nix-config/config/services/radicale.nix

118 lines
2.6 KiB
Nix
Raw Normal View History

2023-12-22 03:11:32 +01:00
{
lib,
stateVersion,
config,
pkgs, # not unused needed for the usage of attrs later to contains pkgs
...
2024-07-26 22:12:48 +02:00
}@attrs:
let
2023-12-22 03:11:32 +01:00
hostName = "radicale.${config.secrets.secrets.global.domains.mail}";
2024-07-26 22:12:48 +02:00
in
{
imports = [
./containers.nix
./ddclient.nix
./acme.nix
];
2023-12-22 03:11:32 +01:00
services.nginx = {
enable = true;
upstreams.radicale = {
2024-07-26 22:12:48 +02:00
servers."192.168.178.34:8000" = { };
2023-12-22 03:11:32 +01:00
extraConfig = ''
zone radicale 64k ;
keepalive 5 ;
'';
};
virtualHosts.${hostName} = {
forceSSL = true;
useACMEHost = "mail";
locations."/".proxyPass = "http://radicale";
};
};
containers.nextcloud = lib.containers.mkConfig "nextcloud" attrs {
zfs = {
enable = true;
pool = "panzer";
};
config = _: {
systemd.network.networks = {
"lan01" = {
2024-07-26 22:12:48 +02:00
address = [ "192.168.178.34/24" ];
gateway = [ "192.168.178.1" ];
2023-12-22 03:11:32 +01:00
matchConfig.Name = "lan01*";
2024-07-26 22:12:48 +02:00
dns = [ "192.168.178.2" ];
2023-12-22 03:11:32 +01:00
networkConfig = {
IPv6PrivacyExtensions = "yes";
MulticastDNS = true;
};
};
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/radicale";
user = "radicale";
group = "radicale";
mode = "750";
}
];
services.radicale = {
enable = true;
setting = {
server = {
2024-07-26 22:12:48 +02:00
hosts = [
"0.0.0.0:8000"
"[::]:8000"
];
2023-12-22 03:11:32 +01:00
auth = {
type = "htpasswd";
htpasswd_filename = "/etc/radicale/users";
htpasswd_encryption = "bcrypt";
};
storage = {
filesystem_folder = "/var/lib/radicale";
};
};
};
rights = {
root = {
user = ".+";
collection = "";
permissions = "R";
};
principal = {
user = ".+";
collection = "{user}";
permissions = "RW";
};
calendars = {
user = ".+";
collection = "{user}/[^/]+";
permissions = "rw";
};
};
};
system.stateVersion = stateVersion;
networking = {
firewall = {
enable = true;
2024-07-26 22:12:48 +02:00
allowedTCPPorts = [ 8000 ];
2023-12-22 03:11:32 +01:00
};
# Use systemd-resolved inside the container
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
};
};
}
#wireguard
#samba/printer finding
#vaultwarden
#maddy
#kanidm
#remote backups
#immich