68 lines
1.8 KiB
Nix
68 lines
1.8 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
let
|
|
internalPort = 5232;
|
|
|
|
radicaleOverlay = self: super: {
|
|
radicaleWithInfcloud = super.radicale.overrideAttrs (old: {
|
|
propagatedBuildInputs = old.propagatedBuildInputs
|
|
++ [ pkgs.python3Packages.radicale_infcloud ];
|
|
});
|
|
};
|
|
|
|
htpasswd_filename = "/etc/radicale/users";
|
|
|
|
in {
|
|
|
|
nixpkgs.overlays = [ radicaleOverlay ];
|
|
|
|
services.radicale = {
|
|
enable = true;
|
|
package = pkgs.radicaleWithInfcloud;
|
|
settings = {
|
|
server = {
|
|
hosts = [ "[::1]:${builtins.toString internalPort}" ];
|
|
max_connections = 8;
|
|
max_content_length = 100000000;
|
|
timeout = 30;
|
|
};
|
|
auth = {
|
|
inherit htpasswd_filename;
|
|
type = "htpasswd";
|
|
htpasswd_encryption = "bcrypt";
|
|
delay = 1;
|
|
};
|
|
encoding = {
|
|
request = "utf-8";
|
|
stock = "utf-8";
|
|
};
|
|
storage = { filesystem_folder = "/var/lib/radicale/collections"; };
|
|
web = { type = "internal"; };
|
|
logging = { mask_passwords = true; };
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."cal.tammena.rocks" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/" = {
|
|
proxyPass = "http://[::1]:${builtins.toString internalPort}";
|
|
#proxyWebsockets = true; # needed if you need to use WebSocket
|
|
#extraConfig =
|
|
# required when the target is also TLS server with multiple hosts
|
|
#"proxy_ssl_server_name on;" +
|
|
# required when the server wants to use HTTP Authentication
|
|
#"proxy_pass_header Authorization;";
|
|
};
|
|
};
|
|
|
|
environment.systemPackages = [
|
|
# Add a script to easily add users
|
|
(pkgs.writeScriptBin "radicale-set-user" ''
|
|
#!${pkgs.stdenv.shell}
|
|
mkdir -p $(dirname "${htpasswd_filename}")
|
|
${pkgs.apacheHttpd}/bin/htpasswd -Bc "${htpasswd_filename}" $1
|
|
'')
|
|
];
|
|
}
|