From fbd8f1fc9603f55db06dff1e243ddcb007465e52 Mon Sep 17 00:00:00 2001
From: fwastring <fredrik@wastring.com>
Date: Tue, 9 Sep 2025 21:30:23 +0200
Subject: [PATCH] Added radicale

---
 maskiner/desktop/configuration.nix | 19 +++++++++----------
 moduler/radicale.nix               | 29 +++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 10 deletions(-)
 create mode 100644 moduler/radicale.nix

diff --git a/maskiner/desktop/configuration.nix b/maskiner/desktop/configuration.nix
index f0aa608..11cc477 100644
--- a/maskiner/desktop/configuration.nix
+++ b/maskiner/desktop/configuration.nix
@@ -15,6 +15,7 @@
     ../../moduler/base.nix
     ../../moduler/users.nix
     ../../moduler/kitchenowl.nix
+    ../../moduler/radicale.nix
     #../../moduler/nginx.nix
     #../../moduler/k3s.nix
     ../../moduler/vaultwarden.nix
@@ -23,34 +24,33 @@
 
   environment.systemPackages = with pkgs; [
     unstable.lego
-	k9s
-	neovim
-	git
+    k9s
+    neovim
+    git
   ];
 
-    security.acme = {
+
+  security.acme = {
     acceptTerms = true;
     defaults.email = "fredrik@wastring.com";
     certs."shop.wastring.com" = {
       dnsProvider = "gandiv5";
       webroot = null;
-   credentialsFile = /run/secrets/gandi_key;
-  dnsPropagationCheck = true;
+      credentialsFile = /run/secrets/gandi_key;
+      dnsPropagationCheck = true;
     };
   };
   services.nginx = {
     enable = true;
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
-    # other Nginx options
     virtualHosts."shop.wastring.com" = {
       enableACME = true;
       forceSSL = true;
       locations."/" = {
         proxyPass = "http://127.0.0.1:8080";
-        proxyWebsockets = true; # needed if you need to use WebSocket
+        proxyWebsockets = true;
         extraConfig =
-          # required when the target is also TLS server with multiple hosts
           "proxy_ssl_server_name on;"
           +
             # required when the server wants to use HTTP Authentication
@@ -59,7 +59,6 @@
     };
   };
 
-
   # services.tailscale.enable = true;
   # services.tailscale.package = pkgs.unstable.tailscale;
 
diff --git a/moduler/radicale.nix b/moduler/radicale.nix
new file mode 100644
index 0000000..cc55891
--- /dev/null
+++ b/moduler/radicale.nix
@@ -0,0 +1,29 @@
+{
+  ...
+}:
+{
+
+  security.acme = {
+    certs."cal.wastring.com" = {
+      dnsProvider = "gandiv5";
+      webroot = null;
+      credentialsFile = /run/secrets/gandi_key;
+      dnsPropagationCheck = true;
+    };
+  };
+  services.nginx = {
+    virtualHosts."cal.wastring.com" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:5232";
+        proxyWebsockets = true; # needed if you need to use WebSocket
+        extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;";
+      };
+    };
+  };
+  services.radicale = {
+    enable = true;
+    settings.server.hosts = [ "0.0.0.0:5232" ];
+  };
+}