From ea0b2ebbfdf28bde1a553307a94e185f27eb7c26 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 10 Dec 2025 19:47:06 +1100 Subject: [PATCH 1/5] feat: install radicale for caldav and carddav support --- modules/nixos/bundles/server.nix | 1 + modules/nixos/features/homepage-dashboard.nix | 7 ++++ modules/nixos/features/radicale.nix | 42 +++++++++++++++++++ 3 files changed, 50 insertions(+) create mode 100644 modules/nixos/features/radicale.nix diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 271c07b..08f3bb1 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -13,6 +13,7 @@ "jellyfin" "lidarr" "miniflux" + "radicale" "nginx" "ntfy-sh" "paperless" diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index f171efe..c1eb3d1 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -65,6 +65,13 @@ in "href" = "https://ntfy-sh.fi33.buzz/"; }; } + { + "Radicale" = { + "description" = "CalDAV/CardDAV service"; + "icon" = "radicale.svg"; + "href" = "https://radicale.fi33.buzz"; + }; + } { "Syncthing" = { "description" = "Decentralised file synchronisation"; diff --git a/modules/nixos/features/radicale.nix b/modules/nixos/features/radicale.nix new file mode 100644 index 0000000..1e0b722 --- /dev/null +++ b/modules/nixos/features/radicale.nix @@ -0,0 +1,42 @@ +{ + config, + ... +}: +let + port = "5003"; +in +{ + services = { + radicale = { + enable = true; + settings = { + server = { + hosts = [ + "0.0.0.0:${port}" + "[::]:${port}" + ]; + }; + auth = { + type = "htpasswd"; + htpasswd_filename = config.age.secrets.radicale.path; + htpasswd_encryption = "plain"; + }; + storage = { + filesystem_folder = "/srv/radicale"; + }; + }; + }; + + nginx.virtualHosts."radicale.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; + }; + }; + + # secrets + age.secrets."radicale" = { + file = ../../../secrets/radicale.age; + owner = "radicale"; + }; +} -- 2.53.0 From 63774a34f5fd7e21a7cd6ab191e85c018b977f8c Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 10 Dec 2025 19:48:32 +1100 Subject: [PATCH 2/5] fix: options have been renamed in latest release --- hosts/server/configuration.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index 8854a0d..6d595e5 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -27,9 +27,7 @@ # hardened openssh services.openssh = { - passwordAuthentication = false; - allowSFTP = false; - challengeResponseAuthentication = false; + allowSFTP = false; extraConfig = '' AllowTcpForwarding yes X11Forwarding no @@ -37,6 +35,10 @@ AllowStreamLocalForwarding no AuthenticationMethods publickey ''; + settings = { + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; + }; }; system.stateVersion = "24.11"; -- 2.53.0 From b834611bcb14ffaa16b87838248d1eb9f254090c Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 10 Dec 2025 19:47:06 +1100 Subject: [PATCH 3/5] feat: install radicale for caldav and carddav support --- modules/nixos/bundles/server.nix | 1 + modules/nixos/features/homepage-dashboard.nix | 7 ++++ modules/nixos/features/radicale.nix | 42 +++++++++++++++++++ 3 files changed, 50 insertions(+) create mode 100644 modules/nixos/features/radicale.nix diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 271c07b..8e0841f 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -19,6 +19,7 @@ "prowlarr" "qbittorrent" "radarr" + "radicale" "sonarr" "syncthing" "vaultwarden" diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index f171efe..c1eb3d1 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -65,6 +65,13 @@ in "href" = "https://ntfy-sh.fi33.buzz/"; }; } + { + "Radicale" = { + "description" = "CalDAV/CardDAV service"; + "icon" = "radicale.svg"; + "href" = "https://radicale.fi33.buzz"; + }; + } { "Syncthing" = { "description" = "Decentralised file synchronisation"; diff --git a/modules/nixos/features/radicale.nix b/modules/nixos/features/radicale.nix new file mode 100644 index 0000000..1e0b722 --- /dev/null +++ b/modules/nixos/features/radicale.nix @@ -0,0 +1,42 @@ +{ + config, + ... +}: +let + port = "5003"; +in +{ + services = { + radicale = { + enable = true; + settings = { + server = { + hosts = [ + "0.0.0.0:${port}" + "[::]:${port}" + ]; + }; + auth = { + type = "htpasswd"; + htpasswd_filename = config.age.secrets.radicale.path; + htpasswd_encryption = "plain"; + }; + storage = { + filesystem_folder = "/srv/radicale"; + }; + }; + }; + + nginx.virtualHosts."radicale.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; + }; + }; + + # secrets + age.secrets."radicale" = { + file = ../../../secrets/radicale.age; + owner = "radicale"; + }; +} -- 2.53.0 From d3868b69c4f194934480c198b8661d392ce40907 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 10 Dec 2025 19:48:32 +1100 Subject: [PATCH 4/5] fix: options have been renamed in latest release --- hosts/server/configuration.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index 8854a0d..6d595e5 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -27,9 +27,7 @@ # hardened openssh services.openssh = { - passwordAuthentication = false; - allowSFTP = false; - challengeResponseAuthentication = false; + allowSFTP = false; extraConfig = '' AllowTcpForwarding yes X11Forwarding no @@ -37,6 +35,10 @@ AllowStreamLocalForwarding no AuthenticationMethods publickey ''; + settings = { + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; + }; }; system.stateVersion = "24.11"; -- 2.53.0 From bf13c50f4cc8cc13fad77e41eabf75ee68648a61 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Mon, 15 Dec 2025 19:54:03 +1100 Subject: [PATCH 5/5] feat: install karakeep --- modules/nixos/bundles/server.nix | 1 + modules/nixos/features/karakeep.nix | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 modules/nixos/features/karakeep.nix diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 8e0841f..fae672d 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -11,6 +11,7 @@ "homepage-dashboard" "immich" "jellyfin" + "karakeep" "lidarr" "miniflux" "nginx" diff --git a/modules/nixos/features/karakeep.nix b/modules/nixos/features/karakeep.nix new file mode 100644 index 0000000..c113f66 --- /dev/null +++ b/modules/nixos/features/karakeep.nix @@ -0,0 +1,20 @@ +let + port = "5014"; +in +{ + services = { + karakeep = { + enable = true; + extraEnvironment = { + PORT = port; + DISABLE_NEW_RELEASE_CHECK = "true"; + }; + }; + + nginx.virtualHosts."karakeep.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; + }; + }; +} -- 2.53.0