1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
{ config, lib, pkgs, ... }:
{
dns.zones."ctu.cx".subdomains.dav.CNAME = [ "${config.networking.fqdn}." ];
age.secrets = {
restic-radicale.file = ./. + "/../../secrets/${config.networking.hostName}/restic/radicale.age";
radicale-users = {
file = ./. + "/../../secrets/${config.networking.hostName}/radicale-users.age";
owner = "radicale";
};
};
restic-backups.radicale = {
user = "radicale";
passwordFile = config.age.secrets.restic-radicale.path;
paths = [ "/var/lib/radicale" ];
};
systemd.services.radicale.onFailure = [ "email-notify@%i.service" ];
services = {
radicale = {
enable = true;
settings = {
server.hosts = [ "[::1]:5232" ];
web.type = "internal";
storage.filesystem_folder = "/var/lib/radicale/collections";
headers.Access-Control-Allow-Origin = "*";
auth.type = "htpasswd";
auth.htpasswd_filename = config.age.secrets.radicale-users.path;
auth.htpasswd_encryption = "plain";
};
};
nginx = {
enable = true;
virtualHosts."dav.ctu.cx" = {
enableACME = true;
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://[::1]:5232/";
};
};
};
}