From e8fb465e8c69a426572ba2cf2a41652e64ffaa1e Mon Sep 17 00:00:00 2001
From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com>
Date: Tue, 5 Aug 2025 12:12:19 +1000
Subject: [PATCH] install radicale

---
 modules/nixos/bundles/server.nix    |   3 +-
 modules/nixos/features/radicale.nix |  50 ++++++++++++++++++++++++++++
 secrets/radicale.age                | Bin 0 -> 382 bytes
 secrets/secrets.nix                 |   1 +
 4 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 modules/nixos/features/radicale.nix
 create mode 100644 secrets/radicale.age

diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix
index c763107..117ca6b 100644
--- a/modules/nixos/bundles/server.nix
+++ b/modules/nixos/bundles/server.nix
@@ -17,12 +17,13 @@ in
     paperless.enable = true;
     prowlarr.enable = true;
     radarr.enable = true;
+    radicale.enable = true;
     sonarr.enable = true;
     qbittorrent.enable = true;
     vaultwarden.enable = true;
     vscode-server.enable = true;
 
-    users.groups.media = {};
+    users.groups.media = { };
   };
 
   imports = [ ];
diff --git a/modules/nixos/features/radicale.nix b/modules/nixos/features/radicale.nix
new file mode 100644
index 0000000..34ff35f
--- /dev/null
+++ b/modules/nixos/features/radicale.nix
@@ -0,0 +1,50 @@
+{ config, lib, ... }:
+let
+  feature = "radicale";
+  port = "5003";
+in
+{
+  config = lib.mkIf config.${feature}.enable {
+    services = {
+      # service
+      radicale = {
+        enable = true;
+        settings = {
+          server = {
+            hosts = [
+              "0.0.0.0:${port}"
+              "[::]:${port}"
+            ];
+          };
+          auth = {
+            type = "htpasswd";
+            htpasswd_filename = config.age.secrets."radicale".path;
+            htpasswd_encryption = "plain";
+          };
+          storage = {
+            filesystem_folder = "/srv/radicale";
+          };
+        };
+      };
+
+      # reverse proxy
+      nginx = {
+        virtualHosts."${feature}.fi33.buzz" = {
+          forceSSL = true;
+          useACMEHost = "fi33.buzz";
+          locations."/" = {
+            proxyPass = "http://localhost:${port}";
+            # proxyWebsockets = true;
+          };
+        };
+      };
+    };
+
+    age.secrets."radicale" = {
+      file = ../../../secrets/radicale.age;
+      owner = "radicale";
+    };
+  };
+
+  options.${feature}.enable = lib.mkEnableOption "enables ${feature}";
+}
diff --git a/secrets/radicale.age b/secrets/radicale.age
new file mode 100644
index 0000000000000000000000000000000000000000..e2011d39fe544094b4152902515abca26e5fb7ab
GIT binary patch
literal 382
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlDe<<f3{-HAN-<21
zNH6wIsnU)t3wJciP0`LS_4hL=$;kBfEJ%(BD@hN?Ds&5UapX!g)lLmE%nGXTj7+U`
zH#BmtNX$>oF|$kyFSqo}Gj`4i&UQ_Th|DWVGC{Yk&?iLOB~Za2B{4M5D>BkCJ2%iH
z$|*D;+qlZjCo|JH(j+@6tsu}Z*v!4c!#~u!%8@Iv+|em3I561DDKso8DBCwXBgDWz
z&BZ%1#l0vf(%jcGvMkcsGsxZ3!<S1}S63mRD5x+!$;nMSrKGsrEH}+O*gq+!!ZO&f
zGAF#EBBeaa)XUYlFvvN`(2>jgtjBACcX_kgRvf4}bKdOq_NP}Ef_)F(UuhGVl2O@q
zb$#8TnU}?KwYh!UZKAl8T6Q$FsIvzx(l>bNv)HW3LO@WKuUYH+xlc<Ye-(BJwK3kG
Pn(<(F1jCM)7fg}>R~U$i

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 923dc1f..a0f4184 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -21,6 +21,7 @@ in
   "porkbun-api.age".publicKeys = users;
   "prowlarr.age".publicKeys = users;
   "radarr.age".publicKeys = users;
+  "radicale.age".publicKeys = users;
   "sonarr.age".publicKeys = users;
   "vaultwarden-admin.age".publicKeys = users;
 }