From 83dd514fba4071abbecfbc5f04cd7ea33d14c473 Mon Sep 17 00:00:00 2001
From: Tim Keller <tjk@tjkeller.xyz>
Date: Sun, 14 Jun 2026 16:06:20 -0500
Subject: filebrowser container on poweredge with public and private ports

---
 hosts/poweredge/filebrowser.nix | 48 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 hosts/poweredge/filebrowser.nix

(limited to 'hosts/poweredge/filebrowser.nix')

diff --git a/hosts/poweredge/filebrowser.nix b/hosts/poweredge/filebrowser.nix
new file mode 100644
index 0000000..818b3df
--- /dev/null
+++ b/hosts/poweredge/filebrowser.nix
@@ -0,0 +1,48 @@
+{
+	containers.filebrowser = {
+		autoStart = true;
+		privateNetwork = true;
+		hostBridge = "br-lan0";
+		localMacAddress = "02:00:00:00:00:05";
+
+		# Host path
+		bindMounts = {
+			"/var/lib/filebrowser/data" = {
+				hostPath = "/media";
+				isReadOnly = true;
+			};
+		};
+
+		config = { lib, pkg, config, ... }: let
+			publicPort = 9000;
+		in {
+			# Network
+			networking.interfaces.eth0.useDHCP = true;
+			networking.firewall.allowedTCPPorts = [ 80 publicPort ];  # Caddy (private + public)
+
+			# Filebrowser
+			services.filebrowser.enable = true;
+
+			# Reverse proxy
+			services.caddy = {
+				enable = true;
+				# Private
+				virtualHosts.":80".extraConfig = ''
+					reverse_proxy localhost:8080
+				'';
+				# Public (not sure why toString is needed but ok)
+				virtualHosts.":${toString publicPort}".extraConfig = ''
+					@shared {
+						path /share/*
+						path /static/*
+						path /api/public/*
+					}
+
+					reverse_proxy @shared localhost:8080
+				'';
+			};
+
+			system.stateVersion = "26.05";
+		};
+	};
+}
-- 
cgit v1.2.3