v1.4.5 · self-hosted · Apache-licensed APKs welcome

Run your own
F-Droid repo.

A drop-in F-Droid index server with a modern admin panel, a client area, per-app deploy tokens for CI, and multi-forge auto-ingest. Speaks the standard index-v1.jar + index-v2.json protocol — so any F-Droid client just works.

~/fdroid-store bash
# 1. clone, configure secrets, boot
git clone https://github.com/Dim145/fdroid-store
cd fdroid-store
cp .env.example .env  # set SECRET_KEY + INITIAL_ADMIN_PASSWORD
docker compose up -d
01 / what's in the box

Built for self-hosting.

16 features · zero plugins
01

F-Droid native

Speaks the standard index-v1.jar and index-v2.json protocol. Any F-Droid client just adds your URL and works.

protocol · v1 + v2
02

Public & private repo

Apps marked private ship in a separate index, gated by Basic-auth API key — supported natively by the Android F-Droid app.

hybrid access
03

CI deploy tokens

Mint per-app fdci_… tokens that can only push APKs. Hand one to GitHub Actions, GitLab CI, Jenkins — leak blast radius bounded.

upload-only
04

Multi-forge auto-ingest

Attach a GitHub, GitLab, or Gitea/Forgejo repository (self-hosted included) — the worker fetches new releases on a cron.

github · gitlab · gitea
05

Passkeys, OIDC & TOTP

Local password (argon2), OIDC via Authlib (Keycloak, Authentik, Google…), TOTP second factor, and full WebAuthn passwordless sign-in with admin-enforceable per-role policy.

argon2 · oidc · totp · webauthn
06

FS or S3 storage

Switch backend with one env var. APKs land in any S3-compatible store: MinIO, Wasabi, Backblaze, AWS. Or stay on local disk.

storage backend
07

ClamAV + Trivy scanning

Two opt-in compose profiles: ClamAV streams uploads through clamd, Trivy extracts a CycloneDX SBOM and runs per-APK CVE lookup. Both gated by admin runtime toggles.

--profile clamav · trivy
08

Retention cap

Repo-wide default + admin per-app override (tighten-only). FIFO eviction by versionCode, never touches the suggested version.

fifo eviction
09

Setup wizard

Generate or import your repo signing keystore from the UI on first run. No keytool incantations.

first-boot · p12 · jks
10

Audit + jobs UI

Every privileged action lands in an audit log. arq job history surfaces failures. ClamAV results, sessions, invites — all at one URL.

/admin
11

Hardened by default

SSRF guards on forge fetches, slowapi rate limits, CSP/HSTS at nginx, read-only containers, all caps dropped, advisory-lock bootstrap.

defense in depth
12

en + fr i18n

The whole UI ships English & French out of the box, with per-user locale persistence and a clean i18next surface for more.

i18next
13

Reproducible Builds

Per-APK verification flag with auto-decide from a reference SHA-256 or a fetched verification.f-droid.org JSON. SSRF-guarded fetch. Owner-editable, public badge.

verified · failed · unknown
14

Encrypted backup & restore

Selective async backups (DB, keystore, assets, APKs) produced by the worker, AES-256 + HMAC encrypted with a passphrase-derived key. Drop-in restore of any subset.

aes-256-cbc · hmac-sha256
15

YAML metadata export

Download a binary-only F-Droid metadata.yml for any app the user can manage. Drops straight into an fdroiddata fork; round-trips with the New-App YAML importer.

fdroiddata compatible
16

Stats spread & feeds

Public-or-admin /stats rendered as an editorial almanac (Fraunces serif hero, SVG area chart, ranked leaderboard). Per-app Atom feed at /feed/apps/{pkg}.

/stats · atom · rss
17

Source proxies

Plug external services that scrape F-Droid mirrors, Patreon, or your own artefact registry. The protocol is six HTTP endpoints; the proxy author owns the legal & ToS burden, you only run what you want.

v1 protocol · opt-in proxies
02 / documentation

Four guides. One repo.

pick where you start
03 / stack

What runs underneath.

docker compose
backend
Python 3.13, FastAPI, SQLAlchemy 2 async, Alembic, asyncpg, PyJWT, pwdlib (argon2 + bcrypt-legacy), Authlib, slowapi, pyotp, Fernet.
worker
arq on Redis 7. Reindex, daily ClamAV rescan, forge polling, per-app source scans.
f-droid tooling
androguard (manifest), apksigner (signing certificate), jarsigner / keytool (repo signing).
frontend
Next.js 16 App Router (static export), React 19, TypeScript, Tailwind 4, Radix UI, Zustand, i18next.
data
Postgres 16 · Redis 7 · object storage (local FS or any S3-compatible: MinIO, Wasabi, Backblaze, AWS).
edge
nginx — static SPA + reverse proxy + X-Accel-Redirect for private APK delivery + CSP/HSTS headers.
license
The platform is MIT. Apps you host keep their own licences.
RUN

One command brings the whole stack up. Add --profile clamav to enable on-upload scanning.

$ docker compose up -d  ·  $ docker compose --profile clamav up -d