diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix
index c763107..117ca6b 100644
--- a/modules/nixos/bundles/server.nix
+++ b/modules/nixos/bundles/server.nix
@@ -17,12 +17,13 @@ in
     paperless.enable = true;
     prowlarr.enable = true;
     radarr.enable = true;
+    radicale.enable = true;
     sonarr.enable = true;
     qbittorrent.enable = true;
     vaultwarden.enable = true;
     vscode-server.enable = true;
 
-    users.groups.media = {};
+    users.groups.media = { };
   };
 
   imports = [ ];
diff --git a/modules/nixos/features/radicale.nix b/modules/nixos/features/radicale.nix
new file mode 100644
index 0000000..34ff35f
--- /dev/null
+++ b/modules/nixos/features/radicale.nix
@@ -0,0 +1,50 @@
+{ config, lib, ... }:
+let
+  feature = "radicale";
+  port = "5003";
+in
+{
+  config = lib.mkIf config.${feature}.enable {
+    services = {
+      # service
+      radicale = {
+        enable = true;
+        settings = {
+          server = {
+            hosts = [
+              "0.0.0.0:${port}"
+              "[::]:${port}"
+            ];
+          };
+          auth = {
+            type = "htpasswd";
+            htpasswd_filename = config.age.secrets."radicale".path;
+            htpasswd_encryption = "plain";
+          };
+          storage = {
+            filesystem_folder = "/srv/radicale";
+          };
+        };
+      };
+
+      # reverse proxy
+      nginx = {
+        virtualHosts."${feature}.fi33.buzz" = {
+          forceSSL = true;
+          useACMEHost = "fi33.buzz";
+          locations."/" = {
+            proxyPass = "http://localhost:${port}";
+            # proxyWebsockets = true;
+          };
+        };
+      };
+    };
+
+    age.secrets."radicale" = {
+      file = ../../../secrets/radicale.age;
+      owner = "radicale";
+    };
+  };
+
+  options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
+}
diff --git a/secrets/radicale.age b/secrets/radicale.age
new file mode 100644
index 0000000..e2011d3
Binary files /dev/null and b/secrets/radicale.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 923dc1f..a0f4184 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -21,6 +21,7 @@ in
   "porkbun-api.age".publicKeys = users;
   "prowlarr.age".publicKeys = users;
   "radarr.age".publicKeys = users;
+  "radicale.age".publicKeys = users;
   "sonarr.age".publicKeys = users;
   "vaultwarden-admin.age".publicKeys = users;
 }