nixos/modules/radicale.nix

{ config, pkgs, lib, ... }:

let
  internalPort = 5232;

  radicale_infcloud = pkgs.python3.pkgs.radicale_infcloud.overrideAttrs (old: {
    src = pkgs.fetchFromGitHub {
      owner = "Unrud";
      repo = "RadicaleInfCloud";
      rev = "40f88a5dc0003120d62533ea635f0d94d77f1aca";
      sha256 = "h6t8LlXAWErVlVq88fGFGrVEvZeJ7HJsr61/fiKRIGY=";
    };
    # Remove depend on radicale to fix infinite recursion
    # and set some of my own settings
    patches = (old.patches or [ ]) ++ [ ../patches/radicale_infcloud.patch ];
  });

  overlay = self: super: {
    radicale = super.radicale.overrideAttrs (old: {
      propagatedBuildInputs = old.propagatedBuildInputs
        ++ [ radicale_infcloud ];
    });
  };

  htpasswd_filename = "/etc/radicale/users";

in {
  nixpkgs.overlays = [ overlay ];

  services.radicale = {
    enable = true;
    settings = {
      server = {
        hosts = [ "[::1]:${builtins.toString internalPort}" ];
        max_connections = 8;
        max_content_length = 100000000;
        timeout = 30;
      };
      auth = {
        inherit htpasswd_filename;
        type = "htpasswd";
        htpasswd_encryption = "bcrypt";
        delay = 1;
      };
      encoding = {
        request = "utf-8";
        stock = "utf-8";
      };
      storage = { filesystem_folder = "/var/lib/radicale/collections"; };
      web = { type = "radicale_infcloud"; };
      logging = { mask_passwords = true; };
    };
  };

  services.nginx.virtualHosts."cal.tammena.rocks" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://[::1]:${builtins.toString internalPort}";
      #proxyWebsockets = true; # needed if you need to use WebSocket
      #extraConfig =
      # required when the target is also TLS server with multiple hosts
      #"proxy_ssl_server_name on;" +
      # required when the server wants to use HTTP Authentication
      #"proxy_pass_header Authorization;";
    };
  };

  environment.systemPackages = [
    # Add a script to easily add users
    (pkgs.writeScriptBin "radicale-set-user" ''
      #!${pkgs.stdenv.shell}
      mkdir -p $(dirname "${htpasswd_filename}")
      ${pkgs.apacheHttpd}/bin/htpasswd -Bc "${htpasswd_filename}" $1
    '')
  ];
}
[achatina-fulica] Setup Infcloud for Radicale 2021-12-16 17:29:40 +01:00			`{ config, pkgs, lib, ... }:`
Configure radicale 2021-06-10 20:56:40 +02:00
			`let`
			`internalPort = 5232;`

[achatina-fulica] Setup Infcloud for Radicale 2021-12-16 17:29:40 +01:00			`radicale_infcloud = pkgs.python3.pkgs.radicale_infcloud.overrideAttrs (old: {`
			`src = pkgs.fetchFromGitHub {`
			`owner = "Unrud";`
			`repo = "RadicaleInfCloud";`
			`rev = "40f88a5dc0003120d62533ea635f0d94d77f1aca";`
			`sha256 = "h6t8LlXAWErVlVq88fGFGrVEvZeJ7HJsr61/fiKRIGY=";`
			`};`
			`# Remove depend on radicale to fix infinite recursion`
			`# and set some of my own settings`
			`patches = (old.patches or [ ]) ++ [ ../patches/radicale_infcloud.patch ];`
			`});`

			`overlay = self: super: {`
			`radicale = super.radicale.overrideAttrs (old: {`
Fix radicale infcloud?? 2021-06-10 22:48:43 +02:00			`propagatedBuildInputs = old.propagatedBuildInputs`
[achatina-fulica] Setup Infcloud for Radicale 2021-12-16 17:29:40 +01:00			`++ [ radicale_infcloud ];`
Fix radicale infcloud???? 2021-06-10 23:01:24 +02:00			`});`
Configure radicale 2021-06-10 20:56:40 +02:00			`};`

Add radicale user script 2021-11-03 14:50:37 +01:00			`htpasswd_filename = "/etc/radicale/users";`

Configure radicale 2021-06-10 20:56:40 +02:00			`in {`
[achatina-fulica] Setup Infcloud for Radicale 2021-12-16 17:29:40 +01:00			`nixpkgs.overlays = [ overlay ];`
Configure radicale 2021-06-10 20:56:40 +02:00
			`services.radicale = {`
			`enable = true;`
			`settings = {`
Fix radicale, format 2021-06-10 21:34:27 +02:00			`server = {`
Configure radicale 2021-06-10 20:56:40 +02:00			`hosts = [ "[::1]:${builtins.toString internalPort}" ];`
			`max_connections = 8;`
			`max_content_length = 100000000;`
			`timeout = 30;`
			`};`
			`auth = {`
Add radicale user script 2021-11-03 14:50:37 +01:00			`inherit htpasswd_filename;`
Configure radicale 2021-06-10 20:56:40 +02:00			`type = "htpasswd";`
			`htpasswd_encryption = "bcrypt";`
			`delay = 1;`
			`};`
			`encoding = {`
			`request = "utf-8";`
			`stock = "utf-8";`
			`};`
Fix radicale, format 2021-06-10 21:34:27 +02:00			`storage = { filesystem_folder = "/var/lib/radicale/collections"; };`
[achatina-fulica] Setup Infcloud for Radicale 2021-12-16 17:29:40 +01:00			`web = { type = "radicale_infcloud"; };`
Fix radicale, format 2021-06-10 21:34:27 +02:00			`logging = { mask_passwords = true; };`
Configure radicale 2021-06-10 20:56:40 +02:00			`};`
			`};`

Finalize DNS and interface for radicale 2021-06-10 22:15:14 +02:00			`services.nginx.virtualHosts."cal.tammena.rocks" = {`
Configure radicale 2021-06-10 20:56:40 +02:00			`enableACME = true;`
			`forceSSL = true;`
			`locations."/" = {`
Drop SSL for internal communication 2021-06-10 21:45:05 +02:00			`proxyPass = "http://[::1]:${builtins.toString internalPort}";`
Configure radicale 2021-06-10 20:56:40 +02:00			`#proxyWebsockets = true; # needed if you need to use WebSocket`
			`#extraConfig =`
Fix radicale, format 2021-06-10 21:34:27 +02:00			`# required when the target is also TLS server with multiple hosts`
			`#"proxy_ssl_server_name on;" +`
			`# required when the server wants to use HTTP Authentication`
			`#"proxy_pass_header Authorization;";`
Configure radicale 2021-06-10 20:56:40 +02:00			`};`
			`};`
Add radicale user script 2021-11-03 14:50:37 +01:00
			`environment.systemPackages = [`
			`# Add a script to easily add users`
			`(pkgs.writeScriptBin "radicale-set-user" ''`
			`#!${pkgs.stdenv.shell}`
			`mkdir -p $(dirname "${htpasswd_filename}")`
			`${pkgs.apacheHttpd}/bin/htpasswd -Bc "${htpasswd_filename}" $1`
			`'')`
			`];`
Configure radicale 2021-06-10 20:56:40 +02:00			`}`