{
	containers.filebrowser = {
		autoStart = true;
		privateNetwork = true;
		hostBridge = "br-lan0";
		localMacAddress = "02:00:00:00:00:05";

		# Host path
		bindMounts = {
			"/var/lib/filebrowser/data" = {
				hostPath = "/media";
				isReadOnly = true;
			};
		};

		config = { lib, pkg, config, ... }: let
			publicPort = 9000;
		in {
			# Network
			networking.interfaces.eth0.useDHCP = true;
			networking.firewall.allowedTCPPorts = [ 80 publicPort ];  # Caddy (private + public)

			# Filebrowser
			services.filebrowser.enable = true;

			# Reverse proxy
			services.caddy = {
				enable = true;
				# Private
				virtualHosts.":80".extraConfig = ''
					reverse_proxy localhost:8080
				'';
				# Public (not sure why toString is needed but ok)
				virtualHosts.":${toString publicPort}".extraConfig = ''
					@shared {
						path /share/*
						path /static/*
						path /api/public/*
					}

					reverse_proxy @shared localhost:8080
				'';
			};

			system.stateVersion = "26.05";
		};
	};
}