feat: added radicale

modules/config/users.nix

@@ -21,6 +21,7 @@
     acme = uidGid 212;
     nextcloud = uidGid 213;
     redis-nextcloud = uidGid 214;
+    radicale = uidGid 215;
     systemd-oom = uidGid 300;
     systemd-coredump = uidGid 301;
   };

modules/services/nextcloud.nix

@@ -2,7 +2,7 @@
   lib,
   stateVersion,
   config,
-  pkgs, # not unused neede for the usage of attrs later to contains pkgs
+  pkgs, # not unused needed for the usage of attrs later to contains pkgs
   ...
 } @ attrs: let
   hostName = "nc.${config.secrets.secrets.global.domains.mail}";
@@ -63,6 +63,7 @@ in {
         extraApps = with config.services.nextcloud.package.packages.apps; {
           inherit contacts calendar tasks notes unsplash maps;
         };
+        # TODO increase outer nginx upload size as well
         maxUploadSize = "2G";
         extraAppsEnable = true;
         extraOptions.enabledPreviewProviders = [

modules/services/radicale.nix

@@ -0,0 +1,109 @@
+{
+  lib,
+  stateVersion,
+  config,
+  pkgs, # not unused needed for the usage of attrs later to contains pkgs
+  ...
+} @ attrs: let
+  hostName = "radicale.${config.secrets.secrets.global.domains.mail}";
+in {
+  imports = [./containers.nix ./nginx.nix ./ddclient.nix ./acme.nix];
+  services.nginx = {
+    enable = true;
+    upstreams.radicale = {
+      servers."192.168.178.34:8000" = {};
+
+      extraConfig = ''
+        zone radicale 64k ;
+        keepalive 5 ;
+      '';
+    };
+    virtualHosts.${hostName} = {
+      forceSSL = true;
+      useACMEHost = "mail";
+      locations."/".proxyPass = "http://radicale";
+    };
+  };
+  containers.nextcloud = lib.containers.mkConfig "nextcloud" attrs {
+    zfs = {
+      enable = true;
+      pool = "panzer";
+    };
+    config = _: {
+      systemd.network.networks = {
+        "lan01" = {
+          address = ["192.168.178.34/24"];
+          gateway = ["192.168.178.1"];
+          matchConfig.Name = "lan01*";
+          dns = ["192.168.178.2"];
+          networkConfig = {
+            IPv6PrivacyExtensions = "yes";
+            MulticastDNS = true;
+          };
+        };
+      };
+      environment.persistence."/persist".directories = [
+        {
+          directory = "/var/lib/radicale";
+          user = "radicale";
+          group = "radicale";
+          mode = "750";
+        }
+      ];
+      services.radicale = {
+        enable = true;
+        setting = {
+          server = {
+            hosts = ["0.0.0.0:8000" "[::]:8000"];
+            auth = {
+              type = "htpasswd";
+              htpasswd_filename = "/etc/radicale/users";
+              htpasswd_encryption = "bcrypt";
+            };
+            storage = {
+              filesystem_folder = "/var/lib/radicale";
+            };
+          };
+        };
+        rights = {
+          root = {
+            user = ".+";
+            collection = "";
+            permissions = "R";
+          };
+          principal = {
+            user = ".+";
+            collection = "{user}";
+            permissions = "RW";
+          };
+          calendars = {
+            user = ".+";
+            collection = "{user}/[^/]+";
+            permissions = "rw";
+          };
+        };
+      };
+
+      system.stateVersion = stateVersion;
+
+      networking = {
+        firewall = {
+          enable = true;
+          allowedTCPPorts = [8000];
+        };
+        # Use systemd-resolved inside the container
+        useHostResolvConf = lib.mkForce false;
+      };
+
+      services.resolved.enable = true;
+    };
+  };
+}
+#wireguard
+#samba/printer finding
+#vaultwarden
+#maddy
+#kanidm
+#remote backups
+#immich
+