File Browser Quantum
Web-based file manager with OIDC authentication, full-text search, and direct access to all homelab storage via Proxmox bind-mounts.
Overview
| LXC | 126 (apps-pool) |
| IP | 192.168.1.126 |
| URL | https://files.eva-00.network |
| Image | gtstef/filebrowser:beta |
| Port | 8080 (host) -> 80 (container) |
| Auth | PocketID OIDC |
| Vault path | secret/filebrowser |
| Playbook | ansible/playbooks/filebrowser.yml |
| Workflow | .forgejo/workflows/filebrowser.yml |
Architecture
File Browser Quantum runs in a privileged LXC with Proxmox bind-mounts to all four storage locations. The container runs as root (user: "0:0") to ensure read/write access across all mounts regardless of file ownership. No SMB is involved — the container accesses the underlying filesystems directly.
Storage Sources
| Source | Host path | Container path | Description |
|---|---|---|---|
| Unohana | /mnt/all-might |
/data/unohana -> /srv/unohana |
Media libraries (Grimmory, RomM, Shoko) |
| Urahara | /mnt/pve/urahara |
/data/urahara -> /srv/urahara |
App data (Karakeep, Paperless, Ollama) |
| Filedump | /mnt/filedump |
/data/filedump -> /srv/filedump |
General storage |
| Dlbox | /mnt/seedbox |
/data/dlbox -> /srv/dlbox |
Seedbox downloads |
Key Features
- SQLite-indexed search across all sources
- Video thumbnails via ffmpeg
- Office document preview in browser
- File sharing with expiry, passwords, download limits
- WebDAV access
- Dark mode by default
Deployment
Deployment is fully automated via Forgejo Actions:
git push -> .forgejo/workflows/filebrowser.yml -> create-lxc -> deploy
First Deploy
- The workflow creates LXC 126 with bind-mounts
- Installs Docker and deploys the container
- Config is templated with OIDC credentials from Vault
- Alloy monitoring agent is deployed alongside
Manual Redeploy
Trigger via Forgejo Actions workflow_dispatch or push changes to relevant paths.
Configuration
Vault Secrets (secret/filebrowser)
| Key | Description |
|---|---|
admin_password |
Initial admin password (holo account) |
pocketid_client_id |
PocketID OIDC client ID |
pocketid_client_secret |
PocketID OIDC client secret |
PocketID OIDC Client
- Client name: filebrowser
- Callback URL:
https://files.eva-00.network/api/auth/oidc/callback - Logout URL:
https://files.eva-00.network
Config File
The config is templated from services/filebrowser/config.yaml.j2 and deployed to /opt/filebrowser/data/config.yaml. Key settings:
- Password auth disabled (OIDC only)
- Admin username:
holo - Hidden files and macOS metadata (
.DS_Store,._*) filtered out - All four sources enabled by default for all users
File Layout on LXC
/opt/filebrowser/
docker-compose.yml
.env
data/
config.yaml # Templated from config.yaml.j2
database.db # SQLite (indexed search, users, shares)
/data/
unohana/ # Bind-mount from /mnt/all-might
urahara/ # Bind-mount from /mnt/pve/urahara
filedump/ # Bind-mount from /mnt/filedump
dlbox/ # Bind-mount from /mnt/seedbox
WebDAV (iOS Files App)
FileBrowser Quantum includes a built-in WebDAV server at /dav. This allows the iOS Files app to browse all four storage sources natively.
iOS Setup
- Open the Files app on iOS
- Tap Browse > ... (top-right) > Connect to Server
- Enter:
https://files.eva-00.network/dav - Authenticate with your PocketID credentials (holo)
All four sources (Unohana, Urahara, Filedump, Dlbox) appear as folders.
Notes
- WebDAV goes through Caddy (HTTPS) — works on and off the LAN (via NetBird VPN)
- For media playback (Infuse on iOS/tvOS), use NFS instead — it's faster and Infuse supports it natively. See Storage Setup
- WebDAV is best for general file browsing, uploads, and document access on mobile