nix-config/modules/services/radicale.nix

110 lines
2.5 KiB
Nix

{
lib,
stateVersion,
config,
pkgs, # not unused needed for the usage of attrs later to contains pkgs
...
} @ attrs: let
hostName = "radicale.${config.secrets.secrets.global.domains.mail}";
in {
imports = [./containers.nix ./ddclient.nix ./acme.nix];
services.nginx = {
enable = true;
upstreams.radicale = {
servers."192.168.178.34:8000" = {};
extraConfig = ''
zone radicale 64k ;
keepalive 5 ;
'';
};
virtualHosts.${hostName} = {
forceSSL = true;
useACMEHost = "mail";
locations."/".proxyPass = "http://radicale";
};
};
containers.nextcloud = lib.containers.mkConfig "nextcloud" attrs {
zfs = {
enable = true;
pool = "panzer";
};
config = _: {
systemd.network.networks = {
"lan01" = {
address = ["192.168.178.34/24"];
gateway = ["192.168.178.1"];
matchConfig.Name = "lan01*";
dns = ["192.168.178.2"];
networkConfig = {
IPv6PrivacyExtensions = "yes";
MulticastDNS = true;
};
};
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/radicale";
user = "radicale";
group = "radicale";
mode = "750";
}
];
services.radicale = {
enable = true;
setting = {
server = {
hosts = ["0.0.0.0:8000" "[::]:8000"];
auth = {
type = "htpasswd";
htpasswd_filename = "/etc/radicale/users";
htpasswd_encryption = "bcrypt";
};
storage = {
filesystem_folder = "/var/lib/radicale";
};
};
};
rights = {
root = {
user = ".+";
collection = "";
permissions = "R";
};
principal = {
user = ".+";
collection = "{user}";
permissions = "RW";
};
calendars = {
user = ".+";
collection = "{user}/[^/]+";
permissions = "rw";
};
};
};
system.stateVersion = stateVersion;
networking = {
firewall = {
enable = true;
allowedTCPPorts = [8000];
};
# Use systemd-resolved inside the container
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
};
};
}
#wireguard
#samba/printer finding
#vaultwarden
#maddy
#kanidm
#remote backups
#immich