sid/synix
1
0
Fork 0
Code Issues 7 Pull requests 1 Projects Activity Actions
synix/modules/nixos/radicale/default.nix
sid 95a533c876
All checks were successful
Deploy docs / build-and-deploy (push) Successful in 3s
Details
initial commit
2026-02-23 20:34:35 +01:00

116 lines
2.9 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.radicale;
domain = config.networking.domain;
subdomain = cfg.reverseProxy.subdomain;
fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain;
port = 5232;
inherit (lib)
concatLines
mkDefault
mkIf
mkOption
types
;
inherit (lib.utils)
mkReverseProxyOption
;
in
{
options.services.radicale = {
users = mkOption {
type = types.listOf types.str;
default = [ ];
example = [
"alice"
"bob"
];
description = "List of users for Radicale. Each user must have a corresponding entry in the SOPS file under 'radicale/<user>'";
};
reverseProxy = mkReverseProxyOption "Radicale" "dav";
};
config = mkIf cfg.enable {
services.radicale = {
settings = {
server = {
hosts = [
"${if cfg.reverseProxy.enable then "127.0.0.1" else "0.0.0.0"}:${builtins.toString port}"
];
max_connections = mkDefault 20;
max_content_length = mkDefault 500000000;
timeout = mkDefault 30;
};
auth = {
type = "htpasswd";
delay = mkDefault 1;
htpasswd_filename = config.sops.templates."radicale/users".path;
htpasswd_encryption = mkDefault "sha512";
};
storage = {
filesystem_folder = mkDefault "/var/lib/radicale/collections";
};
};
};
services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable {
"${fqdn}" = {
forceSSL = cfg.reverseProxy.forceSSL;
enableACME = cfg.reverseProxy.forceSSL;
locations = {
"/" = {
proxyPass = "http://localhost:${builtins.toString port}/";
extraConfig = ''
proxy_set_header X-Script-Name /;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Authorization;
'';
};
"/.well-known/caldav" = {
return = "301 $scheme://$host/";
};
"/.well-known/carddav" = {
return = "301 $scheme://$host/";
};
};
};
};
environment.systemPackages = [
pkgs.openssl
];
sops =
let
owner = "radicale";
group = "radicale";
mode = "0440";
mkSecrets =
users:
builtins.listToAttrs (
map (user: {
name = "radicale/${user}";
value = { inherit owner group mode; };
}) users
);
mkTemplate = users: {
inherit owner group mode;
content = concatLines (map (user: "${user}:${config.sops.placeholder."radicale/${user}"}") users);
};
in
{
secrets = mkSecrets cfg.users;
templates."radicale/users" = mkTemplate cfg.users;
};
};
}
Reference in a new issue View git blame Copy permalink