add filebrowser app as nextcloud alternative

flake.nix

@@ -240,12 +240,14 @@
           mail.smtpHost = "smtp.purelymail.com";
           dotfilesRepo = "https://github.com/nmasur/dotfiles";
           hostnames = {
+            files = "files.${baseName}";
             git = "git.${baseName}";
             influxdb = "influxdb.${baseName}";
             irc = "irc.${baseName}";
             metrics = "metrics.${baseName}";
             minecraft = "minecraft.${baseName}";
             n8n = "n8n.${baseName}";
+            notifications = "ntfy.${baseName}";
             prometheus = "prom.${baseName}";
             paperless = "paper.${baseName}";
             secrets = "vault.${baseName}";

hosts/flame/default.nix

@@ -81,6 +81,7 @@ inputs.nixpkgs.lib.nixosSystem rec {
       services.vaultwarden.enable = true;
       services.minecraft-server.enable = true; # Setup Minecraft server
       services.n8n.enable = true;
+      services.ntfy-sh.enable = true;
       system.autoUpgrade.enable = true;
 
       # Allows private remote access over the internet

hosts/swan/default.nix

@@ -97,6 +97,7 @@ inputs.nixpkgs.lib.nixosSystem rec {
       cloudflare.enable = true;
       dotfiles.enable = true;
       arrs.enable = true;
+      filebrowser.enable = true;
       services.bind.enable = true;
       services.caddy.enable = true;
       services.jellyfin.enable = true;

modules/common/default.nix

@@ -77,6 +77,10 @@
       default = [ ];
     };
     hostnames = {
+      files = lib.mkOption {
+        type = lib.types.str;
+        description = "Hostname for files server (Filebrowser).";
+      };
       git = lib.mkOption {
         type = lib.types.str;
         description = "Hostname for git server (Gitea).";
@@ -129,6 +133,10 @@
         type = lib.types.str;
         description = "Hostname for n8n automation.";
       };
+      notifications = lib.mkOption {
+        type = lib.types.str;
+        description = "Hostname for push notification services (ntfy).";
+      };
       transmission = lib.mkOption {
         type = lib.types.str;
         description = "Hostname for peer2peer downloads (Transmission).";

modules/nixos/services/default.nix

@@ -12,6 +12,7 @@
     ./calibre.nix
     ./cloudflare-tunnel.nix
     ./cloudflare.nix
+    ./filebrowser.nix
     ./identity.nix
     ./irc.nix
     ./gitea-runner.nix
@@ -26,6 +27,7 @@
     ./n8n.nix
     ./netdata.nix
     ./nextcloud.nix
+    ./ntfy.nix
     ./paperless.nix
     ./postgresql.nix
     ./prometheus.nix

modules/nixos/services/filebrowser.nix

@@ -0,0 +1,74 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  user =
+    if config.services.nextcloud.enable then
+      config.services.phpfpm.pools.nextcloud.user
+    else
+      "filebrowser";
+
+  dataDir = "/var/lib/filebrowser";
+
+  settings = {
+    port = 8020;
+    baseURL = "";
+    address = "";
+    log = "stdout";
+    database = "${dataDir}/filebrowser.db";
+    root = "";
+    "auth.method" = "json";
+    username = config.user;
+    # Generate password: htpasswd -nBC 10 "" | tr -d ':\n'
+    password = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za";
+  };
+
+in
+{
+
+  options.filebrowser.enable = lib.mkEnableOption "Use Filebrowser.";
+
+  config = lib.mkIf config.filebrowser.enable {
+
+    environment.etc."filebrowser/.filebrowser.json".text = builtins.toJSON settings;
+
+    systemd.services.filebrowser = lib.mkIf config.filebrowser.enable {
+      description = "Filebrowser cloud file services";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      startLimitIntervalSec = 14400;
+      startLimitBurst = 10;
+      serviceConfig = {
+        ExecStart = "${pkgs.filebrowser}/bin/filebrowser";
+        DynamicUser = !config.services.nextcloud.enable; # Unique user if not using Nextcloud
+        User = user;
+        Group = user;
+        ReadWritePaths = [ dataDir ];
+        StateDirectory = [ "filebrowser" ];
+        Restart = "on-failure";
+        RestartPreventExitStatus = 1;
+        RestartSec = "5s";
+      };
+    };
+
+    caddy.routes = [
+      {
+        match = [ { host = [ config.hostnames.files ]; } ];
+        handle = [
+          {
+            handler = "reverse_proxy";
+            upstreams = [ { dial = "localhost:${builtins.toString settings.port}"; } ];
+          }
+        ];
+      }
+    ];
+
+    # Configure Cloudflare DNS to point to this machine
+    services.cloudflare-dyndns.domains = [ config.hostnames.files ];
+
+  };
+
+}

modules/nixos/services/ntfy.nix

@@ -0,0 +1,33 @@
+{ config, lib, ... }:
+
+{
+
+  config = lib.mkIf config.services.ntfy-sh.enable {
+    services.ntfy-sh = {
+      settings = rec {
+        base-url = "https://${config.hostnames.notifications}";
+        upstream-base-url = "https://ntfy.sh";
+        listen-http = ":8333";
+        behind-proxy = true;
+        auth-default-access = "deny-all";
+        auth-file = "/var/lib/ntfy-sh/user.db";
+      };
+    };
+
+    caddy.routes = [
+      {
+        match = [ { host = [ config.hostnames.notifications ]; } ];
+        handle = [
+          {
+            handler = "reverse_proxy";
+            upstreams = [ { dial = "localhost${config.services.ntfy-sh.settings.listen-http}"; } ];
+          }
+        ];
+      }
+    ];
+
+    # Configure Cloudflare DNS to point to this machine
+    services.cloudflare-dyndns.domains = [ config.hostnames.notifications ];
+
+  };
+}