowser#options> for all supported values.

     

       
27
       
27
       
+
       
        '';

     

       
28
       
28
       
+
       
        type = types.submodule {

     

       
29
       
29
       
+
       
          freeformType = format.type;

     

       
30
       
30
       
+
       


     

       
31
       
31
       
+
       
          options = {

     

       
32
       
32
       
+
       
            address = lib.mkOption {

     

       
33
       
33
       
+
       
              default = "localhost";

     

       
34
       
34
       
+
       
              description = ''

     

       
35
       
35
       
+
       
                The address to listen on.

     

       
36
       
36
       
+
       
              '';

     

       
37
       
37
       
+
       
              type = types.str;

     

       
38
       
38
       
+
       
            };

     

       
39
       
39
       
+
       


     

       
40
       
40
       
+
       
            port = lib.mkOption {

     

       
41
       
41
       
+
       
              default = 8080;

     

       
42
       
42
       
+
       
              description = ''

     

       
43
       
43
       
+
       
                The port to listen on.

     

       
44
       
44
       
+
       
              '';

     

       
45
       
45
       
+
       
              type = types.port;

     

       
46
       
46
       
+
       
            };

     

       
47
       
47
       
+
       


     

       
48
       
48
       
+
       
            root = lib.mkOption {

     

       
49
       
49
       
+
       
              default = "/var/lib/filebrowser/data";

     

       
50
       
50
       
+
       
              description = ''

     

       
51
       
51
       
+
       
                The directory where FileBrowser stores files.

     

       
52
       
52
       
+
       
              '';

     

       
53
       
53
       
+
       
              type = types.path;

     

       
54
       
54
       
+
       
            };

     

       
55
       
55
       
+
       


     

       
56
       
56
       
+
       
            database = lib.mkOption {

     

       
57
       
57
       
+
       
              default = "/var/lib/filebrowser/database.db";

     

       
58
       
58
       
+
       
              description = ''

     

       
59
       
59
       
+
       
                The path to FileBrowser's Bolt database.

     

       
60
       
60
       
+
       
              '';

     

       
61
       
61
       
+
       
              type = types.path;

     

       
62
       
62
       
+
       
            };

     

       
63
       
63
       
+
       


     

       
64
       
64
       
+
       
            cache-dir = lib.mkOption {

     

       
65
       
65
       
+
       
              default = "/var/cache/filebrowser";

     

       
66
       
66
       
+
       
              description = ''

     

       
67
       
67
       
+
       
                The directory where FileBrowser stores its cache.

     

       
68
       
68
       
+
       
              '';

     

       
69
       
69
       
+
       
              type = types.path;

     

       
70
       
70
       
+
       
              readOnly = true;

     

       
71
       
71
       
+
       
            };

     

       
72
       
72
       
+
       
          };

     

       
73
       
73
       
+
       
        };

     

       
74
       
74
       
+
       
      };

     

       
75
       
75
       
+
       
    };

     

       
76
       
76
       
+
       
  };

     

       
77
       
77
       
+
       


     

       
78
       
78
       
+
       
  config = lib.mkIf cfg.enable {

     

       
79
       
79
       
+
       
    systemd = {

     

       
80
       
80
       
+
       
      services.filebrowser = {

     

       
81
       
81
       
+
       
        after = [ "network.target" ];

     

       
82
       
82
       
+
       
        description = "FileBrowser";

     

       
83
       
83
       
+
       
        wantedBy = [ "multi-user.target" ];

     

       
84
       
84
       
+
       
        serviceConfig = {

     

       
85
       
85
       
+
       
          ExecStart =

     

       
86
       
86
       
+
       
            let

     

       
87
       
87
       
+
       
              args = [

     

       
88
       
88
       
+
       
                (lib.getExe cfg.package)

     

       
89
       
89
       
+
       
                "--config"

     

       
90
       
90
       
+
       
                (format.generate "config.json" cfg.settings)

     

       
91
       
91
       
+
       
              ];

     

       
92
       
92
       
+
       
            in

     

       
93
       
93
       
+
       
            utils.escapeSystemdExecArgs args;

     

       
94
       
94
       
+
       


     

       
95
       
95
       
+
       
          StateDirectory = "filebrowser";

     

       
96
       
96
       
+
       
          CacheDirectory = "filebrowser";

     

       
97
       
97
       
+
       
          WorkingDirectory = cfg.settings.root;

     

       
98
       
98
       
+
       


     

       
99
       
99
       
+
       
          DynamicUser = true;

     

       
100
       
100
       
+
       


     

       
101
       
101
       
+
       
          NoNewPrivileges = true;

     

       
102
       
102
       
+
       
          PrivateDevices = true;

     

       
103
       
103
       
+
       
          ProtectKernelTunables = true;

     

       
104
       
104
       
+
       
          ProtectKernelModules = true;

     

       
105
       
105
       
+
       
          ProtectControlGroups = true;

     

       
106
       
106
       
+
       
          MemoryDenyWriteExecute = true;

     

       
107
       
107
       
+
       
          LockPersonality = true;

     

       
108
       
108
       
+
       
          RestrictAddressFamilies = [

     

       
109
       
109
       
+
       
            "AF_UNIX"

     

       
110
       
110
       
+
       
            "AF_INET"

     

       
111
       
111
       
+
       
            "AF_INET6"

     

       
112
       
112
       
+
       
          ];

     

       
113
       
113
       
+
       
          DevicePolicy = "closed";

     

       
114
       
114
       
+
       
          RestrictNamespaces = true;

     

       
115
       
115
       
+
       
          RestrictRealtime = true;

     

       
116
       
116
       
+
       
          RestrictSUIDSGID = true;

     

       
117
       
117
       
+
       
        };

     

       
118
       
118
       
+
       
      };

     

       
119
       
119
       
+
       


     

       
120
       
120
       
+
       
      tmpfiles.settings.filebrowser =

     

       
121
       
121
       
+
       
        lib.genAttrs

     

       
122
       
122
       
+
       
          [

     

       
123
       
123
       
+
       
            cfg.settings.root

     

       
124
       
124
       
+
       
            (builtins.dirOf cfg.settings.database)

     

       
125
       
125
       
+
       
          ]

     

       
126
       
126
       
+
       
          (_: {

     

       
127
       
127
       
+
       
            d.mode = "0700";

     

       
128
       
128
       
+
       
          });

     

       
129
       
129
       
+
       
    };

     

       
130
       
130
       
+
       


     

       
131
       
131
       
+
       
    networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ cfg.settings.port ];

     

       
132
       
132
       
+
       
  };

     

       
133
       
133
       
+
       


     

       
134
       
134
       
+
       
  meta.maintainers = [

     

       
135
       
135
       
+
       
    lib.maintainers.lukaswrz

     

       
136
       
136
       
+
       
  ];

     

       
137
       
137
       
+
       
}

     

···

       
466
       
466
       
 
       
  ferretdb = handleTest ./ferretdb.nix { };

     

       
467
       
467
       
 
       
  fider = runTest ./fider.nix;

     

       
468
       
468
       
 
       
  filesender = runTest ./filesender.nix;

     

       
469
       
469
       
+
       
  filebrowser = runTest ./filebrowser.nix;

     

       
469
       
470
       
 
       
  filesystems-overlayfs = runTest ./filesystems-overlayfs.nix;

     

       
470
       
471
       
 
       
  firefly-iii = runTest ./firefly-iii.nix;

     

       
471
       
472
       
 
       
  firefly-iii-data-importer = runTest ./firefly-iii-data-importer.nix;

     

···

       
1
       
1
       
+
       
{

     

       
2
       
2
       
+
       
  name = "filebrowser";

     

       
3
       
3
       
+
       


     

       
4
       
4
       
+
       
  nodes.machine = {

     

       
5
       
5
       
+
       
    services.filebrowser = {

     

       
6
       
6
       
+
       
      enable = true;

     

       
7
       
7
       
+
       
      settings = {

     

       
8
       
8
       
+
       
        address = "localhost";

     

       
9
       
9
       
+
       
        port = 8080;

     

       
10
       
10
       
+
       
        database = "/var/lib/filebrowser/filebrowser.db";

     

       
11
       
11
       
+
       
      };

     

       
12
       
12
       
+
       
    };

     

       
13
       
13
       
+
       
  };

     

       
14
       
14
       
+
       


     

       
15
       
15
       
+
       
  testScript = ''

     

       
16
       
16
       
+
       
    machine.start()

     

       
17
       
17
       
+
       


     

       
18
       
18
       
+
       
    machine.wait_for_unit("filebrowser.service")

     

       
19
       
19
       
+
       
    machine.wait_for_open_port(8080)

     

       
20
       
20
       
+
       


     

       
21
       
21
       
+
       
    machine.succeed("curl --fail http://localhost:8080/")

     

       
22
       
22
       
+
       


     

       
23
       
23
       
+
       
    machine.succeed("stat /var/lib/filebrowser/filebrowser.db")

     

       
24
       
24
       
+
       


     

       
25
       
25
       
+
       
    machine.shutdown()

     

       
26
       
26
       
+
       
  '';

     

       
27
       
27
       
+
       
}

     

···

       
6
       
6
       
 
       


     

       
7
       
7
       
 
       
  nodejs_22,

     

       
8
       
8
       
 
       
  pnpm_9,

     

       
9
       
9
       
+
       


     

       
10
       
10
       
+
       
  nixosTests,

     

       
9
       
11
       
 
       
}:

     

       
10
       
12
       
 
       


     

       
11
       
13
       
 
       
let

     
···

       
70
       
72
       
 
       


     

       
71
       
73
       
 
       
  passthru = {

     

       
72
       
74
       
 
       
    inherit frontend;

     

       
75
       
75
       
+
       
    tests = {

     

       
76
       
76
       
+
       
      inherit (nixosTests) filebrowser;

     

       
77
       
77
       
+
       
    };

     

       
73
       
78
       
 
       
  };

     

       
74
       
79
       
 
       


     

       
75
       
80
       
 
       
  meta = with lib; {