F-Droid native
Speaks the standard index-v1.jar and index-v2.json protocol. Any F-Droid client just adds your URL and works.
A drop-in F-Droid index server with a modern admin panel,
a client area, per-app deploy tokens for CI, and multi-forge auto-ingest.
Speaks the standard index-v1.jar + index-v2.json protocol —
so any F-Droid client just works.
# 1. clone, configure secrets, boot git clone https://github.com/Dim145/fdroid-store cd fdroid-store cp .env.example .env # set SECRET_KEY + INITIAL_ADMIN_PASSWORD docker compose up -d
Speaks the standard index-v1.jar and index-v2.json protocol. Any F-Droid client just adds your URL and works.
Apps marked private ship in a separate index, gated by Basic-auth API key — supported natively by the Android F-Droid app.
Mint per-app fdci_… tokens that can only push APKs. Hand one to GitHub Actions, GitLab CI, Jenkins — leak blast radius bounded.
Attach a GitHub, GitLab, or Gitea/Forgejo repository (self-hosted included) — the worker fetches new releases on a cron.
github · gitlab · giteaLocal password (argon2), OIDC via Authlib (Keycloak, Authentik, Google…), TOTP second factor, and full WebAuthn passwordless sign-in with admin-enforceable per-role policy.
argon2 · oidc · totp · webauthnSwitch backend with one env var. APKs land in any S3-compatible store: MinIO, Wasabi, Backblaze, AWS. Or stay on local disk.
storage backendTwo opt-in compose profiles: ClamAV streams uploads through clamd, Trivy extracts a CycloneDX SBOM and runs per-APK CVE lookup. Both gated by admin runtime toggles.
--profile clamav · trivyRepo-wide default + admin per-app override (tighten-only). FIFO eviction by versionCode, never touches the suggested version.
Generate or import your repo signing keystore from the UI on first run. No keytool incantations.
Every privileged action lands in an audit log. arq job history surfaces failures. ClamAV results, sessions, invites — all at one URL.
/adminSSRF guards on forge fetches, slowapi rate limits, CSP/HSTS at nginx, read-only containers, all caps dropped, advisory-lock bootstrap.
defense in depthThe whole UI ships English & French out of the box, with per-user locale persistence and a clean i18next surface for more.
i18nextPer-APK verification flag with auto-decide from a reference SHA-256 or a fetched verification.f-droid.org JSON. SSRF-guarded fetch. Owner-editable, public badge.
Selective async backups (DB, keystore, assets, APKs) produced by the worker, AES-256 + HMAC encrypted with a passphrase-derived key. Drop-in restore of any subset.
aes-256-cbc · hmac-sha256Download a binary-only F-Droid metadata.yml for any app the user can manage. Drops straight into an fdroiddata fork; round-trips with the New-App YAML importer.
Public-or-admin /stats rendered as an editorial almanac (Fraunces serif hero, SVG area chart, ranked leaderboard). Per-app Atom feed at /feed/apps/{pkg}.
Plug external services that scrape F-Droid mirrors, Patreon, or your own artefact registry. The protocol is six HTTP endpoints; the proxy author owns the legal & ToS burden, you only run what you want.
v1 protocol · opt-in proxiesEnvironment variables, storage backends, OIDC, ClamAV opt-in, reverse-proxy notes, first boot.
for operators → DOC · 02Setup wizard, moderating uploads, users + invites, repo settings, retention cap, audit log, jobs.
for admins → DOC · 03Sign up, enable TOTP, create apps, upload APKs, manage collaborators, retention overrides.
for maintainers → DOC · 04Point F-Droid clients at your repo, publish from CI, wire up forge auto-ingest.
for ci & clients →3.13, FastAPI, SQLAlchemy 2 async, Alembic, asyncpg, PyJWT, pwdlib (argon2 + bcrypt-legacy), Authlib, slowapi, pyotp, Fernet.arq on Redis 7. Reindex, daily ClamAV rescan, forge polling, per-app source scans.X-Accel-Redirect for private APK delivery + CSP/HSTS headers.One command brings the whole stack up. Add --profile clamav to enable on-upload scanning.
$ docker compose up -d · $ docker compose --profile clamav up -d