kopatz/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f21589d931e2aee24fb5f670e40d02d3fc3c4061
nix-config/modules/services/caldav.nix
Kopatz 8df7c8ef91 fix service
2024-08-13 10:54:27 +02:00

69 lines
2.3 KiB
Nix
Raw Blame History

{ config, pkgs, lib, inputs, ... }:
let cfg = config.custom.services.caldav;
in {
options.custom.services.caldav = {
enable = lib.mkEnableOption "Enables caldav server";
};
config = lib.mkIf cfg.enable {
age.secrets.radicale-users = {
file = ../../secrets/radicale.age;
owner = "radicale";
};
services.radicale = {
enable = true;
settings = {
server = { hosts = [ "127.0.0.1:5232" ]; };
#server = { hosts = [ "192.168.0.11:5232" ]; };
auth = {
type = "htpasswd";
htpasswd_filename = config.age.secrets.radicale-users.path;
htpasswd_encryption = "bcrypt";
};
storage = { filesystem_folder = "/var/lib/radicale/collections"; };
};
};
custom.misc.backup = lib.mkIf config.custom.misc.backup.enable {
small = [ "/var/lib/radicale/" ];
medium = [ "/var/lib/radicale/" ];
large = [ "/var/lib/radicale/" ];
};
systemd.services.kop-fhcalendar = let
radicale = builtins.elemAt
config.services.radicale.settings.storage.filesystem_folder 0;
# not reproducible
working =
"${radicale}/collection-root/kopatz/b6d2c446-8109-714a-397f-1f35d3136639";
in {
description = "Download fh calendar";
wants = [ "network-online.target" ];
after = [ "network.target" "network-online.target" ];
wantedBy = [ "multi-user.target" ];
startAt = "*-*-* 06:00:00";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.kop-fhcalendar}/bin/kop-fhcalendar";
WorkingDirectory = working;
BindPaths = [ working ];
User = "radicale";
Restart = "on-failure";
RestartSec = "5s";
PrivateMounts = lib.mkDefault true;
PrivateTmp = lib.mkDefault true;
PrivateUsers = lib.mkDefault true;
ProtectClock = lib.mkDefault true;
ProtectControlGroups = lib.mkDefault true;
ProtectHome = lib.mkDefault true;
ProtectHostname = lib.mkDefault true;
ProtectKernelLogs = lib.mkDefault true;
ProtectKernelModules = lib.mkDefault true;
ProtectKernelTunables = lib.mkDefault true;
ProtectSystem = lib.mkDefault "strict";
# Needs network access
PrivateNetwork = lib.mkDefault false;
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink