From 48c94f061aed10dd7530bde0889cac45ffdcce72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Gro=C3=9Fmann?= Date: Fri, 22 Dec 2023 03:11:32 +0100 Subject: [PATCH] feat: added radicale --- modules/config/users.nix | 1 + modules/services/nextcloud.nix | 3 +- modules/services/radicale.nix | 109 +++++++++++++++++++++++++++++++++ 3 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 modules/services/radicale.nix diff --git a/modules/config/users.nix b/modules/config/users.nix index 38b53ae..a7902ca 100644 --- a/modules/config/users.nix +++ b/modules/config/users.nix @@ -21,6 +21,7 @@ acme = uidGid 212; nextcloud = uidGid 213; redis-nextcloud = uidGid 214; + radicale = uidGid 215; systemd-oom = uidGid 300; systemd-coredump = uidGid 301; }; diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix index e68f20d..7ec326b 100644 --- a/modules/services/nextcloud.nix +++ b/modules/services/nextcloud.nix @@ -2,7 +2,7 @@ lib, stateVersion, config, - pkgs, # not unused neede for the usage of attrs later to contains pkgs + pkgs, # not unused needed for the usage of attrs later to contains pkgs ... } @ attrs: let hostName = "nc.${config.secrets.secrets.global.domains.mail}"; @@ -63,6 +63,7 @@ in { extraApps = with config.services.nextcloud.package.packages.apps; { inherit contacts calendar tasks notes unsplash maps; }; + # TODO increase outer nginx upload size as well maxUploadSize = "2G"; extraAppsEnable = true; extraOptions.enabledPreviewProviders = [ diff --git a/modules/services/radicale.nix b/modules/services/radicale.nix new file mode 100644 index 0000000..d84b107 --- /dev/null +++ b/modules/services/radicale.nix @@ -0,0 +1,109 @@ +{ + lib, + stateVersion, + config, + pkgs, # not unused needed for the usage of attrs later to contains pkgs + ... +} @ attrs: let + hostName = "radicale.${config.secrets.secrets.global.domains.mail}"; +in { + imports = [./containers.nix ./nginx.nix ./ddclient.nix ./acme.nix]; + services.nginx = { + enable = true; + upstreams.radicale = { + servers."192.168.178.34:8000" = {}; + + extraConfig = '' + zone radicale 64k ; + keepalive 5 ; + ''; + }; + virtualHosts.${hostName} = { + forceSSL = true; + useACMEHost = "mail"; + locations."/".proxyPass = "http://radicale"; + }; + }; + containers.nextcloud = lib.containers.mkConfig "nextcloud" attrs { + zfs = { + enable = true; + pool = "panzer"; + }; + config = _: { + systemd.network.networks = { + "lan01" = { + address = ["192.168.178.34/24"]; + gateway = ["192.168.178.1"]; + matchConfig.Name = "lan01*"; + dns = ["192.168.178.2"]; + networkConfig = { + IPv6PrivacyExtensions = "yes"; + MulticastDNS = true; + }; + }; + }; + environment.persistence."/persist".directories = [ + { + directory = "/var/lib/radicale"; + user = "radicale"; + group = "radicale"; + mode = "750"; + } + ]; + services.radicale = { + enable = true; + setting = { + server = { + hosts = ["0.0.0.0:8000" "[::]:8000"]; + auth = { + type = "htpasswd"; + htpasswd_filename = "/etc/radicale/users"; + htpasswd_encryption = "bcrypt"; + }; + storage = { + filesystem_folder = "/var/lib/radicale"; + }; + }; + }; + rights = { + root = { + user = ".+"; + collection = ""; + permissions = "R"; + }; + principal = { + user = ".+"; + collection = "{user}"; + permissions = "RW"; + }; + calendars = { + user = ".+"; + collection = "{user}/[^/]+"; + permissions = "rw"; + }; + }; + }; + + system.stateVersion = stateVersion; + + networking = { + firewall = { + enable = true; + allowedTCPPorts = [8000]; + }; + # Use systemd-resolved inside the container + useHostResolvConf = lib.mkForce false; + }; + + services.resolved.enable = true; + }; + }; +} +#wireguard +#samba/printer finding +#vaultwarden +#maddy +#kanidm +#remote backups +#immich +