add radicale

modules/services/caldav.nix

@@ -0,0 +1,27 @@
+{ config, pkgs, lib, inputs, ... }:
+with lib;
+let cfg = config.custom.services.caldav;
+in {
+  options.custom.services.caldav = {
+    enable = mkEnableOption "Enables caldav server";
+  };
+  config = lib.mkIf cfg.enable {
+    age.secrets.radicale-users = {
+      file = ../../secrets/radicale.age;
+      owner = "radicale";
+    };
+    services.radicale = {
+      enable = true;
+      settings = {
+        server = { hosts = [ "192.168.2.1:5232" "192.168.0.10:5232" ]; };
+        #server = { hosts = [ "192.168.0.11:5232" ]; };
+        auth = {
+          type = "htpasswd";
+          htpasswd_filename = config.age.secrets.radicale-users.path;
+          htpasswd_encryption = "bcrypt";
+        };
+        storage = { filesystem_folder = "/var/lib/radicale/collections"; };
+      };
+    };
+  };
+}

modules/services/default.nix

@@ -2,6 +2,7 @@
 {
   imports = [
     ./acme.nix
+    ./caldav.nix
     ./opensnitch.nix
     ./adguard.nix
     ./dnsmasq.nix

secrets/secrets.nix

@@ -31,4 +31,5 @@ in
   "stash-auth.age".publicKeys = [ mini-pc server kop ];
   "plausible-admin.age".publicKeys = [ adam-site kop ];
   "plausible-keybase.age".publicKeys = [ adam-site kop ];
+  "radicale.age".publicKeys = [ mini-pc kop ];
 }

systems/mini-pc/configuration.nix

@@ -5,16 +5,15 @@
 { config, pkgs, ... }:
 
 {
-  imports =
-    [ # Include the results of the hardware scan.
-      ./hardware-configuration.nix
-      ../../modules/services/ssh.nix
-      ../../modules/services/step-ca.nix
-      ../../modules/services/syncthing.nix
-      ../../modules/fail2ban.nix
-      ../../modules/logging.nix
-      ../../modules/motd.nix
-    ];
+  imports = [ # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+    ../../modules/services/ssh.nix
+    ../../modules/services/step-ca.nix
+    ../../modules/services/syncthing.nix
+    ../../modules/fail2ban.nix
+    ../../modules/logging.nix
+    ../../modules/motd.nix
+  ];
 
   networking.firewall.allowedTCPPorts = [ 25565 ];
 
@@ -39,7 +38,7 @@
     misc = {
       btrfs.enable = true;
       docker.enable = true;
-      backup = let 
+      backup = let
         kavita = "/data/kavita";
         gitolite = "/var/lib/gitolite";
         syncthing = [ "/synced/default/" "/synced/work_drive/" ];
@@ -47,8 +46,7 @@
         backupPathsSmall = [ "/home" gitolite ] ++ syncthing;
         backupPathsMedium = [ "/home" gitolite ] ++ syncthing;
         backupPathsFull = [ "/home" kavita gitolite ] ++ syncthingFull;
-      in
-      {
+      in {
         enable = true;
         small = backupPathsSmall; # goes to backblaze
         medium = backupPathsMedium; # goes to gdrive
@@ -58,8 +56,9 @@
     services = {
       acme.enable = true;
       gitolite.enable = true;
+      caldav.enable = true;
       kop-monitor.enable = true;
-      kop-fileshare = { 
+      kop-fileshare = {
         basePath = "/stash";
         dataDir = "/1tbssd/kop-fileshare";
         enable = true;

systems/pc/configuration.nix

@@ -45,7 +45,7 @@
       tpm.enable = true;
       tablet.enable = true;
     };
-    services = { opensnitch.enable = true; };
+    services = { caldav.enable = true; };
     graphical = {
       audio.enable = true;
       code = {