nixos/system/modules/radicale.nix

{ config, pkgs, ... }:

let
  internalPort = 5232;

  radicaleOverlay = self: super: with pkgs.python39Packages;
  {
    radicale = super.radicale.override {
      inherit bcrypt radicale_infcloud;
    };
  };

in {

  nixpkgs.overlays = [ radicaleOverlay ];

  services.radicale = {
    enable = true;
    settings = {
      server = { 
        hosts = [ "[::1]:${builtins.toString internalPort}" ];
        max_connections = 8;
        max_content_length = 100000000;
        timeout = 30;
      };
      auth = {
        type = "htpasswd";
        htpasswd_filename = "/etc/radicale/users";
        htpasswd_encryption = "bcrypt";
        delay = 1;
      };
      encoding = {
        request = "utf-8";
        stock = "utf-8";
      };
      storage = { 
        filesystem_folder = "/var/lib/radicale/collections";
      };
      web = {
        type = "internal";
      };
      logging = {
        mask_passwords = true;
      };
    };
  };

  services.nginx.virtualHosts."new.cal.tammena.rocks" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "https://[::1]:${builtins.toString internalPort}";
      #proxyWebsockets = true; # needed if you need to use WebSocket
      #extraConfig =
        # required when the target is also TLS server with multiple hosts
        #"proxy_ssl_server_name on;" +
        # required when the server wants to use HTTP Authentication
        #"proxy_pass_header Authorization;";
    };
  };
}
Configure radicale 2021-06-10 20:56:40 +02:00			`{ config, pkgs, ... }:`

			`let`
			`internalPort = 5232;`

			`radicaleOverlay = self: super: with pkgs.python39Packages;`
			`{`
			`radicale = super.radicale.override {`
			`inherit bcrypt radicale_infcloud;`
			`};`
			`};`

			`in {`

			`nixpkgs.overlays = [ radicaleOverlay ];`

			`services.radicale = {`
			`enable = true;`
			`settings = {`
			`server = {`
			`hosts = [ "[::1]:${builtins.toString internalPort}" ];`
			`max_connections = 8;`
			`max_content_length = 100000000;`
			`timeout = 30;`
			`};`
			`auth = {`
			`type = "htpasswd";`
			`htpasswd_filename = "/etc/radicale/users";`
			`htpasswd_encryption = "bcrypt";`
			`delay = 1;`
			`};`
			`encoding = {`
			`request = "utf-8";`
			`stock = "utf-8";`
			`};`
			`storage = {`
			`filesystem_folder = "/var/lib/radicale/collections";`
			`};`
			`web = {`
			`type = "internal";`
			`};`
			`logging = {`
			`mask_passwords = true;`
			`};`
			`};`
			`};`

			`services.nginx.virtualHosts."new.cal.tammena.rocks" = {`
			`enableACME = true;`
			`forceSSL = true;`
			`locations."/" = {`
			`proxyPass = "https://[::1]:${builtins.toString internalPort}";`
			`#proxyWebsockets = true; # needed if you need to use WebSocket`
			`#extraConfig =`
			`# required when the target is also TLS server with multiple hosts`
			`#"proxy_ssl_server_name on;" +`
			`# required when the server wants to use HTTP Authentication`
			`#"proxy_pass_header Authorization;";`
			`};`
			`};`
			`}`